[Samba] samba dns

Matthew Delfino mdelfino.list.samba at KNOCKinc.com
Tue Apr 12 15:49:02 UTC 2016

On 2016.04.06, at 4:13 PM, Rowland penny <rpenny at samba.org> wrote:
> On 06/04/16 21:58, Sonic wrote:
>> Would prefer to continue to use my NSD/Unbound installs for most DNS
>> (if not all) services. NSD is the authoritative server for the domain,
>> and Unbound is the cache/resolver that the clients connect to. I'd
>> like to not disturb this setup but I'll need the SRV records so that
>> AD works. If the SRV records are fixed I suppose I could host them
>> using NSD, then Samba wouldn't have to be authoritative for any
>> records - just forward to the Unbound cache. I don't need hosts
>> registering themselves in DNS, the only hosts that need to be in DNS
>> are those doing server duties and already have A records (the DHCP
>> server relies on them for lease reservations).
> Your DC needs to be authoritative for your AD domain, this is *not* a Samba thing, it is an AD thing. What you can do, is to do what is recommended, make your AD domain a subdomain of your domain i.e. if your domain name is 'domain.tld', use 'internal.domain.tld' for your AD domain.
> Your AD DC will then be authoritative for the AD domain and will then forward anything it doesn't know to your unbound machine.
> Rowland
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

I’m feeling like this stuff is always assumed to be common knowledge. Everyone starts talking about samdom.example.com <http://samdom.example.com/> before first stating, "Here’s why you want to use a 'samdom' or whatever name you like, for a subdomain on your network." Even here: https://wiki.samba.org/index.php/DNS <https://wiki.samba.org/index.php/DNS> it’s at the very bottom. Why not have it at the very top?

A really high-level question here…

Say I have awesomecompany.loc as my domain, with existing BIND 9 servers handling all of our DNS. Here I have many servers and clients that would be connecting to my AD, which have addresses like...


Then I decide to put in a trio of AD DCs running Samba in a new domain of "samdom.awesomecompany.loc." I make it a subdomain of by BIND 9-managed "awesomecompany.loc" and let the Samba DCs be authoritative over "samdom.awesomecompany.loc."

My question is, would I have to give new DNS A records to all the machines that would be binding to that domain in samdom.awesomecompany.loc? Like…


(Assume I’m not doing dynamic DNS, by the way.) Or is there really no good reason to do that, as the previously-used addresses should work fine?

If I can use the previously-used addresses, what sorts of records do I want to put in samdom.awesomecompany.loc? Just the AD DCs and all the particular records that AD populates it with?

Thanks in advance!


©2016 KNOCK, inc.  All rights reserved. KNOCK is a registered trademark of KNOCK, inc. This message and any attachments contain information, which is confidential and/or privileged.  If you are not the intended recipient, please refrain from any disclosure, copying, distribution or use of this information.  Please be aware that such actions are prohibited.  If you have received this transmission in error, kindly notify the sender by e-mail.  Your cooperation is appreciated.

More information about the samba mailing list