[Samba] samba dns

L.P.H. van Belle belle at bazuin.nl
Tue Apr 12 16:11:10 UTC 2016 

What i would do, is setup a unbound server as slave dns of the samba dns zone. (Best is to use bind_dlz on the samba servers.) 
I dont know unbound, but i would surprise me if its not possible to setup a slave. 

I do simular but then with Bind Dns. 

Greetz, 

Louis


> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Matthew Delfino
> Verzonden: dinsdag 12 april 2016 17:49
> Aan: Rowland penny
> CC: samba at lists.samba.org
> Onderwerp: Re: [Samba] samba dns
> 
> On 2016.04.06, at 4:13 PM, Rowland penny <rpenny at samba.org> wrote:
> >
> > On 06/04/16 21:58, Sonic wrote:
> >> Would prefer to continue to use my NSD/Unbound installs for most DNS
> >> (if not all) services. NSD is the authoritative server for the domain,
> >> and Unbound is the cache/resolver that the clients connect to. I'd
> >> like to not disturb this setup but I'll need the SRV records so that
> >> AD works. If the SRV records are fixed I suppose I could host them
> >> using NSD, then Samba wouldn't have to be authoritative for any
> >> records - just forward to the Unbound cache. I don't need hosts
> >> registering themselves in DNS, the only hosts that need to be in DNS
> >> are those doing server duties and already have A records (the DHCP
> >> server relies on them for lease reservations).
> >>
> >>
> >>
> >
> > Your DC needs to be authoritative for your AD domain, this is *not* a
> Samba thing, it is an AD thing. What you can do, is to do what is
> recommended, make your AD domain a subdomain of your domain i.e. if your
> domain name is 'domain.tld', use 'internal.domain.tld' for your AD domain.
> >
> > Your AD DC will then be authoritative for the AD domain and will then
> forward anything it doesn't know to your unbound machine.
> >
> > Rowland
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
> 
> I?m feeling like this stuff is always assumed to be common knowledge.
> Everyone starts talking about samdom.example.com
> <http://samdom.example.com/> before first stating, "Here?s why you want to
> use a 'samdom' or whatever name you like, for a subdomain on your
> network." Even here: https://wiki.samba.org/index.php/DNS
> <https://wiki.samba.org/index.php/DNS> it?s at the very bottom. Why not
> have it at the very top?
> 
> A really high-level question here?
> 
> Say I have awesomecompany.loc as my domain, with existing BIND 9 servers
> handling all of our DNS. Here I have many servers and clients that would
> be connecting to my AD, which have addresses like...
> 
> "server.awesomecompany.loc"
> "0245imac.awesomecompany.loc"
> 
> Then I decide to put in a trio of AD DCs running Samba in a new domain of
> "samdom.awesomecompany.loc." I make it a subdomain of by BIND 9-managed
> "awesomecompany.loc" and let the Samba DCs be authoritative over
> "samdom.awesomecompany.loc."
> 
> My question is, would I have to give new DNS A records to all the machines
> that would be binding to that domain in samdom.awesomecompany.loc? Like?
> 
> "server.samdom.awesomecompany.loc"
> "0245imac.samdom.awesomecompany.loc"
> 
> (Assume I?m not doing dynamic DNS, by the way.) Or is there really no good
> reason to do that, as the previously-used addresses should work fine?
> 
> If I can use the previously-used addresses, what sorts of records do I
> want to put in samdom.awesomecompany.loc? Just the AD DCs and all the
> particular records that AD populates it with?
> 
> Thanks in advance!
> 
> Matthew
> 
> 
> 
> ©2016 KNOCK, inc.  All rights reserved. KNOCK is a registered trademark of
> KNOCK, inc. This message and any attachments contain information, which is
> confidential and/or privileged.  If you are not the intended recipient,
> please refrain from any disclosure, copying, distribution or use of this
> information.  Please be aware that such actions are prohibited.  If you
> have received this transmission in error, kindly notify the sender by e-
> mail.  Your cooperation is appreciated.
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list