[Samba] samba dns

Tue Apr 12 16:38:02 UTC 2016

On 12/04/16 16:49, Matthew Delfino wrote:
> I’m feeling like this stuff is always assumed to be common knowledge. 
> Everyone starts talking about samdom.example.com 
> <http://samdom.example.com> before first stating, "Here’s why you want 
> to use a 'samdom' or whatever name you like, for a subdomain on your 
> network." Even here: https://wiki.samba.org/index.php/DNS it’s at the 
> very bottom. Why not have it at the very top?

If you follow the Samba guide to setting up an AD DC:

https://wiki.samba.org/index.php/Setup_a_Samba_Active_Directory_Domain_Controller

Near the top, under the heading 'Preconditions' there is a link to to 
the Active Directory naming FAQ:

https://wiki.samba.org/index.php/Active_Directory_Naming_FAQ

This explains all about the best practice when it comes to an AD domain 
and DNS.

>
> A really high-level question here…
>
> Say I have awesomecompany.loc as my domain, with existing BIND 9 
> servers handling all of our DNS. Here I have many servers and clients 
> that would be connecting to my AD, which have addresses like...
>
> "server.awesomecompany.loc"
> "0245imac.awesomecompany.loc"
>
> Then I decide to put in a trio of AD DCs running Samba in a new domain 
> of "samdom.awesomecompany.loc." I make it a subdomain of by BIND 
> 9-managed "awesomecompany.loc" and let the Samba DCs be authoritative 
> over "samdom.awesomecompany.loc."
>
> My question is, would I have to give new DNS A records to all the 
> machines that would be binding to that domain in 
> samdom.awesomecompany.loc? Like…
>
> "server.samdom.awesomecompany.loc"
> "0245imac.samdom.awesomecompany.loc"
>
> (Assume I’m not doing dynamic DNS, by the way.) Or is there really no 
> good reason to do that, as the previously-used addresses should work fine?
>
> If I can use the previously-used addresses, what sorts of records do I 
> want to put in samdom.awesomecompany.loc? Just the AD DCs and all the 
> particular records that AD populates it with?
>

If your Samba AD domain uses the subdomain 'samdom.awesomecompany.loc' 
DNS name, this would make your Kerberos Realm 
'SAMDOM.AWESOMECOMPANY.LOC' and as such, any machine that is joined to 
your AD domain would also have to use the 'samdom.awesomecompany.loc' 
DNS domain.

Rowland
> Thanks in advance!
>
> Matthew
>
>
>
> ------------------------------------------------------------------------
> ©2016 KNOCK, inc.  All rights reserved. KNOCK is a registered trademark of KNOCK, inc. This message and any attachments contain information, which is confidential and/or privileged.  If you are not the intended recipient, please refrain from any disclosure, copying, distribution or use of this information.  Please be aware that such actions are prohibited.  If you have received this transmission in error, kindly notify the sender by e-mail.  Your cooperation is appreciated.