[Samba] AD, multiple DC, some DC without DNS at all
Marc Muehlfeld
mmuehlfeld at samba.org
Tue Mar 1 19:02:51 UTC 2016
Hello Mathias,
Am 01.03.2016 um 11:59 schrieb mathias dufresne:
> I thought there was an option for samba_dnsupgrade command to tell "remove
> all DNS service from current DC" but I don't find it anymore.
I think there's no such option (yet), but would be worth a feature
request. :-)
> This question is because we are about to deploy an AD with 20 or more DC
> and there is no need they are all DNS servers. In fact having them all DNS
> servers make design more complex and more risky. The point is to avoid
> risks.
You should deploy these DCs without DNS (--dns-backend=NONE), because
then they don't get
DC=ForestDnsZones,DC=samdom,DC=example,DC=com
DC=DomainDnsZones,DC=samdom,DC=example,DC=com
replicated at all.
> How I would proceed if samba_dnsupgrade is not able to remove DNS service
> automatically:
> - as for BIND9_DLZ backend, I will keep into smb.conf the "-dns" for
> runninf services.
> - stop Bind-DLZ service on non-DNS-DC
> - modify /etc/resolv.conf on non-DNS-DC for they send DNS request to
> remaining DNS servers.
I think this should work, beside that those DCs still get the DNS stuff
replicated.
You can also switch to the internal DNS. If the IP of those DCs is not
used by clients in their DNS configuration, the DNS won't be used. And
if, then nothing bad should happen. :-)
Regards,
Marc
More information about the samba
mailing list