[Samba] [samba] AD, multiple DC, some DC without DNS at all

[Allen Chen]

On 3/1/2016 5:59 AM, mathias dufresne wrote:
> Hi all,
>
> How to configure Samba to remove DNS service from DC?
>
> I thought there was an option for samba_dnsupgrade command to tell "remove
> all DNS service from current DC" but I don't find it anymore.
>
> This question is because we are about to deploy an AD with 20 or more DC
> and there is no need they are all DNS servers. In fact having them all DNS
> servers make design more complex and more risky. The point is to avoid
> risks.
>
> How I would proceed if samba_dnsupgrade is not able to remove DNS service
> automatically:
> - as for BIND9_DLZ backend, I will keep into smb.conf the "-dns" for
> runninf services.
> - stop Bind-DLZ service on non-DNS-DC
> - modify /etc/resolv.conf on non-DNS-DC for they send DNS request to
> remaining DNS servers.
>
> This seems not too rough as a process but I'd like to have your opinion on
> that subject, to verify that process and of course to get a better one if
> possible : )
>
> Best regards,
>
> Mathias
Hi Mathias, I have a question for you: How do you deploy your 20 DCs?
  I think there are two scenarios:
1. deploy it within one site with +1000 client machines(large subnet);
2. deploy it with many many sites, like 5-10 sites(small subnet, each 
site has less than 250 machines).
If you choose number 1, then your network design is not perfect.
If you choose number 2, then DC+internal DNS is the simple way to deploy 
samba DC.

I use #2 to deploy my DCs + internal DSN across sites, and it works perfect.
I don't use any linux commands to update the internal DNS. It just works.
The only change I made to the internal DNS is adding a NS record for a 
new added DC with windows tool.

So what's wrong with the internal DNS?
Does it cause high load on your server?
Is it too hard for you to manage the internal DNS? (I don't manage it at 
all, it just works)
Why do you do so hard to disable a working internal DNS service? Don't 
fix a working system.

Allen