[Samba] DNS (bind_dlz) forwarding not working

[Rowland Penny]

On Tue, 16 May 2017 18:28:01 -0300
Elias Pereira via samba <samba at lists.samba.org> wrote:


> 
> I am using subdomains for this, so much that I posted in the other
> message.
> 
> *Domain*: mydomain.edu
> *DNS Server*: ns.mydomain.edu
> *AD Server*: addc.mydomain.edu

Sorry, must have missed that.

OK, your dns domain is 'mydomain.edu' and your AD dns domain is
'addc.mydomain.edu', so far so good, but is the AD REALM set to
'ADDC.MYDOMAIN.EDU' ?

> 
> Is it mandatory to put the AD IP as primary dns in pcs?

Yes, your AD DC should be the authoritative dns server for the AD dns
domain.

>  If not, can I
> configure the IP of the DNS server and create a zone like this below
> to be forwarded the requests?

No, all your AD clients etc should use the DC for their nameserver,
anything it doesn't know about (anything outside the ad dns domain) it
should ask the forwarder for (I think you are trying to do this the
other way around)
 
> 
> *named.conf.local*
> ...
> zone "addc.mydomain.edu" IN {
>                 type forward;
>                 forward only;
>                 forwarders { xxx.xxx.xxx.6; }; # IP of AD
>         };

There is another reason, the zone above should already exist on the AD
DC and should only exist on the AD DC.

There are those that say you can do something similar to what you are
trying to do, but this is not supported by Samba.

Rowland