[Samba] DNS (bind_dlz) forwarding not working

Elias Pereira empbilly at gmail.com
Tue May 16 22:27:33 UTC 2017 

>
> Sorry, must have missed that.


No problem! :D

 OK, your dns domain is 'mydomain.edu' and your AD dns domain is

'addc.mydomain.edu', so far so good, but is the AD REALM set to
'ADDC.MYDOMAIN.EDU <http://addc.mydomain.edu/>' ?

Yes, my AD REALM is ADDC.MYDOMAIN.EDU

Yes, your AD DC should be the authoritative dns server for the AD dns
> domain.


ok.

No, all your AD clients etc should use the DC for their nameserver,
> anything it doesn't know about (anything outside the ad dns domain) it
> should ask the forwarder for (I think you are trying to do this the
> other way around)


 ok.

Now I migrate to SAMBA_INTERNAL and set on smb.conf,

server services = ... dns
dns forwarder = xxx.xxx.xxx.10 # DNS server
allow dns updates = nonsecure and secure

I can not see where I'm going wrong. Our DNS server is authoritative for
our internal services, but on the machine I am testing, do not open any of
the services. Any other site I can access. This machine is in the domain
with the primary dns the IP of the AD.

On Tue, May 16, 2017 at 6:58 PM, Rowland Penny via samba <
samba at lists.samba.org> wrote:

> On Tue, 16 May 2017 18:28:01 -0300
> Elias Pereira via samba <samba at lists.samba.org> wrote:
>
>
> >
> > I am using subdomains for this, so much that I posted in the other
> > message.
> >
> > *Domain*: mydomain.edu
> > *DNS Server*: ns.mydomain.edu
> > *AD Server*: addc.mydomain.edu
>
> Sorry, must have missed that.
>
> OK, your dns domain is 'mydomain.edu' and your AD dns domain is
> 'addc.mydomain.edu', so far so good, but is the AD REALM set to
> 'ADDC.MYDOMAIN.EDU' ?
>
> >
> > Is it mandatory to put the AD IP as primary dns in pcs?
>
> Yes, your AD DC should be the authoritative dns server for the AD dns
> domain.
>
> >  If not, can I
> > configure the IP of the DNS server and create a zone like this below
> > to be forwarded the requests?
>
> No, all your AD clients etc should use the DC for their nameserver,
> anything it doesn't know about (anything outside the ad dns domain) it
> should ask the forwarder for (I think you are trying to do this the
> other way around)
>
> >
> > *named.conf.local*
> > ...
> > zone "addc.mydomain.edu" IN {
> >                 type forward;
> >                 forward only;
> >                 forwarders { xxx.xxx.xxx.6; }; # IP of AD
> >         };
>
> There is another reason, the zone above should already exist on the AD
> DC and should only exist on the AD DC.
>
> There are those that say you can do something similar to what you are
> trying to do, but this is not supported by Samba.
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>



-- 
Elias Pereira

More information about the samba mailing list