[Samba] DNS (bind_dlz) forwarding not working

Rowland Penny rpenny at samba.org
Wed May 17 07:52:10 UTC 2017

On Tue, 16 May 2017 19:27:33 -0300
Elias Pereira via samba <samba at lists.samba.org> wrote:

> >
> > Sorry, must have missed that.
> No problem! :D
>  OK, your dns domain is 'mydomain.edu' and your AD dns domain is
> 'addc.mydomain.edu', so far so good, but is the AD REALM set to
> 'ADDC.MYDOMAIN.EDU <http://addc.mydomain.edu/>' ?
> Yes, your AD DC should be the authoritative dns server for the AD dns
> > domain.
> ok.
> No, all your AD clients etc should use the DC for their nameserver,
> > anything it doesn't know about (anything outside the ad dns domain)
> > it should ask the forwarder for (I think you are trying to do this
> > the other way around)
>  ok.
> Now I migrate to SAMBA_INTERNAL and set on smb.conf,
> server services = ... dns
> dns forwarder = xxx.xxx.xxx.10 # DNS server
> allow dns updates = nonsecure and secure
> I can not see where I'm going wrong. Our DNS server is authoritative
> for our internal services, but on the machine I am testing, do not
> open any of the services. Any other site I can access. This machine
> is in the domain with the primary dns the IP of the AD.

All I can say is that it should work and swapping the dns server
shouldn't make any difference.

As long as all your AD clients are in the AD dns and nowhere else, it
should work.

You can remove the 'server services' line you have added, not having
one is the same as having one with all the servers listed.

Is anything else listening on port 53 ?


More information about the samba mailing list