[Samba] DNS (bind_dlz) forwarding not working
Rowland Penny
rpenny at samba.org
Wed May 17 19:35:09 UTC 2017
On Wed, 17 May 2017 15:54:20 -0300
Elias Pereira via samba <samba at lists.samba.org> wrote:
> Rowland,
>
> Can I use AD bind as slave for some zones of our bind master server?
>
Not sure I 100% understand what you are trying to say ;-)
I will try to explain how Samba, when running as an AD DC, supports DNS.
If you have a registered dns domain (we will use 'example.com'), you
should set the AD domain to a subdomain of this, for instance:
ad.example.com. You should then ensure that any computers that will be
joined to the AD domain use this subdomain.
When an AD domain member needs to find another computer (whether this
is another domain computer or not), it should ask one of the domain
DCs. If the DC does not know who the computer is, it should ask its
forwarder.
If a domain client (client1) needs to connect to another domain client
(client2), the DC should be able to return the data for
client2.ad.example.com
If a domain client needs to connect to Google, the DC will not know who
this is and so, should ask its forwarder and then return this data
to the domain client.
So, to put it in a nutshell, an AD DC running a dns server must be
authoritative for the AD dns domain, it cannot be a slave of another
dns server, but the dns server can hold zones that are not part of
the AD domain, you would just have to find a way of updating the
non-domain zone records.
Rowland
More information about the samba
mailing list