[Samba] Samba AD Best Practice (DNS)

Pat Suwalski pat at suwalski.net
Thu Oct 12 15:00:35 UTC 2017


Hello,

This question is about best practice of introducing sambda-ad-dc to an 
organization that already has networking, and being minimally disruptive 
about it. I guess this question applies equally to adding a Windows AD 
server, but most people with that setup would let it be the primary DNS, 
etc.

For this example:
- Network: 172.18.0.0/24
- Domain: network.ca
- AD server: ad.network.ca, 172.18.0.20
- Gateway/DNS: 172.18.0.1

The gateway is running as the main DNS server, and has the various 
underscore ("_") entries required for Windows to find the Active 
Directory. It sends "172.18.0.1" as the DNS option over its DHCP server. 
The samba AD server has its DNS forwarder set to "172.18.0.1".

Now, the question:

To be able to take full advantage of AD, should DHCP provide the Windows 
clients with "172.18.0.20" as the DNS server? I know it dynamically adds 
the computers that are on the Active Directory, and possible other 
things that help make Windows services run smoothly. That said, the 
samba forwarder only seems to forward zones it is not familiar with. 
Since the samba server serves up "network.ca", when asked, it does not 
resolve "gitlab.network.ca" that the main DNS server knows how to 
resolve. This has forced me to just provide 172.18.0.1 as the DNS.

What is the best practice to solve this. Is there actually any benefit 
to having the AD server serve up DNS?

I'm sure others have been wondering this, and it would probably be a 
decent question to put in the DNS section of the Wiki, as I'm sure there 
are many samba mixed-network environments.

Thanks,
--Pat



More information about the samba mailing list