[Samba] Samba AD Best Practice (DNS)

Rowland Penny rpenny at samba.org
Thu Oct 12 16:30:24 UTC 2017

On Thu, 12 Oct 2017 12:07:17 -0400
Pat Suwalski via samba <samba at lists.samba.org> wrote:

> On 2017-10-12 11:47 AM, Rowland Penny via samba wrote:
> > If you already have a domain, I would set up Active Directory as a
> > subdomain of this, e.g. instead of using 'network.ca', use
> > 'ad.network.ca' and the FQDN 'dc1.ad.network.ca' for the DC.
> Thanks for the reply.
> I think that ship's already sailed, the domain has been running as 
> network.ca since Samba4 was in beta, and I can just imagine the
> headache of changing that over.

Not sure you could :-(

> I wouldn't have done it that way, but at the time "dns forwarder" to
> me suggested that *all* (unknown) DNS entries would be forwarded to
> the main DNS server. Obviously, it's clear now that isn't the case.

To AD, 'unknown' usually means anything outside the AD domain.

> I think I'm left with two options:
> - Don't point DNS at the AD server.
> - Allow some kind of zone copying. Not sure of samba's DNS server 
> supports this.
> Neither seems ideal.

I don't think you will be able to do the second at all, even if you
used BIND9 instead of the internal dns server.

It might help if you described your network.


More information about the samba mailing list