[Samba] Samba AD Best Practice (DNS)

Luke Barone lukebarone at gmail.com
Thu Oct 12 18:26:13 UTC 2017 

Here's what we do for our school district:

- Each site is in its own isolated network
- Each site has two DCs and a file server
- The DHCP server hands out the DCs of the site as both DNS servers (i.e.
dc1 = 192.168.0.2, 192.168.0.3)
- The DNS server runs from the Samba DCs (using bind9 or the Internal DNS,
does not matter)
- If we want something else to resolve, we add an A record (i.e.
mail.ad.district.com IN A 192.168.0.5) or a CNAME record (i.e.
mail.ad.district.com IN CNAME mail.district.com)

The clients need to point their DNS servers to the AD DCs for everything to
work "correctly", especially with name resolution. You need the DC servers
to point their DNS forwarders to either your network DNS Servers, or your
ISP / other DNS servers.

On Thu, Oct 12, 2017 at 11:00 AM, Pat Suwalski via samba <
samba at lists.samba.org> wrote:

> On 2017-10-12 12:30 PM, Rowland Penny via samba wrote:
>
>> It might help if you described your network.
>>
>
> I thought I went into detail in the first message:
>
>
> For this example:
> - Network: 172.18.0.0/24
> - Domain: network.ca
> - AD server: ad.network.ca, 172.18.0.20
> - Gateway/DNS: 172.18.0.1
>
> The gateway is running as the main DNS server, and has the various
> underscore ("_") entries required for Windows to find the Active Directory.
> It sends "172.18.0.1" as the DNS option over its DHCP server. The samba AD
> server has its DNS forwarder set to "172.18.0.1".
>
>
> The only thing to add is that 172.18.0.1 runs dnsmasq. samba is used with
> Windows Desktops for AD and home shares, and with Linux servers for AD with
> sssd (sambda's Winbind wasn't quite there when this was set up). Nothing
> really relies on DNS from samba; unless you know something about this point
> that I do not.
>
> I could also manually add the local entries to samba's DNS. Not crazy
> about this option.
>
> Thanks,
> --Pat
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list