[Samba] samba_dns_question

Rowland Penny rpenny at samba.org
Tue Jan 22 15:34:44 UTC 2019

On Tue, 22 Jan 2019 16:16:15 +0100
"L. van Belle via samba" <samba at lists.samba.org> wrote:

> Hai Rowland, 
> I think you are mixing a few settings. 
> http://www.zytrax.com/books/dns/ch7/queries.html#additional-from-auth
>  additional-from-auth yes | no ;
>  additional-from-cache yes | no ; 

I have never set those options

> And
> www.zytrax.com/books/dns/ch7/queries.html#auth-nxdomain
> auth-nxdomain yes | no;
> If auth-nxdomain is 'yes' allows the server to answer authoritatively
> (the AA bit is set) 
> 	when returning NXDOMAIN (domain does not exist) answers, 
> if 'no' (the default) the server will not answer authoritatively. 
> And

I don't set that and so it defaults to 'no' and does it matter whether
the AD is Authoritative for a non existing domain or not ?

> http://www.zytrax.com/books/dns/ch7/queries.html#empty-zones-enable
> empty-zones-enable yes | no ;
> By default empty-zones-enable is set to yes which means that reverse
> queries for IPv4 and IPv6 addresses 
> covered by RFCs 1918, 4193, 5737 and 6598 (as well as IPv6 local
> address (locally assigned), 
> IPv6 link local addresses, the IPv6 loopback address and the IPv6
> unknown address) 
> but which is not not covered by a locally defined zone clause will
> automatically return an NXDOMAIN response from the local name server. 
> This prevents reverse map queries to such addresses escaping to the
> DNS hierarchy where 
> they are simply noise and increase the already high level of query
> pollution caused by mis-configuration.

OK, I will give you that one, it probably would be better if it was set
to yes, which really means not having the line.

More information about the samba mailing list