[Samba] Samba and DNSSEC
Rowland penny
rpenny at samba.org
Wed Jul 10 14:11:15 UTC 2019
On 10/07/2019 14:46, Oliver Werner via samba wrote:
> Hi community,
>
> we have tow DCs there works under domain babis.local
>
> We are using unbound on our firewall for the interfaces as default DNS-Server.
> Unbound is activated and has an overwrite from our AD-Domain babis.local to the DCs.
This sounds like the firewall is authoritative for the AD DNS domain, if
it is, it shouldn't be
>
> When DNSSEC is disabled on unbound, DNS-Queries to dc works perfect.
I think that answers your question.
> When DNSSEC is activated on unbound, DNS-Queries will be send to root DNS-Servers and i got NXDOMAIN.
No, your AD domain queries should be forwarded to a DC.
>
> Does Samba supports DNSSEC?
Not that I am aware off, but then it shouldn't be used internally.
> What needs to be configure? I don’t found an article in the wiki.
Your setup needs to be configured correctly, your clients should use the
dns server on the firewall as a caching/forwarding dns server,
forwarding your AD dns domain queries to the DNS servers running on the
DC's.
Rowland
More information about the samba
mailing list