[Samba] Samba and DNSSEC

Reindl Harald h.reindl at thelounge.net
Wed Jul 10 14:16:29 UTC 2019



Am 10.07.19 um 16:11 schrieb Rowland penny via samba:
> On 10/07/2019 14:46, Oliver Werner via samba wrote:
>> Hi community,
>>
>> we have tow DCs there works under domain babis.local
>>
>> We are using unbound on our firewall for the interfaces as default
>> DNS-Server.
>> Unbound is activated and has an overwrite from our AD-Domain
>> babis.local to the DCs.
> This sounds like the firewall is authoritative for the AD DNS domain, if
> it is, it shouldn't be

unbound by definition can't be authoritative as it's a caching only
resolver just doing recursion or forwarding stub zones and has no
concept of hosting zones itself

>> Does Samba supports DNSSEC?
> Not that I am aware off, but then it shouldn't be used internally.
>> What needs to be configure? I don’t found an article in the wiki.
> 
> Your setup needs to be configured correctly, your clients should use the
> dns server on the firewall as a caching/forwarding dns server,
> forwarding your AD dns domain queries to the DNS servers running on the
> DC's

stub-zone:
 name: "example.com."
 stub-addr: ad-host at 53



More information about the samba mailing list