[Samba] Samba and DNSSEC
h.reindl at thelounge.net
Wed Jul 10 14:16:29 UTC 2019
Am 10.07.19 um 16:11 schrieb Rowland penny via samba:
> On 10/07/2019 14:46, Oliver Werner via samba wrote:
>> Hi community,
>> we have tow DCs there works under domain babis.local
>> We are using unbound on our firewall for the interfaces as default
>> Unbound is activated and has an overwrite from our AD-Domain
>> babis.local to the DCs.
> This sounds like the firewall is authoritative for the AD DNS domain, if
> it is, it shouldn't be
unbound by definition can't be authoritative as it's a caching only
resolver just doing recursion or forwarding stub zones and has no
concept of hosting zones itself
>> Does Samba supports DNSSEC?
> Not that I am aware off, but then it shouldn't be used internally.
>> What needs to be configure? I don’t found an article in the wiki.
> Your setup needs to be configured correctly, your clients should use the
> dns server on the firewall as a caching/forwarding dns server,
> forwarding your AD dns domain queries to the DNS servers running on the
stub-addr: ad-host at 53
More information about the samba