[Samba] Samba4 Internal DNS and pfSense DNS Resolver
Rowland penny
rpenny at samba.org
Wed Jul 10 18:19:35 UTC 2019
On 10/07/2019 18:38, Leonardo Yanes Batista via samba wrote:
>
> I have implemented a small local network. I use pfSense as Firewall and Gateway, I have all my servers inside a DMZ, except the domain controllers that are on the LAN.
>
> LAN: 10.10.20.0/24
>
> DMZ: 10.10.30.0/24
>
>
>
>
> DC1: 10.10.20.2
>
> DC2: 10.10.20.3
>
> pfSense:
>
> LAN: 10.10.20.1
>
> WAN: x.x.x.x
>
> DMZ: 10.10.30.1
>
>
>
>
> In my local network, I have 2 domain controllers with SAMBA4, I would like to find out how to configure SAMBA4 so that all the DNS requests that my clients make to the domain controller ... and that record is not found in the DNS records of the domain controller, then look for them in the DNS resolver service of pfSense.
>
>
>
>
> For example ... I configure my clients in windows to use them as DNS servers 10.10.20.2 and 10.10.20.3 (Domain Controllers)
>
> In the SAMBA4 DNS, I do NOT have a created record called xmpp.domain.tld, in the DNS resolver of pfSense, I have a created record called xmpp.domain.tld and it points to an address in my DMZ. How could I achieve that when my client from the LAN makes a request to xmpp.domain.tld, SAMBA4 direct that request to pfSense and respond with the IP assigned to it?
>
Normally this is what would happen:
Client asks their nameserver (AD DC) for 'xmpp.domain.tld.
This is unknown to the DC, so it asks its 'forwarder' (the pfsense
machine), which, if it knows the data, returns it, otherwise it asks its
forwarder.
There is a potential hole in that though, if your AD dns domain is
'domain.tld', the DC wouldn't ask its forwarder because the DC would be
authoritative for 'domain.tld', it would return 'NXDOMAIN'
Rowland
More information about the samba
mailing list