[Samba] Samba and DNSSEC

joachim Lindenberg samba at lindenberg.one
Tue Jul 16 18:31:50 UTC 2019


>> Does Samba supports DNSSEC?
>Not that I am aware off, but then it shouldn't be used internally.
Imho Samba should support DNSSEC (or clarify bind can be used to sign Samba
managed zones consistently). There is a clear tendency to move validating
resolvers like Unbound to clients and in the long run nobody wants to
maintain exceptions on all clients (think about mobile phones) and there is
also no evidence that attackers are blocked by firewalls rather than being
internal. I know that Microsoft some years ago published a recommendation to
use IPSEC to protect the "last mile", but I am not aware of anyone really
doing that.
Joachim





More information about the samba mailing list