[Samba] split horizon and authoritative answers..?

[Joachim Lindenberg]

All AD domains are subdomains to the external domain. But that doesn´t help to address the issue that the IPs are different externally/internally (and I need IPv4) - or what am I overlooking? Or do you suggest to have a DNS server on the external port 53 that just answers with "here am I" to any request? Internet providers don´t really like port 53 open...
It does work with bind, so why Windows 2016? Are you referring to the AD level or to the specific implementation?
Thanks, Joachim

-----Ursprüngliche Nachricht-----
Von: samba <samba-bounces at lists.samba.org> Im Auftrag von Rowland penny via samba
Gesendet: Monday, 29 July 2019 20:17
An: samba at lists.samba.org
Betreff: Re: [Samba] split horizon and authoritative answers..?

On 29/07/2019 17:45, Joachim Lindenberg via samba wrote:
> I need to implement split horizon DNS, as I have just one external IP address (dynamic.lindenberg.one in external DNS) but multiple internal ones. External requests are distributed by port or using sniproxy (in particular 443), and all externally visible names are in a distinct zone then my domain, but with an additional indirection: names like backup.lindenberg.one resolve to CNAME backup.rot.lindenberg.one, and only backup.rot.lindenberg.one is resolved differently internally/externally.
>
No, you want to implement split horizon/split brain, but you shouldn't, you should have used a subdomain of your external domain for the AD dns domain.

As far as I am aware, you need Windows 2016 to have any chance of something like this working.

Rowland



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba