[Samba] Samba internal dns server vs Bind
Andrew Bartlett
abartlet at samba.org
Wed Jun 19 17:04:09 UTC 2019
On Wed, 2019-06-19 at 15:11 +0200, Pisch Tamás via samba wrote:
> Hi,
>
> I set up Samba DCs for two sites. The first site is for example
> domain.ourdomain.com, the second is site2.ourdomain.com. On the first
> site, there will be 2 DCs, and one fileserver, on the second site
> there will be one DC, and it will act as fileserver too.
> Is it true that Samba's internal dns server won't good for that, and
> I
> need Bind, because of Bind's zone transfer feature?
I don't see the connection with zone transfers.
At the small scale either will work fine.
At larger scales, DLZ_BIND9 is slower (yes really) particularly if you
ask it to be the default DNS server for the network, but the internal
DNS server also can fall over faster under a high forwarding load.
The reason for the performance problem in the DLZ_BIND9 case is a lock
over access to Samba's DB, and the behaviour around including NS
records in a response. Fix that by setting:
options {
minimal-responses yes;
}
If you have a large site, set up a BIND9 server with a zone of type
'forward' pointing at your Samba DC, and otherwise forwarding and
caching for the internet.
https://wiki.samba.org/index.php/BIND9_DLZ_DNS_Back_End
https://wiki.samba.org/index.php/Running_Samba_AD_Domain_Controllers_in_large_domains#DNS_query_latency
I hope this helps,
Andrew Bartlett
--
Andrew Bartlett https://samba.org/~abartlet/
Authentication Developer, Samba Team https://samba.org
Samba Developer, Catalyst IT
https://catalyst.net.nz/services/samba
More information about the samba
mailing list