[Samba] AD DLZ backend - 'proper' way of doing it
Rowland penny
rpenny at samba.org
Fri Jun 28 08:54:41 UTC 2019
On 28/06/2019 09:46, Zdravko Zdravkov via samba wrote:
> Hey all.
> I've got working samba AD server with dlz backend. To avoid performance
> issues I'm using external DNS which forwards queries for the AD zone to the
> Samba server, like that:
>
>
> zone "myadzone.int" {
>> type forward;
>> forwarders { 192.xx.x.xx; };
>> };
>
> 192.xx.x.xx = my AD Samba.
>
> This way it works alright, but on the external DNS I'm getting errors like:
>
>
>> named[20356]: REFUSED unexpected RCODE resolving '_kerberos._
>> udp.AD.INT/SRV/IN': 192.xx.x.xx #53
>> named[20356]: REFUSED unexpected RCODE resolving '_kerberos._
>> kkdcp.AD.INT/SRV/IN': 192.xx.x.xx #53
>> named[20356]: REFUSED unexpected RCODE resolving '_kerberos._
>> http.AD.INT/SRV/IN': 192.xx.x.xx #53
>
> Which makes me wonder if there's something I'm missing. Can someone provide
> his working config?
>
> Thanks
> Z
You should be doing it the other way around. Your AD clients should be
using the AD DC's as their nameservers and anything outside the AD dns
domain should be forwarded to an external DNS server.
Rowland
More information about the samba
mailing list