[Samba] AD DLZ backend - 'proper' way of doing it
Zdravko Zdravkov
nirayah at gmail.com
Fri Jun 28 09:43:03 UTC 2019
Greetings Rowland.
Are you able to provide sample config about this? I'm not sure how exactly
to resolve single zone with BIND and forward everything else to the next
dns server.
Thank you for the help
On Fri, Jun 28, 2019 at 11:55 AM Rowland penny via samba <
samba at lists.samba.org> wrote:
> On 28/06/2019 09:46, Zdravko Zdravkov via samba wrote:
> > Hey all.
> > I've got working samba AD server with dlz backend. To avoid performance
> > issues I'm using external DNS which forwards queries for the AD zone to
> the
> > Samba server, like that:
> >
> >
> > zone "myadzone.int" {
> >> type forward;
> >> forwarders { 192.xx.x.xx; };
> >> };
> >
> > 192.xx.x.xx = my AD Samba.
> >
> > This way it works alright, but on the external DNS I'm getting errors
> like:
> >
> >
> >> named[20356]: REFUSED unexpected RCODE resolving '_kerberos._
> >> udp.AD.INT/SRV/IN': 192.xx.x.xx #53
> >> named[20356]: REFUSED unexpected RCODE resolving '_kerberos._
> >> kkdcp.AD.INT/SRV/IN': 192.xx.x.xx #53
> >> named[20356]: REFUSED unexpected RCODE resolving '_kerberos._
> >> http.AD.INT/SRV/IN': 192.xx.x.xx #53
> >
> > Which makes me wonder if there's something I'm missing. Can someone
> provide
> > his working config?
> >
> > Thanks
> > Z
>
> You should be doing it the other way around. Your AD clients should be
> using the AD DC's as their nameservers and anything outside the AD dns
> domain should be forwarded to an external DNS server.
>
> Rowland
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list