[Samba] AD DLZ backend - 'proper' way of doing it

Jonathon Reinhart jonathon.reinhart at gmail.com
Fri Jun 28 11:48:23 UTC 2019

Hi Rowland,

On Fri, Jun 28, 2019, 04:55 Rowland penny via samba <samba at lists.samba.org>

> You should be doing it the other way around. Your AD clients should be
> using the AD DC's as their nameservers and anything outside the AD dns
> domain should be forwarded to an external DNS server.

On this wiki page [1] it says:

> For high traffic environments, it is not recommended to use
BIND9_DLZ-backed samba as a primary DNS server. Instead, use an external
server that only forwards queries to BIND9_DLZ-backed samba DNS
installations when the query is addressed to a zone managed by that node.

...which seems to conflict.

We've been weighing the pros/cons of the various architectures and
wondering about this as well.

Is it required that AD clients point directly at AD DCs? Are there certain
DNS requests (e.g. updates) that won't be forwarded properly by an
intermediary DNS server?




More information about the samba mailing list