[Samba] AD DLZ backend - 'proper' way of doing it
Jonathon Reinhart
jonathon.reinhart at gmail.com
Fri Jun 28 11:48:23 UTC 2019
Hi Rowland,
On Fri, Jun 28, 2019, 04:55 Rowland penny via samba <samba at lists.samba.org>
wrote:
> You should be doing it the other way around. Your AD clients should be
> using the AD DC's as their nameservers and anything outside the AD dns
> domain should be forwarded to an external DNS server.
>
On this wiki page [1] it says:
> For high traffic environments, it is not recommended to use
BIND9_DLZ-backed samba as a primary DNS server. Instead, use an external
server that only forwards queries to BIND9_DLZ-backed samba DNS
installations when the query is addressed to a zone managed by that node.
...which seems to conflict.
We've been weighing the pros/cons of the various architectures and
wondering about this as well.
Is it required that AD clients point directly at AD DCs? Are there certain
DNS requests (e.g. updates) that won't be forwarded properly by an
intermediary DNS server?
[1]:
https://wiki.samba.org/index.php/BIND9_DLZ_DNS_Back_End#Recommended_Architecture
Jonathon
>
More information about the samba
mailing list