[Samba] AD DLZ backend - 'proper' way of doing it
L.P.H. van Belle
belle at bazuin.nl
Fri Jun 28 12:06:13 UTC 2019
Hai,
If the setup is done correctly this shoud work fine
Setup a (caching) bind9 dns server and add for every needed zone a forward.
zone "primary.dnsdomain.tld" {
type forward;
forwarders { 192.168.1.2; 192.168.1.1; };
};
zone "168.192.in-addr.arpa" {
type forward;
forwarders { 192.168.1.2; 192.168.1.1; };
};
And your done.
I use this on my 3 split-networked servers for years now.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Jonathon Reinhart via samba
> Verzonden: vrijdag 28 juni 2019 13:48
> Aan: Rowland Penny
> CC: samba
> Onderwerp: Re: [Samba] AD DLZ backend - 'proper' way of doing it
>
> Hi Rowland,
>
> On Fri, Jun 28, 2019, 04:55 Rowland penny via samba
> <samba at lists.samba.org>
> wrote:
>
> > You should be doing it the other way around. Your AD
> clients should be
> > using the AD DC's as their nameservers and anything outside
> the AD dns
> > domain should be forwarded to an external DNS server.
> >
>
> On this wiki page [1] it says:
>
> > For high traffic environments, it is not recommended to use
> BIND9_DLZ-backed samba as a primary DNS server. Instead, use
> an external
> server that only forwards queries to BIND9_DLZ-backed samba DNS
> installations when the query is addressed to a zone managed
> by that node.
>
> ...which seems to conflict.
>
> We've been weighing the pros/cons of the various architectures and
> wondering about this as well.
>
> Is it required that AD clients point directly at AD DCs? Are
> there certain
> DNS requests (e.g. updates) that won't be forwarded properly by an
> intermediary DNS server?
>
>
> [1]:
> https://wiki.samba.org/index.php/BIND9_DLZ_DNS_Back_End#Recomm
> ended_Architecture
>
> Jonathon
>
> >
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list