[Samba] AD DLZ backend - 'proper' way of doing it
Rowland penny
rpenny at samba.org
Fri Jun 28 12:15:40 UTC 2019
On 28/06/2019 12:15, Zdravko Zdravkov wrote:
> Hi Rowland.
>
> I've followed your advice. This is how my named.conf looks like at
> the moment:
>
> include "/usr/local/samba/bind-dns/named.conf";
> options {
> listen-on port 53 { 127.0.0.1; 192.xx.xx.x; };
> auth-nxdomain yes;
> directory "/var/named";
> notify no;
> empty-zones-enable no;
> # IP addresses and network ranges allowed to query the DNS server:
> allow-query {
> 127.0.0.1;
> 192.xx.xx.x/24;
> };
> # IP addresses and network ranges allowed to run recursive
> queries:
> # (Zones not served by this DNS server)
> allow-recursion {
> 127.0.0.1;
> 192.xx.xx.0/24;
> };
> tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab";
>
> # Forward queries that can not be answered from own zones
> # to these DNS servers:
> forwarders {
> xx.xx.xx.xx;
> };
> # Disable zone transfers
> allow-transfer {
> none;
> };
> };
> # Root Servers
> # (Required for recursive DNS queries)
> zone "." {
> type hint;
> file "named.root";
> };
> # localhost zone
> zone "localhost" {
> type master;
> file "master/localhost.zone";
> };
> # 127.0.0. zone.
> zone "0.0.127.in-addr.arpa" {
> type master;
> file "master/0.0.127.zone";
> };
>
>
> Also, I've removed the forward rule on our external DNS.
> Now, all of this works, but running:
>
> host -a www.samba.org <http://www.samba.org>
>
>
> returns:
>
> Received 511 bytes from 192.168.40.5#53 in 3 ms
>
>
>
> I'm not sure if the AD server resolves it, or the external DNS. I've
> already had experience where the clients were using AD as DNS (in our
> other office) and the performance drop after a week or so was
> significant, so I'm concerned that this may happen again.
What is '192.168.40.5', this is what replied.
Rowland
More information about the samba
mailing list