[Samba] AD DLZ backend - 'proper' way of doing it
Rowland penny
rpenny at samba.org
Fri Jun 28 12:32:31 UTC 2019
On 28/06/2019 12:48, Jonathon Reinhart wrote:
> Hi Rowland,
>
> On Fri, Jun 28, 2019, 04:55 Rowland penny via samba
> <samba at lists.samba.org <mailto:samba at lists.samba.org>> wrote:
>
> You should be doing it the other way around. Your AD clients
> should be
> using the AD DC's as their nameservers and anything outside the AD
> dns
> domain should be forwarded to an external DNS server.
>
>
> On this wiki page [1] it says:
>
> > For high traffic environments, it is not recommended to use
> BIND9_DLZ-backed samba as a primary DNS server. Instead, use an
> external server that only forwards queries to BIND9_DLZ-backed samba
> DNS installations when the query is addressed to a zone managed by
> that node.
>
> ...which seems to conflict.
Yes it does, it seems to have been added by one of Catalyst's engineers
back in August 2018 and is one of those statements that asks more
questions than it answers. Just what is 'high traffic' ? Is it 100
queries a minute, 1000, 10000 or what, or does it depend on number of
users, computers etc. All I can say is that it has never affected
myself, but then I doubt if I fall into the 'high traffic' usage. ;-)
I would use the dns server on the DC (internal or Bind9) and monitor it,
if you find that bottlenecks occur you could then do what that statement
says, use an external dns server.
It would be nice if the Catalyst guy would update his statement and tell
us how to use an external dns server ;-)
Rowland
More information about the samba
mailing list