[Samba] AD DLZ backend - 'proper' way of doing it

Rowland penny rpenny at samba.org
Fri Jun 28 12:32:31 UTC 2019

On 28/06/2019 12:48, Jonathon Reinhart wrote:
> Hi Rowland,
> On Fri, Jun 28, 2019, 04:55 Rowland penny via samba 
> <samba at lists.samba.org <mailto:samba at lists.samba.org>> wrote:
>     You should be doing it the other way around. Your AD clients
>     should be
>     using the AD DC's as their nameservers and anything outside the AD
>     dns
>     domain should be forwarded to an external DNS server.
> On this wiki page [1] it says:
> > For high traffic environments, it is not recommended to use 
> BIND9_DLZ-backed samba as a primary DNS server. Instead, use an 
> external server that only forwards queries to BIND9_DLZ-backed samba 
> DNS installations when the query is addressed to a zone managed by 
> that node.
> ...which seems to conflict.

Yes it does, it seems to have been added by one of Catalyst's engineers 
back in August 2018 and is one of those statements that asks more 
questions than it answers. Just what is 'high traffic' ? Is it 100 
queries a minute, 1000, 10000 or what, or does it depend on number of 
users, computers etc. All I can say is that it has never affected 
myself, but then I doubt if I fall into the 'high traffic' usage. ;-)

I would use the dns server on the DC (internal or Bind9) and monitor it, 
if you find that bottlenecks occur you could then do what that statement 
says, use an external dns server.

It would be nice if the Catalyst guy would update his statement and tell 
us how to use an external dns server ;-)


More information about the samba mailing list