[Samba] Samba Bind9DLZ

Eben Victor eben.victor at gmail.com
Thu Dec 3 16:42:48 UTC 2020

Thanks Rowland,
The issue that I sit with is Samba and BindDlz has a zone transfer vulnerability even if bind is configured not to allow zone transfers.

My company is forcing me to find a solution to mitigate the issue now.

The proposed work is what I could quickly think off.

Any other suggestions?

From: samba <samba-bounces at lists.samba.org> on behalf of Rowland penny via samba <samba at lists.samba.org>
Sent: Thursday, December 3, 2020 6:32 PM
To: samba at lists.samba.org
Subject: Re: [Samba] Samba Bind9DLZ

On 03/12/2020 16:00, Eben Victor via samba wrote:
> Hi,
> I currently have Samba 4.12.6 setup and working with Bind9DLZ as my DNS service.
> I want to setup Bind only servers without Samba to handle all the DNS traffic for Windows.
> How do I go about creating slaves servers to handle all the production traffic and still update Samba of DNS/PTR records from Windows devices?

Sorry, but the AD dns servers have to be on the DC's and each DC is
authoritative for the dns domain. You may be able to get what you are
proposing to work, but it would probably take a lot of work, involve a
lot of tricks and be totally unsupported by Samba.


To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list