[Samba] Samba 4 custom ports for DNS in 2020?

Robert Marcano robert at marcanoonline.com
Thu Dec 17 12:37:59 UTC 2020 

On 12/16/20 2:58 PM, Joachim Lindenberg via samba wrote:
> I don´t know Alex´s use case, but I want to run a pi-hole (for ad blocking) and a stubby (for DNS-over-TLS) upstream, ideally both with docker. And I´d prefer to run all of them one one box, as I have to run three DCs anyway, separating them out to different VMs implies nine VMs just for DNS.
> 127.0.x.y is one option that can work though.
> Best Regards, Joachim
> 

I think these kind of flexible configuration options problems will 
become easier to manage if people don't use the AD DNS as the network 
recursive DNS server.

My ideal configuration puts the primary network DNS in front of the 
Samba DNS this way

+---------------+        +-----------------+
|  Network DNS  |------> |  Forwarder DNS  |
+---------------+        +-----------------+
                 |
                 |
                 |        +----------+
                 |------> |  AD DNS  |
                          +----------+

But on the other hand, someone maybe want to setup a small network and 
the complexity of adding another DNS is too much and it is happy with 
using the Samba DNS as the network primary DNS, so Samba accepting 
another port doesn't sound so weird, for example when ISPs filter port 
53 to redirect them to their crappy DNS.

> 
> -----Ursprüngliche Nachricht-----
> Von: samba <samba-bounces at lists.samba.org> Im Auftrag von Rowland penny via samba
> Gesendet: Wednesday, 16 December 2020 19:27
> An: samba at lists.samba.org
> Betreff: Re: [Samba] Samba 4 custom ports for DNS in 2020?
> 
> On 16/12/2020 17:54, Alex Orlov via samba wrote:
>> Hello all,
>>    
>> I found many old threads in samba mailing list that samba internal
>> server doesn’t support custom ports (other than 53). Besides, I couldn’t make samba work dns forwarder = x.x.x.x:non_53_port.
>>    
>> So, could anyone say if it’s possible in samba 4 to set custom port
>> for internal dns server or make forwarding to non 53 port in 2020?
>>    
>> --
>> Best regards, Alex Orlov
> 
> This sounds like you want to run two dns servers on the same computer, if this is the case, then you may be able to get an extra dns server running on another IP (such as 127.0.1.1) but there wouldn't be much point, The Samba dns server must be authoritative for AD dns domain and the computer must be running in the AD dns domain, so what dns domain would the second dns server be authoritative for ? If it isn't authoritative for any domain, why run it on the DC ?
> 
> Row
> 
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
>

More information about the samba mailing list