[Samba] Samba 4 custom ports for DNS in 2020?

Joachim Lindenberg samba at lindenberg.one
Thu Dec 17 16:48:38 UTC 2020 

Hi Robert,
It is not about complexity. I tried the setup you suggested, but unfortunately split horizon DNS kind of depends on the DNS server implementation. While trying I figured out that dnsmasq happily accepts and forwards records received from upstream without considering it was supposed to ask someone else (AD), whereas bind9 strips these records it is authoritative itself and returns the correct ones from AD. Thus my samba host is the network DNS and has to forward upstream, even though most queries are answered from upstream.
Now you can argue whether dnsmasq is broken, or split horizon is not the way to go. But this is my reality at present, and I assume this is reality for others as well.
Best Regards, Joachim

-----Ursprüngliche Nachricht-----
Von: samba <samba-bounces at lists.samba.org> Im Auftrag von Robert Marcano via samba
Gesendet: Thursday, 17 December 2020 13:38
An: samba at lists.samba.org
Betreff: Re: [Samba] Samba 4 custom ports for DNS in 2020?

On 12/16/20 2:58 PM, Joachim Lindenberg via samba wrote:
> I don´t know Alex´s use case, but I want to run a pi-hole (for ad blocking) and a stubby (for DNS-over-TLS) upstream, ideally both with docker. And I´d prefer to run all of them one one box, as I have to run three DCs anyway, separating them out to different VMs implies nine VMs just for DNS.
> 127.0.x.y is one option that can work though.
> Best Regards, Joachim
> 

I think these kind of flexible configuration options problems will become easier to manage if people don't use the AD DNS as the network recursive DNS server.

My ideal configuration puts the primary network DNS in front of the Samba DNS this way

+---------------+        +-----------------+
|  Network DNS  |------> |  Forwarder DNS  |
+---------------+        +-----------------+
                 |
                 |
                 |        +----------+
                 |------> |  AD DNS  |
                          +----------+

But on the other hand, someone maybe want to setup a small network and the complexity of adding another DNS is too much and it is happy with using the Samba DNS as the network primary DNS, so Samba accepting another port doesn't sound so weird, for example when ISPs filter port
53 to redirect them to their crappy DNS.

> 
> -----Ursprüngliche Nachricht-----
> Von: samba <samba-bounces at lists.samba.org> Im Auftrag von Rowland 
> penny via samba
> Gesendet: Wednesday, 16 December 2020 19:27
> An: samba at lists.samba.org
> Betreff: Re: [Samba] Samba 4 custom ports for DNS in 2020?
> 
> On 16/12/2020 17:54, Alex Orlov via samba wrote:
>> Hello all,
>>    
>> I found many old threads in samba mailing list that samba internal 
>> server doesn’t support custom ports (other than 53). Besides, I couldn’t make samba work dns forwarder = x.x.x.x:non_53_port.
>>    
>> So, could anyone say if it’s possible in samba 4 to set custom port 
>> for internal dns server or make forwarding to non 53 port in 2020?
>>    
>> --
>> Best regards, Alex Orlov
> 
> This sounds like you want to run two dns servers on the same computer, if this is the case, then you may be able to get an extra dns server running on another IP (such as 127.0.1.1) but there wouldn't be much point, The Samba dns server must be authoritative for AD dns domain and the computer must be running in the AD dns domain, so what dns domain would the second dns server be authoritative for ? If it isn't authoritative for any domain, why run it on the DC ?
> 
> Row
> 
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
> 


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list