[Samba] AD DC without integrated DNS
Rowland penny
rpenny at samba.org
Mon May 4 19:17:13 UTC 2020
On 04/05/2020 18:35, Magnus Holmgren via samba wrote:
> Hi all,
>
> (Samba 4.9.5-Debian (buster) with BIND 9.11.5.P4)
>
> I'm wondering, is it really strictly necessary to use the built-in DNS backend
> or the BIND9 DLZ plugin, at least in a forest with no Windows Server DCs?
If you only have only one or two DC's. then, yes it is.
> samba_dnsupdate can insert all the records from dns_update_cache, *except* the
> NS record for the _msdcs zone
Not sure I understand that, by default a Samba AD DC has two zones:
samdom.example.com (DomainDnsZone)
_msdcs.samdom.example.com (ForestDnsZone)
Both of which can be updated by samba_dnsupdate
> hardly planning to join any Windows machines to this domain, except for one or
> two for the purpose of testing software that we can't install on multiple
> personal laptops (most of which were bought with Windows Home pre-installed),
That is never going to work, you cannot join a Windows Home client to a
domain.
> The documentation talks a lot about special requirements and limitations when
> running Samba as an AD DC, but it doesn't go into much technical detail as to
> the reasons for those, and I guess it's because AD is complicated.
Yes, AD is complicated, but your way would make it even more complicated
and I don't think it is going to work correctly, if at all.
You can run an AD DC without it being a dns server, but only if there
are more than two DC's (one plus a spare).
Rowland
More information about the samba
mailing list