[Samba] help again with dns and samba 4 ad

jmpatagonia jmpatagonia at gmail.com
Wed Sep 2 14:35:04 UTC 2020 

 Correct we have the dnsmasq server dns+dhcp on other ip server.

So if I understand well, we will use the samba DC as a "authoritative
nameserver" and the dnsmasq as a forwarder dns for resolve outside our zone
?

And we set on the dnsmasq (when deliver ip to the client as a dhcp server)
the primary dns is a samba DC server, and too we can set the dnsmasq a
secondary dns server or is not necessary that (because the DC asking the
dnsmasq) ?

Scenario:
dnsmasq as dhcp server: serve ip and tell to client the primary dns is
samba DC, and tell to client the secondary dns is dnsmasq

or
dnsmasq as dhcp server: serve ip and tell to client the primary dns is
samba DC, and samba DC is responsible to asking the dnsmasq for resolv
sites outsite the zone and answer to client.


Regards

El mié., 2 sept. 2020 a las 11:03, Rowland penny via samba (<
samba at lists.samba.org>) escribió:

> On 02/09/2020 14:19, jmpatagonia via samba wrote:
> > I need helping again implementing samba4 ad and dns:
> >
> > Actually we have a dnsmasq server with dhcp/dns services for users on the
> > lan, if we start to using the internal samba4 dns server to resolv names
> on
> > the zone of DC server example mydomain.test.com we can use the actual
> > dnsmasq to server another domains that we need ?, for example
> > otherdomain.testing.com.ar
> >
> > If that is correct we need to include the parameter
> >                  dns forwarder = dnsmasq-ip-server
> > on the smb.conf ? so what samba asking dnsmasq to resolv the name.
> >
> > Regards.
>
> It all depends on whether you have any Unix dhcp clients in the AD
> domain, because these will not update their records in AD.
>
> Windows clients can update their AD records.
>
> Your domain clients must use the DC(s) as their nameserver(s) and
> anything it doesn't know about (www.google.com for instance) will be
> forwarded to the DNS server set in smb.conf or the bind conf files (if
> using Bind9).
>
> So, yes you can use your dnsmasq server, provided it isn't in the same
> dns domain as your DC(s).
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list