[Samba] help again with dns and samba 4 ad

Nick Howitt nick at howitts.co.uk
Wed Sep 2 15:31:05 UTC 2020 

I shouldn't advise on this any more if Rowland says not to do it.

If you AD domain is ad.mydomain.com and you have a line:

server=/ad.mydomain.com/192.168.x.y (AD DC Server's IP)

and the samba AD then uses dnsmasq fo an upstream resolver, if you try 
to resolve something.ad.mydomain.com, dnsmasq will hand over the lookup 
to samba. If samba does no know about it, it can query the upstream 
resolver. If that is dnsmasq, it will hand to lookup back to AD which 
does not know it and so will hand it back to dnsmasq and it will go 
round in circles until it times out.

On 02/09/2020 16:15, jmpatagonia via samba wrote:
> 
> That mean for example if my domain resolve
> 
>                  xxxxx.testing.mydomain.com
> 
> the dnsmasq should NOT resolv  xxxxxx.mydomain.com this is in ascending way
> ?
> 
> Another way to expose:
> We set dnsmasq+dhcp to set clients that the only DNS server is samba DC on
> the domain name mysubdomain.mydomain.com
> 
> DC for example resolv  server1.mysubdomain.mydomain.com right, now if a
> client as for a ddddd.mydomain.com DC response or ask to dnamasq fot that
> or produce a horrible loop that you mentioned?
> 
> Regards
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> El mié., 2 sept. 2020 a las 11:53, Nick Howitt via samba (<
> samba at lists.samba.org>) escribió:
> 
>> On 02/09/2020 15:48, Rowland penny via samba wrote:
>>>
>>> On 02/09/2020 15:42, Nick Howitt via samba wrote:
>>>> Or set dnsmasq as the primary DNS server, but include a line in your
>>>> dnsmasq config:
>>>> server=/your.dc.domain/your.dc.ip
>>>
>>> Don't do that. To be honest, I wouldn't use dnsmasq at all, but if I
>>> had to, I wouldn't do that ;-)
>>>
>>> Rowland
>>>
>>>
>>>
>> Curious about the reason? It means the DC looks after all the lookups
>> for the LAN domain and dnsmasq looks after the rest. What you shouldn't
>> then do is make the DC use dnsmasq as its upstream resolver or you can
>> get into a horrible loop.
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>

More information about the samba mailing list