[Samba] AD DC DNS question
Nick Howitt
nick at howitts.co.uk
Wed Sep 16 08:23:29 UTC 2020
On 16/09/2020 08:57, L.P.H. van Belle via samba wrote:
>
>
>
>> -----Oorspronkelijk bericht-----
>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
>> Jonathan Kreider via samba
>> Verzonden: woensdag 16 september 2020 2:20
>> Aan: samba at lists.samba.org
>> Onderwerp: [Samba] AD DC DNS question
>>
>> OS = Ubuntu 18.04 in an LXD container
>> Samba 4.11.x and up
>>
>> Is there a way to have DNS resolution on the server that can
>> coexist with > the samba ad dc internal DNS server?
> Yes
>
>> The way that I have it set up,
>> whenever samba is not running, then I can't use any web resources b/c
>> everything goes through the samba internal DNS. So I can't do system
>> updates and upgrades unless samba is running.
> Ah, a resolving design flaw ;-) small one, and common one.
>
> My solution would be really simple, i keep samba running.. :-/
>
> Lots of options here,
> Or just add 1 internet dns server in resolv.conf.
Doesn't that only work if strict DNS resolution order is observed?
Otherwise if the internet DNS responds first, it takes precedence over
the DC response. My DNS service resolves any subdomain not known back to
my WAN IP. If your internal domain is a subdomain of your external
domain (as the best practice is) then this could be a problem.
>
> Or in your router as ip/dns forwarder if possible.
> If you can add a forward zone in you router for example.
> Like internal.domain.tld and forward that your samba-ad-dc
I suggested that a week or two back with dnsmasq with dnsmask being the
primary resolver but forwarding anything with internal.domain.tld to the
DC but Rowland didn't like it. It also risks a DNS loop if the DC then
uses the router as its upstream resolver if you try to resolve
somedevice.internal.domain.tld which does not exist in the DC.
>
>
>>
>> I saw this discussion (
>> https://lists.samba.org/archive/samba/2020-August/231345.html) between
>> Louis and Rowland but didn't know if it might apply to my situation.
>
> Ah, thats not a discussion, its just me telling, you can chainlink as many dns servers as you want.
> But wize, no offcours not.
>
>>
>> ~# cat /etc/netplan/50-cloud-init.yaml
>> # This file is generated from information provided by
>> # the datasource. Changes to it will not persist across an instance.
>> # To disable cloud-init's network configuration capabilities,
>> write a file
>> # /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with
>> the following:
>> # network: {config: disabled}
>> network:
>> version: 2
>> ethernets:
>> eth0:
>> dhcp4: false
>> addresses: [192.168.0.11/16]
>> gateway4: 192.168.0.200
>> nameservers:
>> search: [mydom.samdom.com]
>> addresses: [192.168.0.11, 192.168.0.14, 192.168.0.200]
>>
>> 192.168.0.11 is this server
>> 192.168.0.14 is another AD DC
>> 192.168.0.200 is a router/gateway
>
> Nothing wrong with this.
>
> What i did for my home network.
>
> 1 samba ad-dc + dns
> 1 router + dns forwarders
>
> I added the samba primary dns domain to the resolver settings in the router.
> So internal.domain.tld > ip_samba_dns
> (if you router is capable)
>
> Pc is set to, dns1 samba, dns2 router.
> Samba turned off, fine, dns2 forwards to the internet.
> Samba up again, fine, dns1 forards to the internet.
>
> Good luck,
>
> Greetz,
>
> Louis
>
>
>
More information about the samba
mailing list