[Samba] AD DC DNS question
L.P.H. van Belle
belle at bazuin.nl
Wed Sep 16 08:47:38 UTC 2020
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Nick
> Howitt via samba
> Verzonden: woensdag 16 september 2020 10:23
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] AD DC DNS question
>
>
>
> On 16/09/2020 08:57, L.P.H. van Belle via samba wrote:
> >
> >
> >
> >> -----Oorspronkelijk bericht-----
> >> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> >> Jonathan Kreider via samba
> >> Verzonden: woensdag 16 september 2020 2:20
> >> Aan: samba at lists.samba.org
> >> Onderwerp: [Samba] AD DC DNS question
> >>
> >> OS = Ubuntu 18.04 in an LXD container
> >> Samba 4.11.x and up
> >>
> >> Is there a way to have DNS resolution on the server that can
> >> coexist with > the samba ad dc internal DNS server?
> > Yes
> >
> >> The way that I have it set up,
> >> whenever samba is not running, then I can't use any web
> resources b/c
> >> everything goes through the samba internal DNS. So I can't
> do system
> >> updates and upgrades unless samba is running.
> > Ah, a resolving design flaw ;-) small one, and common one.
> >
> > My solution would be really simple, i keep samba running.. :-/
> >
> > Lots of options here,
> > Or just add 1 internet dns server in resolv.conf.
> Doesn't that only work if strict DNS resolution order is observed?
No, i lowered the timeout to 1-3 seconds in resolv.conf and
To keep some servers always running and have internet resolvable domainnames. ( ! Not internal)
So, I added the 3the nameserver to resolv.conf If 1 and 2 are down, 3 is used.
Yes, but i can add the needed domain, like internal.domain.tld in my router and point that to the samba ad-dc.
> Otherwise if the internet DNS responds first, it takes
> precedence over the DC response. My DNS service resolves any subdomain not
> known back to my WAN IP. If your internal domain is a subdomain of your external
> domain (as the best practice is) then this could be a problem.
Yes, it can but it totaly depends on how you use it and how you setup it up.
Also, the office dns setup is different then the one i use at home.
For example in the office it looks like this.
Caching and forwarding dns server on my proxy server.
The samba primary and reverse zones are forwarded in the proxy to the samba-ad-dc dns.
The external office domain is forwarded to the internet dns server.
And ON the servers, not connected to WAN, all point to
Sambadns1
Sambadns2
Internetdns
> >
> > Or in your router as ip/dns forwarder if possible.
> > If you can add a forward zone in you router for example.
> > Like internal.domain.tld and forward that your samba-ad-dc
> I suggested that a week or two back with dnsmasq with dnsmask
> being the primary resolver but forwarding anything with
> internal.domain.tld to the DC but Rowland didn't like it.
> It also risks a DNS loop if the DC then uses the router as
> its upstream resolver if you try to resolve
> somedevice.internal.domain.tld which does not exist in the DC.
Yes, Rowland might not like it, but it does work.
And no, in dnsmask you should setup to forward internal.domain.tld + reverse to the samba ad-dc.
Only i dont know dnsmasq that good, i only use Bind9.
I hope you can use the info.
> >
> >
> >>
> >> I saw this discussion (
> >>
> https://lists.samba.org/archive/samba/2020-August/231345.html) between
> >> Louis and Rowland but didn't know if it might apply to my
> situation.
> >
> > Ah, thats not a discussion, its just me telling, you can
> chainlink as many dns servers as you want.
> > But wize, no offcours not.
> >
> >>
> >> ~# cat /etc/netplan/50-cloud-init.yaml
> >> # This file is generated from information provided by
> >> # the datasource. Changes to it will not persist across
> an instance.
> >> # To disable cloud-init's network configuration capabilities,
> >> write a file
> >> # /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with
> >> the following:
> >> # network: {config: disabled}
> >> network:
> >> version: 2
> >> ethernets:
> >> eth0:
> >> dhcp4: false
> >> addresses: [192.168.0.11/16]
> >> gateway4: 192.168.0.200
> >> nameservers:
> >> search: [mydom.samdom.com]
> >> addresses: [192.168.0.11, 192.168.0.14,
> 192.168.0.200]
> >>
> >> 192.168.0.11 is this server
> >> 192.168.0.14 is another AD DC
> >> 192.168.0.200 is a router/gateway
> >
> > Nothing wrong with this.
> >
> > What i did for my home network.
> >
> > 1 samba ad-dc + dns
> > 1 router + dns forwarders
> >
> > I added the samba primary dns domain to the resolver
> settings in the router.
> > So internal.domain.tld > ip_samba_dns
> > (if you router is capable)
> >
> > Pc is set to, dns1 samba, dns2 router.
> > Samba turned off, fine, dns2 forwards to the internet.
> > Samba up again, fine, dns1 forards to the internet.
> >
> > Good luck,
> >
> > Greetz,
> >
> > Louis
> >
> >
> >
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list