[Samba] Dynamic DNS updates from Windows 10 workstations

Rowland penny rpenny at samba.org
Fri Apr 9 15:41:03 UTC 2021 

On 09/04/2021 16:07, Allen Chen via samba wrote:
> Hi Rowland,
>
> Thank you for answering my questions. First of all I am following 
> Samba 4 docs, and not doing any funny things with Samba 4 AD DC and 
> company  DHCP and DNS. I added more details here:
>
> 1. company DHCP and DNS exist before we introduce Samba 4 AD. DHCP 
> updates DNS. So each PC has a dynamic ip registered in DNS with its 
> name like PCxxxx.DOMAIN1.ANY.
>
>     DHCP and DNS works perfect. When PC moves to another subnet, DHCP 
> updates the A record immediately into DNS server.


For your original dns, that was perfectly okay.

>
> 2. then we added Samba 4 AD to the company network, which has its own 
> domain name like DOMAIN2.ANY.


It would probably have been better to use something like 'ad.domain1.any'

>
>     Company DNS server forwards DOMAIN2.ANY query to Samba 4 AD, and 
> windows clients still use the company DNS server. Each PC has a name 
> in Samba 4 AD like PCxxx.DOMAIN2.ANY.
>
>     This also works perfect. So we do have two names for each PC. If I 
> did something wrong, please correct me.


OK, you should use CNAME's instead, or better still, just use one FQDN 
for each client.

The Samba AD DC's are authoritative for their dns domain and so your AD 
clients must use them for their dns requests, this doesn't mean 
directly. You can use another dns server, but this dns server must just 
forward any AD dns requests to an AD DC.

>
> The problem is when I move a PC to another subnet(IP changed), samba4 
> AD DC doesn't reset the ip in its built-in DNS immediately in AD 
> domain DOMAIN2.ANY, and company DNS resets the ip immediately in 
> domain DOMAIN1.ANY. But I do see the ip or some ips get changed late 
> in AD, when? and how? sometimes not changed at all? We ended up a PC 
> with two IPs: company DNS sever holds the latest IP, and Samba 4 AD 
> holds the old IP which is not correct.


This is an artefact of running the dns in the way you are doing, the 
clients are either updating the records in the company dns or not 
updating records at all and the dhcp server is updating them in the 
company dns. It looks like nothing is updating the dns records in AD.

Rowland

More information about the samba mailing list