[Samba] Dynamic DNS updates from Windows 10 workstations
achen at harbourfrontcentre.com
Fri Apr 9 19:04:11 UTC 2021
On 4/9/2021 11:41 AM, Rowland penny via samba wrote:
> On 09/04/2021 16:07, Allen Chen via samba wrote:
>> Hi Rowland,
>> Thank you for answering my questions. First of all I am following
>> Samba 4 docs, and not doing any funny things with Samba 4 AD DC and
>> company DHCP and DNS. I added more details here:
>> 1. company DHCP and DNS exist before we introduce Samba 4 AD. DHCP
>> updates DNS. So each PC has a dynamic ip registered in DNS with its
>> name like PCxxxx.DOMAIN1.ANY.
>> DHCP and DNS works perfect. When PC moves to another subnet, DHCP
>> updates the A record immediately into DNS server.
> For your original dns, that was perfectly okay.
>> 2. then we added Samba 4 AD to the company network, which has its own
>> domain name like DOMAIN2.ANY.
> It would probably have been better to use something like 'ad.domain1.any'
We don't have a choose to change the AD domain. We have to use it as is
Company DNS and DHCP has nothing to do with AD. Company DNS just
forwards AD query to AD server. We have this configuration changes in
company DNS server.
>> Company DNS server forwards DOMAIN2.ANY query to Samba 4 AD, and
>> windows clients still use the company DNS server. Each PC has a name
>> in Samba 4 AD like PCxxx.DOMAIN2.ANY.
>> This also works perfect. So we do have two names for each PC. If
>> I did something wrong, please correct me.
> OK, you should use CNAME's instead, or better still, just use one FQDN
> for each client.
I don't understand what you mean by using CNAME. or how do you configure
> The Samba AD DC's are authoritative for their dns domain and so your
> AD clients must use them for their dns requests, this doesn't mean
> directly. You can use another dns server, but this dns server must
> just forward any AD dns requests to an AD DC.
This is what we are doing now. Company DNS servers forward AD
query(domain DOMAIN2.ANY) to AD DC. Nothing wrong here, I think.
>> The problem is when I move a PC to another subnet(IP changed), samba4
>> AD DC doesn't reset the ip in its built-in DNS immediately in AD
>> domain DOMAIN2.ANY, and company DNS resets the ip immediately in
>> domain DOMAIN1.ANY. But I do see the ip or some ips get changed late
>> in AD, when? and how? sometimes not changed at all? We ended up a PC
>> with two IPs: company DNS sever holds the latest IP, and Samba 4 AD
>> holds the old IP which is not correct.
> This is an artefact of running the dns in the way you are doing, the
> clients are either updating the records in the company dns or not
> updating records at all and the dhcp server is updating them in the
> company dns. It looks like nothing is updating the dns records in AD.
So the problem must be here. How do Windows clients update/register its IP?
Windows clients either update company DNS(we don't care, because DHCP
will update company DNS anyway),
or update AD built-in DNS directly. But we do see AD update its built-in
DNS later, and sometimes it doesn't update the AD built-in DNS at all.
This is not good.
Is there a way to configure DHCP to register ip in AD built-in DNS?
More information about the samba