[Samba] Dynamic DNS updates from Windows 10 workstations

Allen Chen achen at harbourfrontcentre.com
Fri Apr 9 19:04:11 UTC 2021

On 4/9/2021 11:41 AM, Rowland penny via samba wrote:
> On 09/04/2021 16:07, Allen Chen via samba wrote:
>> Hi Rowland,
>> Thank you for answering my questions. First of all I am following 
>> Samba 4 docs, and not doing any funny things with Samba 4 AD DC and 
>> company  DHCP and DNS. I added more details here:
>> 1. company DHCP and DNS exist before we introduce Samba 4 AD. DHCP 
>> updates DNS. So each PC has a dynamic ip registered in DNS with its 
>> name like PCxxxx.DOMAIN1.ANY.
>>     DHCP and DNS works perfect. When PC moves to another subnet, DHCP 
>> updates the A record immediately into DNS server.
> For your original dns, that was perfectly okay.
>> 2. then we added Samba 4 AD to the company network, which has its own 
>> domain name like DOMAIN2.ANY.
> It would probably have been better to use something like 'ad.domain1.any'
We don't have a choose to change the AD domain. We have to use it as is 
like domain2.any.
Company DNS and DHCP has nothing to do with AD. Company DNS just 
forwards AD query to AD server. We have this configuration changes in 
company DNS server.
>>     Company DNS server forwards DOMAIN2.ANY query to Samba 4 AD, and 
>> windows clients still use the company DNS server. Each PC has a name 
>> in Samba 4 AD like PCxxx.DOMAIN2.ANY.
>>     This also works perfect. So we do have two names for each PC. If 
>> I did something wrong, please correct me.
> OK, you should use CNAME's instead, or better still, just use one FQDN 
> for each client.
I don't understand what you mean by using CNAME. or how do you configure 
> The Samba AD DC's are authoritative for their dns domain and so your 
> AD clients must use them for their dns requests, this doesn't mean 
> directly. You can use another dns server, but this dns server must 
> just forward any AD dns requests to an AD DC.
This is what we are doing now. Company DNS servers forward AD 
query(domain DOMAIN2.ANY) to AD DC. Nothing wrong here, I think.
>> The problem is when I move a PC to another subnet(IP changed), samba4 
>> AD DC doesn't reset the ip in its built-in DNS immediately in AD 
>> domain DOMAIN2.ANY, and company DNS resets the ip immediately in 
>> domain DOMAIN1.ANY. But I do see the ip or some ips get changed late 
>> in AD, when? and how? sometimes not changed at all? We ended up a PC 
>> with two IPs: company DNS sever holds the latest IP, and Samba 4 AD 
>> holds the old IP which is not correct.
> This is an artefact of running the dns in the way you are doing, the 
> clients are either updating the records in the company dns or not 
> updating records at all and the dhcp server is updating them in the 
> company dns. It looks like nothing is updating the dns records in AD.

So  the problem must be here. How do Windows clients update/register its IP?

  Windows clients either update company DNS(we don't care, because DHCP 
will update company DNS anyway),

or update AD built-in DNS directly. But we do see AD update its built-in 
DNS later, and sometimes it doesn't update the AD built-in DNS at all.  
This is not good.

Is there a way to configure DHCP to register ip in AD built-in DNS?



> Rowland

More information about the samba mailing list