[Samba] Removing DC's IP from the @ IN A DNS entries

Robert Marcano robert at marcanoonline.com
Mon Aug 30 13:24:24 UTC 2021 

On 8/30/21 9:15 AM, Daniel Berteaud wrote:
> Sorry, just back from vacation 😉
> 
> OK, users might want to reach \\ad.example.com\resource 
> <\\ad.example.com\resource>
> 
> But what if they want https://ad.example.com/ , which seems more common 
> (at least, for my use). Without installing a webserver on the DC just to 
> handle a 302
> 
> There's really no way to have the root A entry pointing on something 
> else than the DC controlers ?

Not that I know of, but maybe instead of installing a web server on the 
DC, why not add a port redirection (iptables/nftables), if the only 
thing you are doing is a redirect, it should handle if fine.

> 
> Regards,
> Daniel
> 
> 5 Avenue Georges Bataille, 60330 Le Plessis Belleville  Tél. : 0 359 360 000
> 
> Horaires : lundi au vendredi 9h-12h et 13h30-17h00
> 
> /__/
> 
> /_Pour toute demande technique merci d’écrire à_/_/technique at iptek.fr/ 
> <mailto:technique at iptek.fr>_/__/
> 
> /__/
> 
> 
> ------------------------------------------------------------------------
> *De :* samba <samba-bounces at lists.samba.org> de la part de Robert 
> Marcano via samba <samba at lists.samba.org>
> *Envoyé :* vendredi 6 août 2021 19:40
> *À :* samba at lists.samba.org <samba at lists.samba.org>
> *Objet :* Re: [Samba] Removing DC's IP from the @ IN A DNS entries
> On 8/6/21 12:18 PM, Daniel Berteaud via samba wrote:
>> Hi
>> 
>> I'm running a Samba4 domain (AD style) with the internal DNS backend.
>> Most things are working great but I have an issue : the DC's IP (I have two of them) are automaticaly added as @ IN A entries
>> I want to set it to another host (mainly for web access which should point on my reverse proxy). I can add other @ IN A entry, but if I remove the ones corresponding to the DC, they are automatically added back a few minutes later. How can I avoid that ?  AFAIK, DC are not required to be listed in the @ IN A entry
> 
> I am not sure that isn't required, because A/AAAA records on
> ad.example.com (being that your AD domain) should be resolvable or
> things like \\ad.example.com\resource <file://\\ad.example.com\resource> 
> (Windows) or
> smb://ad.example.com/resource (*nix) would not work, being resource some
> Distributed File System link to another server or servers
> 
>> 
>> How can I handle this, and prevent the DC's IP to be added back ?
>> 
>> @ IN A 10.118.5.10   # This is the entry I've added, which should be the only one
>> @ IN A 10.113.3.11   # This is the IP of the 1st DC, which is added back if removed
>> @ IN A 10.113.3.12   # This is the IP of the 2nd DC, which is added back if removed
>> 
>> Regards,
>> Daniel
>> 
>> 
>> 
>> 
>> 
>> 
>>   --
>> 
>> 5 Avenue Georges Bataille, 60330 Le Plessis Belleville  Tél. : 0 359 360 000
>> 
>> Horaires : lundi au vendredi 9h-12h et 13h30-17h00
>> 
>>   
>> 
>> Pour toute demande technique merci d’écrire à technique at iptek.fr
>> 
>>   
>> 
>> 
>> 
>> 
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba 
> <https://lists.samba.org/mailman/options/samba>

More information about the samba mailing list