[Samba] Understanding internal DNS usage on Samba 4

[Rowland penny]

On 25/03/2021 22:07, Lou via samba wrote:
> Hello,
>
> I'm currently studying migration from Samba 3 to Samba 4 (NT4 to AD).  
> Using classic upgrade [1].
>
> Currently (alongside with our Samba 3 PDC), we have a heterogeus 
> environment with external DNS servers:
>
> ns1.example.com
> ns2.example.com
> ns3.example.com
> ns4.example.com
>
> Currently, our DHCP server supplies the IPs of these servers for 
> clients.  We have all servers (and PDC) correctly registered on these 
> servers. They are four so we can keep up with the load and for 
> geographic reasons.


You can still use your DHCP servers, your Windows clients can update 
their own records in AD, your DC's should have fixed IP's, your only 
problem would be Unix clients and you can script around them.

>
> Why, in Samba 4, are clients required to use Samba DNS resolver?


Because every AD DC running a dns server is authoritative for AD dns 
domain and holds all the AD dns records (they are in AD)

>
>
> It seems Samba 4 uses DNS while Samba 3 does not, and requires that 
> all clients to use it, but that would break our architecture because 
> there would be a single point of failure (unless we setup more than 
> one PDC).


No, you do not even set up one PDC, that is what you have now, AD uses 
DC's which are all equal except for the FSMO roles (and they can be on 
any DC) and yes, it is recommended to install multiple DC's

>
> We can configure the PDC to forward queries to them with smb.conf 
> option "dns forwarder" [2] and use several PDC to mimic the 
> architecture we have today, but I was wondering why are clients 
> required to use Samba 4 DNS.


Do it the other way, continue to use your existing dns servers and get 
them to forward the AD dns domain searches to AD DC's. I would also 
suggest using Bind9 if you do run multiple DC's  (I would also suggest 
running multiple DC's)

Rowland