[Samba] Understanding internal DNS usage on Samba 4

Nico Kadel-Garcia nkadel at gmail.com
Sat Mar 27 21:06:27 UTC 2021

On Thu, Mar 25, 2021 at 6:30 PM Rowland penny via samba
<samba at lists.samba.org> wrote:
> On 25/03/2021 22:07, Lou via samba wrote:
> > Hello,
> >
> > I'm currently studying migration from Samba 3 to Samba 4 (NT4 to AD).
> > Using classic upgrade [1].
> >
> > Currently (alongside with our Samba 3 PDC), we have a heterogeus
> > environment with external DNS servers:
> >
> > ns1.example.com
> > ns2.example.com
> > ns3.example.com
> > ns4.example.com
> >
> > Currently, our DHCP server supplies the IPs of these servers for
> > clients.  We have all servers (and PDC) correctly registered on these
> > servers. They are four so we can keep up with the load and for
> > geographic reasons.
> You can still use your DHCP servers, your Windows clients can update
> their own records in AD, your DC's should have fixed IP's, your only
> problem would be Unix clients and you can script around them.

And put the Samba managed DNS in a subdomain or in a set of
subdomains. *DO NOT* ty to play the "split view" game of "oh, all are
hosts are in company.com in one flat namespace.

> > Why, in Samba 4, are clients required to use Samba DNS resolver?
> Because every AD DC running a dns server is authoritative for AD dns
> domain and holds all the AD dns records (they are in AD)

Don't *mix* them with non-Samba or non-AD DNS domains for merged
domains, that way lies contorted madness. Segregate them by subdomain
if they need to share a DNS top level domain.

> No, you do not even set up one PDC, that is what you have now, AD uses
> DC's which are all equal except for the FSMO roles (and they can be on
> any DC) and yes, it is recommended to install multiple DC's

Sadly, Samba does not currently support zone transfers, so they need
to be multiple domain controllers, not merely slave DNS servers which
could cache the other subdomains.

More information about the samba mailing list