[Samba] Understanding internal DNS usage on Samba 4
Jonathon Reinhart
jonathon.reinhart at gmail.com
Mon Mar 29 05:28:43 UTC 2021
I can also refer you to this post from Andrew Bartlett (Samba 4 AD core
dev):
https://lists.samba.org/archive/samba/2020-May/229863.html
The key point is that it is still recommended (as of 2020 May) to set
up a separate DNS server (like BIND or PowerDNS) and then delegate /
forward the AD zone to Samba DCs. This will provide better overall
performance than having your primary DNS server be Samba (INTERNAL or
BIND9_DLZ), for reasons indicated in that post.
Jonathon
On Sun, Mar 28, 2021, 12:56 Robert Marcano via samba <samba at lists.samba.org>
wrote:
> On 3/25/21 6:07 PM, Lou via samba wrote:
> > Hello,
> >
> > I'm currently studying migration from Samba 3 to Samba 4 (NT4 to AD).
> > Using classic upgrade [1].
> >
> > Currently (alongside with our Samba 3 PDC), we have a heterogeus
> > environment with external DNS servers:
> >
> > ns1.example.com
> > ns2.example.com
> > ns3.example.com
> > ns4.example.com
> >
> > Currently, our DHCP server supplies the IPs of these servers for
> > clients. We have all servers (and PDC) correctly registered on these
> > servers. They are four so we can keep up with the load and for
> > geographic reasons.
> >
> > Why, in Samba 4, are clients required to use Samba DNS resolver?
> >
> > It seems Samba 4 uses DNS while Samba 3 does not, and requires that all
> > clients to use it, but that would break our architecture because there
> > would be a single point of failure (unless we setup more than one PDC).
> >
> > We can configure the PDC to forward queries to them with smb.conf option
> > "dns forwarder" [2] and use several PDC to mimic the architecture we
> > have today, but I was wondering why are clients required to use Samba 4
> > DNS.
>
> Technically the clients don't need to use directly the Samba DNS servers
> only for DNS updates, these DNS server used by the clients need to
> resolve the AD domain. So you can still use the same servers you are
> supplying via DHCP if these DNS servers are able to forward queries to
> the Samba DNS.
>
> If your current servers have connectivity to the Samba DNS, you can ask
> them to be configured to forward your ad.example.com domain, to Samba.
>
> If uo can modify their configuration, then the DHCP has to assign
> anoterh DNS servers, being it your Samba configured with a forwarder. Or
> a new one in front of your current servers and Samba
>
> >
> > There are some discussion about this in the list (like [3]), if there is
> > any documentation/thread about that, could you share?
> >
> > Thanks!
> >
> > [1]
> >
> https://wiki.samba.org/index.php/Migrating_a_Samba_NT4_Domain_to_Samba_AD_(Classic_Upgrade)
> >
> > [2] https://www.samba.org/samba/docs/current/man-html/smb.conf.5.html
> > [3]
> >
> http://samba.2283325.n4.nabble.com/Samba4-using-existing-DNS-and-LDAP-td4652082.html
> >
> >
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list