[Samba] DNS forwarding. WAS: disable automatic creation of computer accounts
Rowland Penny
rpenny at samba.org
Fri Nov 5 10:28:54 UTC 2021
On Fri, 2021-11-05 at 11:21 +0100, Angel Bosch Mora via samba wrote:
> > DON'T, JUST DON'T
> > Your AD DC's have to be authoritative for the AD dns domain, by all
> > means let your clients use another dns server, but that dns server
> > should forward anything for the AD dns domain (you are using a
> > subdomain, aren't you) to a DC.
> >
>
> just to confirm: is enough with forwarding AD subdomain resolution to
> DC in my current DNS server?
>
> there's a lot of docs saying that you should always point to DC
> directly.
>
> and what about SRV entry?
> I guess I must create something similar to
> _ldap._tcp.samdom.example.com in my DNS server, right?
No, everything must be in AD, you forward everything to do with 'AD'
from your external dns server to a DC.
Rowland
More information about the samba
mailing list