[Samba] DNS forwarding. WAS: disable automatic creation of computer accounts
Angel Bosch Mora
abosch at imasmallorca.net
Fri Nov 5 12:14:19 UTC 2021
> We have an internal dns resolver, that is provided to our internal
> clients through the dhcp.
>
> This internal resolver uses external resolvers (9.9.9.9) for
> everything,
> except for the samba zone ad.company.com. For everything in that
> specific zone, it talks to our samba DCs.
>
yeah, it's pretty similar to my own setup with powerdns.
just adding a line to pdns-resolver configuration makes the forward run:
+adssm.imasmallorca.net=172.16.236.7
my doubts were regarding initial DNS talk between Win machines and DNS because in the past I got some messages regarding SRV entries like _ldap._tcp.dc._msdcs.MYDOMAIN
by the way, what's de difference between _ldap._tcp.dc._msdcs.MYDOMAIN and _ldap._tcp.MYDOMAIN ?
and one last question/request: what's the logic behind requiring credentials for 'samba-tool dns' commands?
from administration point of view it's a lot more dangerous/insecure to add users and groups and that subcommand don't ask for any user/password.
so I don't get why that particular subset of actions require specific credentials.
best regards,
abosch
-- Institut Mallorqui d'Afers Socials. Aquest missatge, i si escau, qualsevol fitxer annex, es dirigeix exclusivament a la persona que n'es destinataria i pot contenir informacio confidencial. En cap cas no heu de copiar aquest missatge ni lliurar-lo a terceres persones sense permis expres de l'IMAS. Si no sou la persona destinataria que s'hi indica (o la responsable de lliurar-l'hi) us demanam que ho notifiqueu immediatament a l'adreca electronica de la persona remitent. Abans d'imprimir aquest missatge, pensau si es realment necessari.
More information about the samba
mailing list