[Samba] Member join, dns issues

Greg Sloop <gregs@sloop.net> gregs at sloop.net
Thu Feb 24 19:01:08 UTC 2022


None of the 2nd level FQDN's have anything to do with the AD.

I don't want to get into a huge digression about IP blocks. But we're using
more than half a dozen /23's. (Multi-location campus setup with /23's
assigned to each unit, along with other blocks and some reserved for future
use.)

This isn't as simple as picking a /24 and using it for the AD structure.

So, again, how important are the reverses?
What-for or how are they used?

On Thu, Feb 24, 2022 at 10:46 AM Rowland Penny via samba <
samba at lists.samba.org> wrote:

> On Thu, 2022-02-24 at 10:30 -0800, Greg Sloop <gregs--- via samba
> wrote:
> > They *are* the 3rd level domain masters.
> >
> > So they're authoritative for
> > AD.SOMEDOMAIN.COM.
>
> Good
>
> >
> > But we also have records in
> > SOMEDOMAIN.COM, and the AD servers are NOT authoritative for that
> > zone.
>
> The AD DCs shouldn't be authoritative for anything outside the AD dns
> domain.
> I presume that all the 'SOMEDOMAIN.COM' records have nothing to do with
> your AD, if not, what are they ?
>
> >
> > All DNS lookups will be to the BIND servers, not the AD servers - but
> > we'll
> > forward all queries for *.AD.SOMEDOMAIN.COM to the AD servers.
>
> That is a good accepted practice.
>
> >
> > The IP blocks we use are not allocated-to/owned-by the AD servers.
> > (And
> > likely never will be.)
>
> That could be a mistake, perhaps you should have used a different block
> (10.0.0.0/24 instead of 192.168.1.0/24).
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


More information about the samba mailing list