[Samba] samba_dlz: add another A record for domain (@ record)
Rowland Penny
rpenny at samba.org
Sun Mar 13 19:23:32 UTC 2022
On Sun, 2022-03-13 at 19:43 +0100, Dario Lesca wrote:
> First of all, thank you Rowland for your detailed answers and spend
> some time for reply to me.
>
> Il giorno dom, 13/03/2022 alle 14.56 +0000, Rowland Penny via samba
> ha
> scritto:
> > Try reading this:
> > https://wiki.samba.org/index.php/Active_Directory_Naming_FAQ
> >
> > It explains the situation.
>
> Ok, thanks I will do it as soon as possible, but now I want to
> clarify
> a few things.
>
> > Yes, but where was it pointing from ? Your AD DC's or your non AD
> > dns
> > server that appears to be using the same dns domain as your AD.
>
> My AD DC server is also my DNS server of my network.
> There is not a "not AD dns server", one server, 192.168.1.100, which
> does both jobs: AD DC and DNS (and also DHCP)
>
> $ host -tNS domain.loc
> domain.loc name server s-addc.domain.loc.
>
> $ host -tA s-addc.domain.loc
> s-addc.domain.loc has address 192.168.1.100
>
> Another server is the web server (192.168.1.20) and I want point to
> it
> the record A named "domani.loc", without use other name like
> "www.domain.loc" or "intanet.domain.loc"
>
> > The '@' is the SOA
> Ok, I was wrong, let's not call it @, let's call it "domain.loc"
>
> $ host -tSOA domain.loc
> domain.loc has SOA record s-addc.domain.loc. hostmaster.domain.loc.
> 25102 900 600 86400 3600
>
> I want to change the A record of "domain.loc" value, as I have
> already
> done in another network with a Microsoft AD DC.
>
> > From my understanding of what you posted, you have at least one
> > Samba
> > AD DC (which should be the dns server for the AD ) and another dns
> > server that is also using the same domain. If this is the case,
> > you
> > shouldn't be doing this.
>
> there is no other dns, only a AD DC + DNS for my network.
>
> > No, mainly because of two things, a Samba DC is setup to create any
> > missing dns records and the '@' record should show each DC as being
> > the dns domain master (it is known as multi-master).
>
> Ok, leave aside @ I mean the A record of the "domain.loc", not the
> SOA
> record, SOA recod point to my AD DC server and is correct.
>
> > I suggest you turn off the non-AD dns server.
>
> See above
>
> > No, it is Samba acting correctly.
>
> Ok, that's all
>
> Otherwise an Microsoft AD DC, with Samba AD DC it's not possible to
> change the value for the domain A record ( "domain.loc" ) and point
> it
> to another server.
>
> But for this network, I should make "domain.loc" resolution point to
> 192.168.1.20, web server, rather than 192.168.1.100, AD DC server.
>
> If I run
>
> sudo samba-tool dns update s-addc.domain.loc domain.loc domain.loc A
> 192.168.1.100 192.168.1.20
>
> Work, the resolver of "host domain.loc" return the new IP.
> But after few minutes it return to point to 192.168.1.100, the AD DC
> server.
A dns server uses 'zones', in your case, 'domain.loc' is the forward
zone. Zones have SOA records '@' and these have 'A' records. I have two
DC's and if I check the SOA 'A' record for the forward zone, I find
that there are two, one for each DC. Windows AD might be able to do
what you require, but I do not think that Samba can. You could try a
CNAME, but this would mean using something like 'www.domain.loc'
Rowland
More information about the samba
mailing list