[Samba] several offices: home dirs, local resources, ...

Kris Lou klou at themusiclink.net
Mon Nov 21 18:06:49 UTC 2022

Another (potentially simpler, but less secure?) way of dealing with this
might be some sort of split-horizon DNS:

* Point your clients at a different (internal, per site) DNS Server (DNS-A)
* Have this DNS Server (DNS-A) refer samdom.tld requests to your AD-DC, and
all others upstream.
* Configure specific CNAME overrides and redirections on DNS-A, i.e.
fs.samdom.tld to site1-fs.samdom.tld

This way, your DC only handles AD-related DNS queries, but requests to
fs.samdom.tld should never get that far.

I've done this with site-specific fileshares, and also routing traffic over
a VPN instead of over the public internet.

Kris Lou
klou at themusiclink.net


More information about the samba mailing list