[Samba] Provisioning new AD Domain Controller

Mark Foley mfoley at novatec-inc.com
Fri Dec 1 06:38:55 UTC 2023 

On Thu Nov 30 14:10:39 2023 Mark Foley via samba <samba at lists.samba.org> wrote:
>
> On Thu Nov 30 13:38:35 2023 Rowland Penny via samba <samba at lists.samba.org> wrote:
> >
> > On Thu, 30 Nov 2023 13:05:08 -0500
> > Mark Foley via samba <samba at lists.samba.org> wrote:
> >
> > > The wiki
> > > https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller#Create_a_reverse_zone
> > > says, "For a DC with the FQDN of dc1.samdom.example.com and the
> > > ipaddress of 10.99.0.1, to add a record to the 0.99.10.in-addr.arpa
> > > ..."
> > > 
> > > Is this correct or should the rDNS PTR be 1.99.10.in-addr.arpa? 
> > > 
> > > I just want to make sure this isn't a typeo.
> > > 
> > > Thanks --Mark
> > > 
> >
> > No it isn't a typo, but it is just an example which will give you 255
> > clients.
> >
> > From the given example '10.99.0.1', you would take the first three
> > octets '10.99.0' and reverse them '0.99.10', add '.in-addr.arpa' to get
> > '0.99.10.in-addr.arpa' and this would be the name for the reversezone.
> >
> > If you require more clients, just take less octets e.g. '10.99' would
> > give you '99.10.in-addr.arpa'
> >
> > Rowland
>
> OK, thanks. I didn't know that. I just wrote another email to Dave questioning
> this. I'll move forward with the 3-octet version.
>
> Thanks --Mark

Following up on this, not understanding the 'three octets' principle as described
by Rowland, I previouly did the zone create as:

samba-tool dns zonecreate 182.168.0.2   2.0.168.192.in-addr.arpa  (i.e. entire IP address)

doing 'samba-tool dns zonelist 192.168.0.2' gives (plus others):

  pszZoneName                 : 2.0.168.192.in-addr.arpa
  Flags                       : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE 
  ZoneType                    : DNS_ZONE_TYPE_PRIMARY
  Version                     : 50
  dwDpFlags                   : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED 
  pszDpFqdn                   : DomainDnsZones.hprs.locl

Should I delete this zone and recreate with "0.168.192.in-addr.arpa"? If so, what
should I use for <Your-AD-DNS-Server-IP-or-hostname>? (my DC is dc1.hprs.locl).
This template example says "or-hostname", so would that be just "dc1" and not
the FQDN? If I'm interpreting this correctly,
"<Your-AD-DNS-Server-IP-or-hostname>" should be either "182.168.9.2" or "dc1",
right? Which specification is preferable? IP or hostname?

Thanks --Mark

More information about the samba mailing list