[Samba] Samba as Active Directory - Linux Client doesn't update DNS

Rowland Penny rpenny at samba.org
Wed Dec 20 14:26:32 UTC 2023


On Wed, 20 Dec 2023 14:31:56 +0100
Tilo Lutz via samba <samba at lists.samba.org> wrote:

> 
> Tilo Lutz via samba <samba at lists.samba.org> wrote:
> > [...] I was able to add the client
> > manually with samba-tool dns add. To me it looks like the linux
> > client never tried to register its dns entry. So my question is: Do
> > I expect something from the linux client that is not done by
> > default? How can I make the linux client to generate/update their
> > DNS records, including IPv4 and IPv6? Thank you very much, Tilo
> On 19.12.2023 08:42, Rowland Penny wrote via samba:
> > A Samba Unix domain member doesn't have the code to update its own
> > dns records.
> >
> > There is a workaround, turn off the dhcp server on the router and
> > read this:
> >
> > https://wiki.samba.org/index.php/Configure_DHCP_to_update_DNS_records
> On 19.12.2023 10:19, Joachim Lindenberg wrote via samba:
> > Or - unless they are "roaming clients" - use static ips for linux 
> > domain members...
> 
> Thank you both for your response. I was unsure if it's normal that
> unix clients won't update the DNS.
> My router is providing DHCP but the IP address of the linux client is 
> set to static.
> therefore, I will just use static IP addresses.
> I want to keep the DHCP on my router because it's easier to manage
> for me
> 
> While inspecting the DNS I saw that the samba active directory domain 
> controller updates it's AAAA records on restart.

It actually checks them every 10 minutes.

> It has 2 addresses,
> one local starting with fd00: and one from my internet uplink
> starting with 2001:.

Why has it got two addresses, it only requires one, unless you are
bonding them.

> The later one will change we the upink is reestablished.

What uplink ?
Please do not say your DC is directly connected to the
internet, this isn't recommended.

> Will samba recognize this and update the record itself?

Possibly, but, as your AD DC is authoritative for the AD dns domain, it
should forward anything outside the AD dns domain to an external
(external to the AD domain that is) dns server, e.g. Googles '8.8.8.8'.

Can I ask (so I can try to understand IPv6 better), why are using IPv6
internally ?
Do you actually have over sixteen and half million clients ?

Rowland



More information about the samba mailing list