[Samba] Provisioning new AD Domain Controller

Mark Foley mfoley at novatec-inc.com
Sun Jan 21 16:11:02 UTC 2024


On Sun Jan 21 03:08:25 2024 Rowland Penny via samba <samba at lists.samba.org> wrote:
>
> > # samba-tool dns delete mail 1.168.192.in-addr.arpa 2 PTR
> > mail.hprs.local Password for [administrator at HPRS.LOCAL]:
> > ERROR(runtime): The record does not exist
> >
> > I must still be doing something wrong.
>
> Yes, you didn't say that you you wanted to remove a reversezone,

Ok, I did:

samba-tool dns zonedelete mail 1.168.192.in-addr.arpa

and that took care of that problem!

> > So, why can the DC resolve <host>.hprs.local? Does each host on the
> > domain need to have an A record added on the DC? I.e. these are not
> > resolved automatically?
>
> Oh, yes, every domain member must have a record stored in AD, ...
>
> Active Directory relies on dns and as such, every AD DC is a dns
> domain master, it is referred to as 'multi-master'.
>
> Rowland

Huh! So I have to manually create an A record for each domain member?

With the old domain on Samba 4.8.2, provisioned with BIND9_FLATFILE, I ran bind,
and dhcpd. dhcpd.conf had the settings "ddns-updates on", which dynamically
updated the A records in the DC when a domain member joined. I didn't have to
manually create DNS records.

Currently, I am not running dhcpd (yet, baby steps), but would the "ddns-updates
on" do the same on this DC (Samba 4.18.9) provisioned with SAMBA_INTERNAL? What
if I had provisioned with BIND9_DLZ instead?

--Mark



More information about the samba mailing list