[Samba] Samba DC and DNS

[Vladimir Mokrozub]

07.04.2025 16:17, Michael Tokarev via samba wrote:
> 07.04.2025 14:12, Vladimir Mokrozub via samba wrote:
>> Hello, I'm new to Samba DC and I have a question regarding DNS:
>>
>> we have DNS and DHCP servers, DNS dynamic updates are controlled by 
>> DHCP when clients request IP addresses. There're a lot of zones in 
>> DNS and we need to create a domain in one of these zones.
>> If I understand correctly Samba can't use external DNS, you must have 
>> DNS on the same server as Samba, either internal or bind.
>>
>> The question is: if we move the zone to the Samba server, can we keep 
>> our DHCP-DNS update configuration? We'd like DHCP to be the only one 
>> updating DNS records of all computers including domain members.
>
> In this case, personally I would suggest just avoid samba
> DNS entirely and rely solely on your existing infrastructure.
> Especially if your samba server setup is more or less static,
> so it doesn't change often.
>
> Contrary to multiple claims (which - I suspect - comes from the
> same source), there's no *requirement* to tie MS AD and DNS
> together, because DNS records set is not "dynamic enough", that
> is, it only changes when you add/remove DCs sites, or transfer
> some roles between DCs - basically, only after known set of
> operations.  It's rather easy to manage this RR set in external
> DNS manually, without even turning on dynamic DNS updates.
>
> Samba keeps list of RRs on each DC in 
> /var/lib/samba/private/dns_update_cache
> file.  You convert this file into regular zone file format with
> a one-liner sed or shell script and add the resulting RRs to
> your DNS, whatever it is.  That's all.
>
> And oh, also disable dns updates in samba, so it does not try to
> update the RRs dynamically every 30m or so (apparently because
> samba internal DNS is unreliable and can't keep records for more
> than 30m ;)
>
> Thanks,
>
> /mjt
>
Thank you!

-- 
Regards, Vladimir Mokrozub