[Samba] Samba and DNSSEC?

Joachim Lindenberg samba at lindenberg.one
Thu Jan 16 08:28:45 UTC 2025


There are occasional questions on DNSSEC support:

https://lists.samba.org/archive/samba/2013-September/175620.html

https://lists.samba.org/archive/samba/2015-September/194351.html

https://lists.samba.org/archive/samba/2019-July/224293.html

https://lists.samba.org/archive/samba/2023-December/247518.html 

But I haven´t noticed any definite answer nor any documentation on Wiki.

 

My understanding is, that bind would be able to sign any static content, however samba essentially serves content from the database unsigned, no matter which backend configuration (SAMBA_INTERNAL or BIND9_DLZ) is used. DNSSEC could probably be added via an additional DNS-Server that uses Samba „upstream“ and signs responses from Samba only.

 

Correct? Any pointers appreciated.

 

Thanks,

Joachim

 

 



More information about the samba mailing list