[Samba] AXFR transfer: SRV for DC missing
Rowland Penny
rpenny at samba.org
Wed Oct 29 09:39:17 UTC 2025
On Wed, 29 Oct 2025 00:51:21 +0100
Markus Gschwendt via samba <samba at lists.samba.org> wrote:
> On Tue, 2025-10-28 at 09:18 +0000, Rowland Penny via samba wrote:
> > On Tue, 28 Oct 2025 03:02:34 +0100
> > Markus Gschwendt via samba <samba at lists.samba.org> wrote:
> >
> > >
> > > It did read this some time ago and I don't remember the source -
> > > sorry. But good to know it should still work in Trixie.
> > > However, the upgrade was necessary because we could not join Win11
> > > 24H2 clients and we thought its time to migrate to AD anyways.
> >
> > The time, in my opinion, was more than 5 years ago, if not longer.
> > >
>
> I fully agree. We started around 2016 but it took some time...
Nine years ?? Do you work for a government department ?
>
> > >
> > > ...
> > > We really don't want the Samba server to be our central DNS
> > > system.
> >
> > It doesn't have to be, but as AD lives and dies on DNS, the DC(s)
> > need
> > to be 'central' for your AD domain clients. The DC(s) need to be the
> > first port of contact for the domain clients, anything unknown e.g.
> > www.google.com is forwarded to an external DNS server.
> >
> > > Separating services is the main reason. (Security, debugging, ...)
> > > Maybe a discussion for another thread.
> >
> > In my opinion you are setting yourself up for a lot pain.
>
> DNS is designed to be a distributed system and the whole internet as
> we know it today lives an dies on DNS. But not every service
> (webserver email, chat,...) has to bring it's own DNS server.
Active directory is basically composed of three components, ldap,
kerberos and dns, if you do not get the dns correct, nothing else works.
Experience has shown that it is best to use Samba AD DCs for the
clients nameservers, anything unknown is forwarded to an external dns
server.
>
> It works great when samba transfers its DNS records to the central DNS
> infrastructure like all other master and hidden master servers do.
Yes but AD DCs are a bit special, they are ALL dns masters, it is so
special a new term was created for it, they are called multi-masters.
>
> And I'm really happy we can do it that way with Samba. Thanks for that
> great piece of software!
> There are lots of reasons not to use those monolithic systems from M$.
If you are running something that is trying its best to be the same as
Windows AD, then you really need to run it in the same way.
Rowland
More information about the samba
mailing list