Web lists-archives.com

Re: [Samba] DNS (bind_dlz) forwarding not working




On Fri, 19 May 2017 08:55:11 -0300
Elias Pereira <empbilly@xxxxxxxxx> wrote:

> Thanks.
> 
> I was able to verify through the following command:
> 
> *samba-tool dns query localhost yourdomain.lan @ ALL -U administrator*
> 
> --------------
> 
> Rowland,
> 
> Some time ago I had made some questions about dns with samba4. In the
> topic below you say:
> 
> "I would suggest you create a sub domain of your main domain (this is
> recommended anyway) i.e. if your main domain is called 'company.com',
> create a sub domain called 'samba.company.com'. Use the sub domain for
> your AD domain and forward anything outside the sub domain to your
> main DNS servers.
> 
> Rowland"
> https://lists.samba.org/archive/samba/2016-July/201497.html
> 
> Ok. I created the subdomain for the samba.
> 
> *addc.mydomain.edu <http://addc.mydomain.edu>*
> 
> Use the sub domain for your AD domain and forward anything outside
> the sub
> > domain to your main DNS servers.
> 
> 
> How would I do that? I thought I was already doing this with the
> settings I already posted on this thread. :D
> 

Unless I misunderstood what you have posted, you initially had some of
the AD dns domain records stored in your main dns server.

When you initially set up an AD domain, you need to choose a dns
domain name to use. If you already have a registered domain, you
should not use this for your AD dns domain, you should create a
subdomain name and use this. 

So, if your registered domain is 'example.com', you could use
'ad.example.com' for the AD dns domain. You would use this when
provisioning the new AD domain, this would mean that the kerberos realm
would be 'AD.EXAMPLE.COM'. You would only store the AD dns records in
AD on the DC, nowhere else.

This way (provided you set the AD clients to use the AD DC as their
dns nameserver) your clients ask the DC for their dns info, anything
that the DC doesn't know about (an external website for instance), it
would ask the forwarder you set in smb.conf if using the internal dns
server, or the forwarder set in named.conf if using Bind9.

Most people use something like google for the forwarder, but there is
nothing stopping you using an original dns server, provided it doesn't
hold any of your AD dns records and is setup to forward anything it
doesn't know. You should also never set any of the AD dns servers to
'forward first'

Rowland 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba