Re: [Samba] Samba AD Best Practice (DNS)
- Date: Fri, 20 Oct 2017 10:25:04 -0700
- From: Luke Barone via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] Samba AD Best Practice (DNS)
What do you need that the internal samba DNS server can't do?
On Oct 20, 2017 9:32 AM, "Pat Suwalski via samba" <samba@xxxxxxxxxxxxxxx>
> On 2017-10-13 06:09 PM, Jon Gerdes via samba wrote:
>> There's no such thing as "best practice" - there's good and bad
>> practice and I hope that here (Samba ML) you will get some good advice,
>> in return for a good question.
> Thanks for this very thoughtful reply.
> The environment you describe, to me, implies that it would be best if
>> you simply "fit in". You can but it will take a bit of work (not too
>> much). It does not matter where DNS comes from, provided it gives the
>> correct answers to client queries. So, you will have to get your new
>> Samba DC's DNS records set up on the dnsmasq system. I don't think
>> that dnsmasq can do dynamic DNS apart from perhaps registering DHCP
>> leases as DNS entries. You will also have to set the gateway as your
>> Samba box's DNS in /etc/resolv.conf (or via resolvconf) and not use the
>> Samba DNS implementation.
> That is correct. dnsmasq registers all of the DNS leases it hands out, so
> that part is basically in-line with what the AD server's DNS does for the
> Windows clients.
> The part about the DNS server is the sticky point. It's currently set to
> itself (the Samba DNS server). I'm worried that changing that might break
> something in Samba itself.
> The whole point of this is that is is generally a good (may be not the
>> best in all cases) idea to have all systems on one network to have a
>> single view of DNS. Your colleagues seem to have already stipulated
>> dnsmasq and I would roll with that - fit in. Its not my preferred
>> solution but will work fine with some care.
> Well, whether it be dnsmasq or bind, we need more functionality than the
> Samba DNS server provides. The goal at this point. as you surmised, is to
> fit in to the existing system.
> Before you get going with Samba, the box must have time in sync with
>> the other DCs and be able to DNS resolve all the relevent addresses.
>> # ntpq -p
> We run NTP everywhere, so that's in sync.
> $ dig example.co.uk
>> Should return DC IPs
>> You'll need this lot:
> Interesting. I had built up my list by trial and error and it's quite
> different than what is listed there. I don't have an A record at all, and
> my SRV records are not the same at all:
> Then again, I'm only dealing with a single DC, so my entries are aimed
> strictly at clients, and this list seems to work. I might need to add these
> entries if I set my Samba server to use the main DNS server (dnsmasq) as
> Thanks for all the advice. I guess my big takeaway from this is that I
> should, in fact, make my Samba server use the main DNS server, so that
> everything is in-line.
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
To unsubscribe from this list go to the following URL and read the