On the Samba wiki at https://wiki.samba.org/index.php/Samba_Internal_DNS there is the following: If you have chosen the internal DNS as backend for your environment, there are only two options that can be added to your smb.conf, to control the behaviour of DNS at this point: # Don't allow any updates | allow unsigned updates | only allow signed updates allow dns updates = False | nonsecure | signed # If recursive queries = yes is set, the following is also needed dns forwarder = <ip addr of external dns server> I think the page needs some urgent editing because self contradictions merely create confusion. Specifically, there should be no reference to "recursive queries = yes" in the comment if that is not even a valid option. Alternatively, there could be a comment explaining that the "dns forwarder" automatically actives recursion. While on the subject of internal DNS, why do most functions not work when using the RSAT DNS management tool? Is this situation likely to improve in the near future? We could of course use external Bind, which would allow us to use the existing scripts and commands that we're used to, but that breaks the use of AD tools. regards, John
On 19/08/15 01:57, John Gardeniers wrote:> On the Samba wiki at > https://wiki.samba.org/index.php/Samba_Internal_DNS there is the > following: > > If you have chosen the internal DNS as backend for your environment, > there are only two options that can be added to your smb.conf, to > control the behaviour of DNS at this point: > > # Don't allow any updates | allow unsigned updates | only allow signed > updates > allow dns updates = False | nonsecure | signed > > # If recursive queries = yes is set, the following is also needed > dns forwarder = <ip addr of external dns server> > > > I think the page needs some urgent editing because self contradictions > merely create confusion. Specifically, there should be no reference to > "recursive queries = yes" in the comment if that is not even a valid > option. Alternatively, there could be a comment explaining that the > "dns forwarder" automatically actives recursion.OK, page updated.> > While on the subject of internal DNS, why do most functions not work > when using the RSAT DNS management tool? Is this situation likely to > improve in the near future? We could of course use external Bind, > which would allow us to use the existing scripts and commands that > we're used to, but that breaks the use of AD tools.No idea about the dns functions not working but I use Bind and the AD dns tool works for me. Rowland> > regards, > John >
>> While on the subject of internal DNS, why do most functions not work >> when using the RSAT DNS management tool? Is this situation likely to >> improve in the near future? We could of course use external Bind, >> which would allow us to use the existing scripts and commands that >> we're used to, but that breaks the use of AD tools. > >No idea about the dns functions not working but I use Bind and the AD >dns tool works for me. > >RowlandSame here, samba 4.2.3 with bind dlz, just added about 100 entries with the win7 RATS tools in the dns. Works great. Greetz, Louis>-----Oorspronkelijk bericht----- >Van: samba [mailto:samba-bounces at lists.samba.org] Namens Rowland Penny >Verzonden: woensdag 19 augustus 2015 10:22 >Aan: samba at lists.samba.org >Onderwerp: Re: [Samba] Internal DNS and recursion > >On 19/08/15 01:57, John Gardeniers wrote: >> On the Samba wiki at >> https://wiki.samba.org/index.php/Samba_Internal_DNS there is the >> following: >> >> If you have chosen the internal DNS as backend for your environment, >> there are only two options that can be added to your smb.conf, to >> control the behaviour of DNS at this point: >> >> # Don't allow any updates | allow unsigned updates | only >allow signed >> updates >> allow dns updates = False | nonsecure | signed >> >> # If recursive queries = yes is set, the following is also needed >> dns forwarder = <ip addr of external dns server> >> >> >> I think the page needs some urgent editing because self >contradictions >> merely create confusion. Specifically, there should be no >reference to >> "recursive queries = yes" in the comment if that is not even a valid >> option. Alternatively, there could be a comment explaining that the >> "dns forwarder" automatically actives recursion. > >OK, page updated. > >> >> While on the subject of internal DNS, why do most functions not work >> when using the RSAT DNS management tool? Is this situation likely to >> improve in the near future? We could of course use external Bind, >> which would allow us to use the existing scripts and commands that >> we're used to, but that breaks the use of AD tools. > >No idea about the dns functions not working but I use Bind and the AD >dns tool works for me. > >Rowland >> >> regards, >> John >> > > >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/options/samba > >
19.08.2015 11:43, L.P.H. van Belle пишет:>>> While on the subject of internal DNS, why do most functions not work >>> when using the RSAT DNS management tool? Is this situation likely to >>> improve in the near future? We could of course use external Bind, >>> which would allow us to use the existing scripts and commands that >>> we're used to, but that breaks the use of AD tools. >> No idea about the dns functions not working but I use Bind and the AD >> dns tool works for me. >> >> Rowland > Same here, samba 4.2.3 with bind dlz, just added about 100 entries with the win7 RATS tools in the dns. > Works great.A basic tasks works great, I agree. But there are examples what doesn't works with samba internal DNS: 1. Scavenging. There is the error "This function is not supported on this system" 2. Conditional forwarders. The same error as above. 3. Creating a true static records. When I create any static record it has timestamp and option "Delete this record when it become stale". In true Active Directory static records has timestamps "static" and cannot accidently deletes. It is only that I remembered. When I thoroughly studied samba4 DNS, I found more functions that doesn't works.> > Greetz, > > Louis > > >> -----Oorspronkelijk bericht----- >> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Rowland Penny >> Verzonden: woensdag 19 augustus 2015 10:22 >> Aan: samba at lists.samba.org >> Onderwerp: Re: [Samba] Internal DNS and recursion >> >> On 19/08/15 01:57, John Gardeniers wrote: >>> On the Samba wiki at >>> https://wiki.samba.org/index.php/Samba_Internal_DNS there is the >>> following: >>> >>> If you have chosen the internal DNS as backend for your environment, >>> there are only two options that can be added to your smb.conf, to >>> control the behaviour of DNS at this point: >>> >>> # Don't allow any updates | allow unsigned updates | only >> allow signed >>> updates >>> allow dns updates = False | nonsecure | signed >>> >>> # If recursive queries = yes is set, the following is also needed >>> dns forwarder = <ip addr of external dns server> >>> >>> >>> I think the page needs some urgent editing because self >> contradictions >>> merely create confusion. Specifically, there should be no >> reference to >>> "recursive queries = yes" in the comment if that is not even a valid >>> option. Alternatively, there could be a comment explaining that the >>> "dns forwarder" automatically actives recursion. >> OK, page updated. >> >>> While on the subject of internal DNS, why do most functions not work >>> when using the RSAT DNS management tool? Is this situation likely to >>> improve in the near future? We could of course use external Bind, >>> which would allow us to use the existing scripts and commands that >>> we're used to, but that breaks the use of AD tools. >> No idea about the dns functions not working but I use Bind and the AD >> dns tool works for me. >> >> Rowland >>> regards, >>> John >>> >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> >> >-- With best regards, Tabolin Yuriy System administrator Speech Technology Center
ah yes.. that are the "limitation", but know limitations ( for us ) Rowland, this is something to add on the wiki. (here : https://wiki.samba.org/index.php/DNS_Administration ) ;-) Greetz, Louis>-----Oorspronkelijk bericht----- >Van: samba [mailto:samba-bounces at lists.samba.org] Namens Yuriy Tabolin >Verzonden: woensdag 19 augustus 2015 11:35 >Aan: samba at lists.samba.org >Onderwerp: Re: [Samba] Internal DNS and recursion > >19.08.2015 11:43, L.P.H. van Belle ??????????: >>>> While on the subject of internal DNS, why do most >functions not work >>>> when using the RSAT DNS management tool? Is this situation >likely to >>>> improve in the near future? We could of course use external Bind, >>>> which would allow us to use the existing scripts and commands that >>>> we're used to, but that breaks the use of AD tools. >>> No idea about the dns functions not working but I use Bind >and the AD >>> dns tool works for me. >>> >>> Rowland >> Same here, samba 4.2.3 with bind dlz, just added about 100 >entries with the win7 RATS tools in the dns. >> Works great. >A basic tasks works great, I agree. But there are examples >what doesn't >works with samba internal DNS: >1. Scavenging. There is the error "This function is not supported on >this system" >2. Conditional forwarders. The same error as above. >3. Creating a true static records. When I create any static record it >has timestamp and option "Delete this record when it become stale". In >true Active Directory static records has timestamps "static" >and cannot >accidently deletes. >It is only that I remembered. When I thoroughly studied samba4 DNS, I >found more functions that doesn't works. > > >> >> Greetz, >> >> Louis >> >> >>> -----Oorspronkelijk bericht----- >>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens >Rowland Penny >>> Verzonden: woensdag 19 augustus 2015 10:22 >>> Aan: samba at lists.samba.org >>> Onderwerp: Re: [Samba] Internal DNS and recursion >>> >>> On 19/08/15 01:57, John Gardeniers wrote: >>>> On the Samba wiki at >>>> https://wiki.samba.org/index.php/Samba_Internal_DNS there is the >>>> following: >>>> >>>> If you have chosen the internal DNS as backend for your >environment, >>>> there are only two options that can be added to your smb.conf, to >>>> control the behaviour of DNS at this point: >>>> >>>> # Don't allow any updates | allow unsigned updates | only >>> allow signed >>>> updates >>>> allow dns updates = False | nonsecure | signed >>>> >>>> # If recursive queries = yes is set, the following is also needed >>>> dns forwarder = <ip addr of external dns server> >>>> >>>> >>>> I think the page needs some urgent editing because self >>> contradictions >>>> merely create confusion. Specifically, there should be no >>> reference to >>>> "recursive queries = yes" in the comment if that is not >even a valid >>>> option. Alternatively, there could be a comment explaining that the >>>> "dns forwarder" automatically actives recursion. >>> OK, page updated. >>> >>>> While on the subject of internal DNS, why do most >functions not work >>>> when using the RSAT DNS management tool? Is this situation >likely to >>>> improve in the near future? We could of course use external Bind, >>>> which would allow us to use the existing scripts and commands that >>>> we're used to, but that breaks the use of AD tools. >>> No idea about the dns functions not working but I use Bind >and the AD >>> dns tool works for me. >>> >>> Rowland >>>> regards, >>>> John >>>> >>> >>> -- >>> To unsubscribe from this list go to the following URL and read the >>> instructions: https://lists.samba.org/mailman/options/samba >>> >>> >> > >-- >With best regards, > >Tabolin Yuriy >System administrator >Speech Technology Center > > >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/options/samba > >
Thanks Rowland and everyone else that responded. I just didn't expect the AD tool to work with Bind, so that's a pleasant surprise. Looks like I'll be switching to Bind then. I must say that given that (according to Microsoft) DNS is the single most important component of Active Directory I'm surprised it's so very unfinished in Samba 4. I believe it would be preferable to have it default to external Bind and it should be clearly stated that the internal DNS is not production ready. Can anyone tell me whether or not the version of Bind in the CentOS 7 repos is suitable for this purpose or do I have to build from source? regards, John On 19/08/15 18:21, Rowland Penny wrote:> On 19/08/15 01:57, John Gardeniers wrote: >> On the Samba wiki at >> https://wiki.samba.org/index.php/Samba_Internal_DNS there is the >> following: >> >> If you have chosen the internal DNS as backend for your environment, >> there are only two options that can be added to your smb.conf, to >> control the behaviour of DNS at this point: >> >> # Don't allow any updates | allow unsigned updates | only allow >> signed updates >> allow dns updates = False | nonsecure | signed >> >> # If recursive queries = yes is set, the following is also needed >> dns forwarder = <ip addr of external dns server> >> >> >> I think the page needs some urgent editing because self >> contradictions merely create confusion. Specifically, there should be >> no reference to "recursive queries = yes" in the comment if that is >> not even a valid option. Alternatively, there could be a comment >> explaining that the "dns forwarder" automatically actives recursion. > > OK, page updated. > >> >> While on the subject of internal DNS, why do most functions not work >> when using the RSAT DNS management tool? Is this situation likely to >> improve in the near future? We could of course use external Bind, >> which would allow us to use the existing scripts and commands that >> we're used to, but that breaks the use of AD tools. > > No idea about the dns functions not working but I use Bind and the AD > dns tool works for me. > > Rowland >> >> regards, >> John >> > >