Most is all there, right. But with BInd 9.9 there is a 'new' option that I needed on my DNS server. On the Samba AD, I see: dig home.htt SOA ; <<>> DiG 9.9.4-RedHat-9.9.4-18.el7 <<>> home.htt SOA ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38095 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;home.htt. IN SOA ;; ANSWER SECTION: home.htt. 3600 IN SOA homebase.home.htt. hostmaster.home.htt. 4 900 600 86400 3600 I don't like the email default, but then shouldn't be getting emails to it. But the timers are right. But over on the main DNS server that will secondary this domain, there is a change to the zone description: zone "home.htt" { type slave; file "slaves/bak.home.htt"; masterfile-format text; masters {192.168.192.2; }; }; Note the new "masterfile-format text" line. This is if you want a nice text file for the slave zone to read, rather than the more efficient binary file. And here is what is in that file right now: # more slaves/bak.home.htt $ORIGIN . $TTL 3600 ; 1 hour home.htt IN SOA homebase.home.htt. hostmaster.home.htt. ( 4 ; serial 900 ; refresh (15 minutes) 600 ; retry (10 minutes) 86400 ; expire (1 day) 3600 ; minimum (1 hour) ) $TTL 900 ; 15 minutes NS homebase.home.htt. A 192.168.192.2 $ORIGIN home.htt. _msdcs NS homebase $ORIGIN _tcp.Default-First-Site-Name._sites.home.htt. _gc SRV 0 100 3268 homebase.home.htt. _kerberos SRV 0 100 88 homebase.home.htt. _ldap SRV 0 100 389 homebase.home.htt. $ORIGIN _tcp.home.htt. _gc SRV 0 100 3268 homebase.home.htt. _kerberos SRV 0 100 88 homebase.home.htt. _kpasswd SRV 0 100 464 homebase.home.htt. _ldap SRV 0 100 389 homebase.home.htt. $ORIGIN _udp.home.htt. _kerberos SRV 0 100 88 homebase.home.htt. _kpasswd SRV 0 100 464 homebase.home.htt. $ORIGIN home.htt. $TTL 3600 ; 1 hour cubieboard2 A 192.168.192.21 $TTL 900 ; 15 minutes DomainDnsZones A 192.168.192.2 $ORIGIN DomainDnsZones.home.htt. _ldap._tcp.Default-First-Site-Name._sites SRV 0 100 389 homebase.home.htt. _ldap._tcp SRV 0 100 389 homebase.home.htt. $ORIGIN home.htt. ForestDnsZones A 192.168.192.2 $ORIGIN ForestDnsZones.home.htt. _ldap._tcp.Default-First-Site-Name._sites SRV 0 100 389 homebase.home.htt. _ldap._tcp SRV 0 100 389 homebase.home.htt. $ORIGIN home.htt. homebase A 192.168.192.2 nevia A 192.168.192.11 valeria A 192.168.192.5 BTW, this is probably the simplest way to get a dump of your samba dns zone! Now to set up all the other secondaried zones! I am wondering if the dyndns updates are incrementing the serial number. More tests to figure that out.