I need helping again implementing samba4 ad and dns:
Actually we have a dnsmasq server with dhcp/dns services for users on the
lan, if we start to using the internal samba4 dns server to resolv names on
the zone of DC server example mydomain.test.com we can use the actual
dnsmasq to server another domains that we need ?, for example
otherdomain.testing.com.ar
If that is correct we need to include the parameter
dns forwarder = dnsmasq-ip-server
on the smb.conf ? so what samba asking dnsmasq to resolv the name.
Regards.
On 02/09/2020 14:19, jmpatagonia via samba wrote:> I need helping again implementing samba4 ad and dns: > > Actually we have a dnsmasq server with dhcp/dns services for users on the > lan, if we start to using the internal samba4 dns server to resolv names on > the zone of DC server example mydomain.test.com we can use the actual > dnsmasq to server another domains that we need ?, for example > otherdomain.testing.com.ar > > If that is correct we need to include the parameter > dns forwarder = dnsmasq-ip-server > on the smb.conf ? so what samba asking dnsmasq to resolv the name. > > Regards.It all depends on whether you have any Unix dhcp clients in the AD domain, because these will not update their records in AD. Windows clients can update their AD records. Your domain clients must use the DC(s) as their nameserver(s) and anything it doesn't know about (www.google.com for instance) will be forwarded to the DNS server set in smb.conf or the bind conf files (if using Bind9). So, yes you can use your dnsmasq server, provided it isn't in the same dns domain as your DC(s). Rowland
Correct we have the dnsmasq server dns+dhcp on other ip server. So if I understand well, we will use the samba DC as a "authoritative nameserver" and the dnsmasq as a forwarder dns for resolve outside our zone ? And we set on the dnsmasq (when deliver ip to the client as a dhcp server) the primary dns is a samba DC server, and too we can set the dnsmasq a secondary dns server or is not necessary that (because the DC asking the dnsmasq) ? Scenario: dnsmasq as dhcp server: serve ip and tell to client the primary dns is samba DC, and tell to client the secondary dns is dnsmasq or dnsmasq as dhcp server: serve ip and tell to client the primary dns is samba DC, and samba DC is responsible to asking the dnsmasq for resolv sites outsite the zone and answer to client. Regards El mi?., 2 sept. 2020 a las 11:03, Rowland penny via samba (< samba at lists.samba.org>) escribi?:> On 02/09/2020 14:19, jmpatagonia via samba wrote: > > I need helping again implementing samba4 ad and dns: > > > > Actually we have a dnsmasq server with dhcp/dns services for users on the > > lan, if we start to using the internal samba4 dns server to resolv names > on > > the zone of DC server example mydomain.test.com we can use the actual > > dnsmasq to server another domains that we need ?, for example > > otherdomain.testing.com.ar > > > > If that is correct we need to include the parameter > > dns forwarder = dnsmasq-ip-server > > on the smb.conf ? so what samba asking dnsmasq to resolv the name. > > > > Regards. > > It all depends on whether you have any Unix dhcp clients in the AD > domain, because these will not update their records in AD. > > Windows clients can update their AD records. > > Your domain clients must use the DC(s) as their nameserver(s) and > anything it doesn't know about (www.google.com for instance) will be > forwarded to the DNS server set in smb.conf or the bind conf files (if > using Bind9). > > So, yes you can use your dnsmasq server, provided it isn't in the same > dns domain as your DC(s). > > Rowland > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
On 02/09/2020 15:24, jmpatagonia wrote:> > Correct we have the dnsmasq server dns+dhcp on other ip server. > > So if I understand well, we will use the samba DC as a "authoritative > nameserver" and the dnsmasq as a forwarder dns for resolve outside our > zone ?Just to ensure that you understand: DC: dc.example.com DNSMASQ: dnsmasq.example.com == BAD DC: dc.ad.example.com DNSMASQ: dnsmasq.example.com == GOOD> > And we set on the dnsmasq (when deliver ip to the client as a dhcp > server) the primary dns is a samba DC server, and too we can set the > dnsmasq a secondary dns server or is not necessary that (because the > DC asking the dnsmasq) ? > > Scenario: > dnsmasq as dhcp server: serve ip and tell to client the primary dns is > samba DC, and tell to client the secondary dns is dnsmasq > > or > dnsmasq as dhcp server: serve ip and tell to client the primary dns is > samba DC, and samba DC is responsible to asking the dnsmasq for resolv > sites outsite the zone and answer to client.Provided dnsmasq can tell the domain clients to use the domain dns name, then the second version is the way to go. All domain clients talk to the DC and never contact dnsmasq as dns server. Rowland