Rowland Penny
2025-Apr-24 06:50 UTC
[Samba] Is there any tool to convert DNS database to zone files?
On Thu, 24 Apr 2025 08:55:07 +0300 Sami Hulkko via samba <samba at lists.samba.org> wrote:> HI, > > Anybody have idea of how to get from BIND9 samba zone database neat > BIND9 zone files automatically? > > Like: > > 389 Directory Server - Howto:BIND > <https://www.port389.org/docs/389ds/howto/howto-bind.html> >On the page you linked to, the first line under 'Introduction' says this: The instructions below are outdated. They are also for 389DS and that is very different from AD. AD is basically ldap, kerberos and dns combined and so it is best practice to use what Samba suggests. There are those that suggest using a separate DNS server instead of the builtin dns server or BIND_DLZ, but, while this can work, it is just more work as you have to maintain it. A lot of people use Bind9 when really using the builtin dns server would suffice, do you really need the extra complexity of Bind9 ? Rowland
Sami Hulkko
2025-Apr-24 07:48 UTC
[Samba] Is there any tool to convert DNS database to zone files?
Hi, The case I have is dns-sec that with current samba DC implementations with samba native or samba with Bind9 do not work. In Bind9 native this feature(dns-sec) is available. SH On 24/04/2025 9.50, Rowland Penny via samba wrote:> On Thu, 24 Apr 2025 08:55:07 +0300 > Sami Hulkko via samba <samba at lists.samba.org> wrote: > >> HI, >> >> Anybody have idea of how to get from BIND9 samba zone database neat >> BIND9 zone files automatically? >> >> Like: >> >> 389 Directory Server - Howto:BIND >> <https://www.port389.org/docs/389ds/howto/howto-bind.html> >> > On the page you linked to, the first line under 'Introduction' says > this: > > The instructions below are outdated. > > They are also for 389DS and that is very different from AD. > > AD is basically ldap, kerberos and dns combined and so it is best > practice to use what Samba suggests. > > There are those that suggest using a separate DNS server instead of the > builtin dns server or BIND_DLZ, but, while this can work, it is just > more work as you have to maintain it. > > A lot of people use Bind9 when really using the builtin dns server > would suffice, do you really need the extra complexity of Bind9 ? > > Rowland >-- Sami Hulkko +358 45 8569 319 sahulkko at gmail.com sahulkko at icloud.com