On Thu, Apr 7, 2016 at 10:34 AM, Rowland penny <rpenny at samba.org> wrote:> First and foremost, this is your domain, so you can do what you want with > it, but I wouldn't use anything that didn't rely on the dns info stored in > AD. I would also point out, that website is not a Samba or Microsoft website > and as such I cannot recommend using it.Microsoft does have some info: https://social.technet.microsoft.com/Forums/windowsserver/en-US/f90eb354-aa57-4d6b-b86b-3bab7910ca78/pure-windows-2008-r2-domain-with-bind-dns-server https://technet.microsoft.com/en-us/library/dd316373.aspx Trying to get an idea if much of this has been explored by Samba 4 users.
On Thu, 7 Apr 2016, Sonic wrote:> Microsoft does have some info: > https://social.technet.microsoft.com/Forums/windowsserver/en-US/f90eb354-aa57-4d6b-b86b-3bab7910ca78/pure-windows-2008-r2-domain-with-bind-dns-server > https://technet.microsoft.com/en-us/library/dd316373.aspx > > Trying to get an idea if much of this has been explored by Samba 4 users.My guess would be not much, because BIND9_DLZ exists and (mostly) gives you the best of both worlds. If you want to use bind with MS DNS servers, then you have to go that route, but it's not necessary with Samba 4 and BIND9_DLZ.
On Thu, Apr 7, 2016 at 11:00 AM, Sketch <smblist at rednsx.org> wrote:> My guess would be not much, because BIND9_DLZ exists and (mostly) gives you > the best of both worlds.Which does bring up a question. It seems that outside of a feature or two and some added flexibility that there is, at the core, no difference between Samba's internal DNS and BIND9_DLZ as there are no text editable BIND zone files for the AD domain, it's more like BIND is just the frontend serving up the data on port 53. So to keep things simple as in the other scenario with the Windows server, if I plan to use Unbound as the cache for all of the clients, I can stub-zone to Samba4 for the AD domain records. The Samba4 AD points to itself and uses Unbound as the forwarder. Seems simpler than putting BIND in the middle, as I don't know if it's buying me anything.
On Thu, Apr 7, 2016 at 11:00 AM, Sketch <smblist at rednsx.org> wrote:> My guess would be not much, because BIND9_DLZ exists and (mostly) gives you > the best of both worlds. If you want to use bind with MS DNS servers, then > you have to go that route, but it's not necessary with Samba 4 and > BIND9_DLZ.That's clear but I was thinking more of the analogous configuration where I continue to use NSD instead of BIND9_DLZ (or Samba).