samba - Dec 2017 - Where does bind9 DLZ store it's database for Samba4

I have installed the TKL Samba4 appliances as well as a bind 9.9.5 with the
--with-gssapi and --with-dlopen compile options.

I would like to replicate the DNS from this DC to several other
geographically diverse Bind servers.
We do NOT want to spin up more DCs, we JUST want to replicate the DNS (this
requirement is coming from above me and must be met).

So my question is, what database does samba store the DNS information in
when using the BIND_DLZ dns backend?

-- 
*Taylor Hammerling* |  *IT Manager*
2800 Laura Lane | Middleton, WI 53562
*O *(608) 669-9070 *| C *(608) 512-7849
tcsbasys.com | ubiquistat.com

On Thu, 7 Dec 2017 10:55:47 -0600
Taylor Hammerling via samba <samba at lists.samba.org> wrote:
> I have installed the TKL Samba4 appliances as well as a bind 9.9.5
> with the --with-gssapi and --with-dlopen compile options.
> 
> I would like to replicate the DNS from this DC to several other
> geographically diverse Bind servers.
> We do NOT want to spin up more DCs, we JUST want to replicate the DNS
> (this requirement is coming from above me and must be met).
> 
> So my question is, what database does samba store the DNS information
> in when using the BIND_DLZ dns backend?
> 
It is stored in the very place you don't want to spin up more of, the AD
DC database ;-)

There is nothing stopping you setting up dns servers that are outside
the AD DC domain and using these as forwarders for the AD DC

The easiest way to do what you want to do, is to do exactly what you
don't want to do, set up more DCs.

The DC should only really be used to store the AD domain dns records,
it can be used for other zones as well, but it is better to forward
anything not in the AD dns to an external dns server.

By the way, you would probably have been better off using Debian
stretch with Louis's Samba packages (this would get you uptodate Samba)
rather than using the turnkey Domain Controller.

Rowland

On Thu, 7 Dec 2017 12:41:18 -0500
Nico Kadel-Garcia <nkadel at gmail.com> wrote:
> *Slaves*, not forwarders. This allows the slaves to run backup dumps
> of the relevant internal domains, suitable for security and resource
> tracking in a dhcp and dynamic DNS environment.
> 
You need zone transfers for slaves and there are no zone transfers with
AD integrated zones.

Rowland

Sorry, I did not realize that was not a feature. Is there some
compelling design reason not to support this feature from RFC 1035?

On Thu, Dec 7, 2017 at 1:19 PM, Rowland Penny via samba
<samba at lists.samba.org> wrote:
> On Thu, 7 Dec 2017 12:41:18 -0500
> Nico Kadel-Garcia <nkadel at gmail.com> wrote:
>
>> *Slaves*, not forwarders. This allows the slaves to run backup dumps
>> of the relevant internal domains, suitable for security and resource
>> tracking in a dhcp and dynamic DNS environment.
>>
>
> You need zone transfers for slaves and there are no zone transfers with
> AD integrated zones.
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba