I know this is samba list and I am hoping that someone with MS AD experience can answer this definitively. Does AD have some kind of data exchange between dhcp and dns so that systems which receive a dhcp lease from an AD DC more reliably register their hostname with AD DNS? Looking at the RFC I couldn't see any reason why this should be the case. But it seems that host name registration for all DHCP devices is much more consistent when using AD for the dhcp service. Previously we were using our cisco router. It was rather hit and miss with DNS registrations that way. We switch to using AD DHCP about 3 months ago and the numbers of host names registered to AD DNS seems to have really improved. Sorry this isn't strickly a SAMBA question, but I thought of AD had some kind of API or data exchange between DHCP and DNS, then samba might also have it. -- David Bear mobile: (602) 903-6476
On Tue, 2 Jan 2018 12:41:05 -0700 David Bear via samba <samba at lists.samba.org> wrote:> I know this is samba list and I am hoping that someone with MS AD > experience can answer this definitively. > > Does AD have some kind of data exchange between dhcp and dns so that > systems which receive a dhcp lease from an AD DC more reliably > register their hostname with AD DNS? Looking at the RFC I couldn't > see any reason why this should be the case. But it seems that host > name registration for all DHCP devices is much more consistent when > using AD for the dhcp service. Previously we were using our cisco > router. It was rather hit and miss with DNS registrations that way. > We switch to using AD DHCP about 3 months ago and the numbers of host > names registered to AD DNS seems to have really improved. > > Sorry this isn't strickly a SAMBA question, but I thought of AD had > some kind of API or data exchange between DHCP and DNS, then samba > might also have it. >Do you mean something like this: https://wiki.samba.org/index.php/Configure_DHCP_to_update_DNS_records_with_BIND9 Rowland
Thats the samba answer -- and I guess this implies that windows AD also has the same capability. Thanks. On Tue, Jan 2, 2018 at 12:51 PM, Rowland Penny via samba < samba at lists.samba.org> wrote:> On Tue, 2 Jan 2018 12:41:05 -0700 > David Bear via samba <samba at lists.samba.org> wrote: > > > I know this is samba list and I am hoping that someone with MS AD > > experience can answer this definitively. > > > > Does AD have some kind of data exchange between dhcp and dns so that > > systems which receive a dhcp lease from an AD DC more reliably > > register their hostname with AD DNS? Looking at the RFC I couldn't > > see any reason why this should be the case. But it seems that host > > name registration for all DHCP devices is much more consistent when > > using AD for the dhcp service. Previously we were using our cisco > > router. It was rather hit and miss with DNS registrations that way. > > We switch to using AD DHCP about 3 months ago and the numbers of host > > names registered to AD DNS seems to have really improved. > > > > Sorry this isn't strickly a SAMBA question, but I thought of AD had > > some kind of API or data exchange between DHCP and DNS, then samba > > might also have it. > > > > Do you mean something like this: > > https://wiki.samba.org/index.php/Configure_DHCP_to_update_ > DNS_records_with_BIND9 > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >-- David Bear mobile: (602) 903-6476
Hi David,> I know this is samba list and I am hoping that someone with MS AD > experience can answer this definitively. > > Does AD have some kind of data exchange between dhcp and dns so that > systems which receive a dhcp lease from an AD DC more reliably register > their hostname with AD DNS? Looking at the RFC I couldn't see any reason > why this should be the case. But it seems that host name registration for > all DHCP devices is much more consistent when using AD for the dhcp > service. Previously we were using our cisco router. It was rather hit and > miss with DNS registrations that way. We switch to using AD DHCP about 3 > months ago and the numbers of host names registered to AD DNS seems to have > really improved. > > Sorry this isn't strickly a SAMBA question, but I thought of AD had some > kind of API or data exchange between DHCP and DNS, then samba might also > have it.There is some kind of integration between MS DHCP and MS AD for sure: when doing migration from samba3 to samba4, if one has a MS DHCP service, then you need to "register" the DHCP service from the MS DHCP console after migration, otherwise it stops delivering leases. I usually switch to ISC DHCP at one point or the other, so I didn't dig into the rationale behind that. However for registration, my understanding is that is any case registration goes through authenticated DNS queries from workstation/server domain members. It is the only way to ensure that a workstation or server can only register its own name as DNS entry. Otherwise, with the automatic registration from DHCP service to DNS, then you technically allow any desktop/phone/IOT to register WPAD and ISATAP DNS entry and MITM all the traffic that has autodiscovery enabled, or change the ip address of your file server or anything else... Actually the two WPAD/ISATAP entries are blocked by default on a MS DNS server since MSAD2k3, but I think you see my point. Securing your DNS is paramount for overall network security. When you where using your cisco routers as DHCP server, did you provide the ip address of domain controllers as DNS server, or did you have the cisco doing DNS forwarding? Cheers, Denis -- Denis Cardon Tranquil IT Systems Les Espaces Jules Verne, bâtiment A 12 avenue Jules Verne 44230 Saint Sébastien sur Loire tel : +33 (0) 2.40.97.57.55 http://www.tranquil-it-systems.fr