Hi, I set up Samba DCs for two sites. The first site is for example domain.ourdomain.com, the second is site2.ourdomain.com. On the first site, there will be 2 DCs, and one fileserver, on the second site there will be one DC, and it will act as fileserver too. Is it true that Samba's internal dns server won't good for that, and I need Bind, because of Bind's zone transfer feature?
On 19/06/2019 14:11, Pisch Tam?s via samba wrote:> Hi, > > I set up Samba DCs for two sites. The first site is for example > domain.ourdomain.com, the second is site2.ourdomain.com. On the first > site, there will be 2 DCs, and one fileserver, on the second site > there will be one DC, and it will act as fileserver too. > Is it true that Samba's internal dns server won't good for that, and I > need Bind, because of Bind's zone transfer feature? >What are you thinking to transfer the zones to ? Rowland
On Wed, 2019-06-19 at 15:11 +0200, Pisch Tam?s via samba wrote:> Hi, > > I set up Samba DCs for two sites. The first site is for example > domain.ourdomain.com, the second is site2.ourdomain.com. On the first > site, there will be 2 DCs, and one fileserver, on the second site > there will be one DC, and it will act as fileserver too. > Is it true that Samba's internal dns server won't good for that, and > I > need Bind, because of Bind's zone transfer feature?I don't see the connection with zone transfers. At the small scale either will work fine. At larger scales, DLZ_BIND9 is slower (yes really) particularly if you ask it to be the default DNS server for the network, but the internal DNS server also can fall over faster under a high forwarding load. The reason for the performance problem in the DLZ_BIND9 case is a lock over access to Samba's DB, and the behaviour around including NS records in a response. Fix that by setting: options { minimal-responses yes; } If you have a large site, set up a BIND9 server with a zone of type 'forward' pointing at your Samba DC, and otherwise forwarding and caching for the internet. https://wiki.samba.org/index.php/BIND9_DLZ_DNS_Back_End https://wiki.samba.org/index.php/Running_Samba_AD_Domain_Controllers_in_large_domains#DNS_query_latency I hope this helps, Andrew Bartlett -- Andrew Bartlett https://samba.org/~abartlet/ Authentication Developer, Samba Team https://samba.org Samba Developer, Catalyst IT https://catalyst.net.nz/services/samba
>What are you thinking to transfer the zones to ?I try to explain, why I asked the question. Now we have NT4 style Samba domain, with ldap backend, and Bind. We have two sites, they are connected through VPN. On the servers, Bind configured as master-slave. On every site, there is a master, for their own domain, and they are each others' slave. As I know, this is zone transfer. I want to set up the servers from scratch now for the AD (I know that there would be the classicupgrade option).> > Is it true that Samba's internal dns server won't good for that, and > > I need Bind, because of Bind's zone transfer feature? > > I don't see the connection with zone transfers. > At the small scale either will work fine.Our network is not so big. If Samba internal dns server can handle our needs, I don't want to set up Bind now. If I will be able to ping/reach host1.domain.ourdomain.com from host2.site2.ourdomain.com (and, most importantly, dc3.site2.ourdomain.com and dc1.domain.ourdomain.com can reach each others), with Samba internal dns server, it is enough for me. Maybe I misunderstand something about zone transfer.