On 31/03/2021 22:03, Luke Barone via samba wrote:> In your `/etc/resolv.conf` file working with AD, you want only your DCs > listed. If you have multiple DCs (i.e. dc1 and dc2), you want the other one > listed first, then itself. For example: >Sorry, but that is incorrect, each DC should use itself for its nameserver. There is probably not much point in adding any other DC's as nameservers, if the dns server on the DC isn't working, then quite probably the DC isn't working either. Domain clients have to use the dns servers on the DC's, but this doesn't mean they have to use them directly, you could point your clients to a separate dns server and this server would forward all the AD domain dns requests to a DC. Rowland
I was taking advice from this post: https://serverfault.com/questions/394804/what-should-the-order-of-dns-servers-be-for-an-ad-domain-controller-and-why Is your advice samba-specific? If so, we'll update our documentation. On Wed, Mar 31, 2021 at 2:17 PM Rowland penny via samba < samba at lists.samba.org> wrote:> On 31/03/2021 22:03, Luke Barone via samba wrote: > > In your `/etc/resolv.conf` file working with AD, you want only your DCs > > listed. If you have multiple DCs (i.e. dc1 and dc2), you want the other > one > > listed first, then itself. For example: > > > Sorry, but that is incorrect, each DC should use itself for its > nameserver. There is probably not much point in adding any other DC's as > nameservers, if the dns server on the DC isn't working, then quite > probably the DC isn't working either. > > Domain clients have to use the dns servers on the DC's, but this doesn't > mean they have to use them directly, you could point your clients to a > separate dns server and this server would forward all the AD domain dns > requests to a DC. > > Rowland > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
On 31/03/2021 22:28, Luke Barone wrote:> I was taking advice from this post: > https://serverfault.com/questions/394804/what-should-the-order-of-dns-servers-be-for-an-ad-domain-controller-and-why > <https://serverfault.com/questions/394804/what-should-the-order-of-dns-servers-be-for-an-ad-domain-controller-and-why> > > > Is your advice samba-specific? If so, we'll update our documentation.I do not use Windows DC's, so cannot comment on them, but Samba AD is supposed to emulate Windows AD, so they both should work similarly. That link primarily talks about 'islanding', something that has never really affected Samba AD and, from my experience, Samba AD works best when you use the DC's ipaddress for the DC's nameserver. Rowland