I've been playing with Samba on my test server in AD DC mode. I think I've got most of it, but one thing I'm trying to figure out is the DNS backend. I can't use SAMBA_INTERNAL, much as I'd like to, because I don't have an alternate machine that samba can query when asked about names not in the domain. I tried bind9_dlz once, and I remember I could not get it working right. I'd be tempted to use _FLATFILE but I seem to recall word that this option was scheduled for removal soon. So, what's the best method for providing internet DNS and AD Name resolution on the same machine? -- Dan Egli From my Test Server -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_signature Type: application/pgp-signature Size: 665 bytes Desc: OpenPGP digital signature URL: <http://lists.samba.org/pipermail/samba/attachments/20210506/debe58fd/OpenPGP_signature.sig>
> On 7 May 2021, at 09:27, Dan Egli via samba <samba at lists.samba.org> wrote: > I've been playing with Samba on my test server in AD DC mode. I think I've got most of it, but one thing I'm trying to figure out is the DNS backend. I can't use SAMBA_INTERNAL, much as I'd like to, because I don't have an alternate machine that samba can query when asked about names not in the domain. I tried bind9_dlz once, and I remember I could not get it working right. I'd be tempted to use _FLATFILE but I seem to recall word that this option was scheduled for removal soon. So, what's the best method for providing internet DNS and AD Name resolution on the same machine?I've used BIND9_DLZ without much issue (on a FreeBSD server) so I'd vote for that. -- Daniel O'Connor "The nice thing about standards is that there are so many of them to choose from." -- Andrew Tanenbaum
HI, On Thu, 6 May 2021, Dan Egli via samba wrote:> I've been playing with Samba on my test server in AD DC mode. I think I've > got most of it, but one thing I'm trying to figure out is the DNS backend. I > can't use SAMBA_INTERNAL, much as I'd like to, because I don't have an > alternate machine that samba can query when asked about names not in the > domain.There is nothing that says you need to run your own name servers for zones you are not authoritative for. You could simply use 1.1.1.1, 8.8.8.8, etc. for forwarders if you want to use the SAMBA_INTERNAL DNS server.> I tried bind9_dlz once, and I remember I could not get it working > right.bind9_dlz is easy to setup. See https://wiki.samba.org/index.php/BIND9_DLZ_DNS_Back_End for instructions.> I'd be tempted to use _FLATFILE but I seem to recall word that this > option was scheduled for removal soon. So, what's the best method for > providing internet DNS and AD Name resolution on the same machine?IIRC, Flatfile does not work and will be removed sooner or later. Regards, -- Tom me at tdiehl.org