On 19/05/2021 20:35, Marcos Ariel Negrini via samba wrote:> >> >> >> > > We are using the network dns (bind) publishing the srv records that we > understood that it needed to do the AD operations, it copies the > records that we are publishing in that dns, the pc's do not use the > Samba AD dns:I wouldn't do that, I would get your network dns to forward all AD domain requests to the DC's, that way you reduce dns traffic to the DC's (no external dns requests get to them) and all the required AD records are available. There is also the question of the Windows clients updating their own records, if they are on your network dns, then they will probably not be in AD. Rowland
Hi Rowland: Was something that was evaluated, and in my case I agree with what you comment; I'm going to bring it up again to see if we change that. I have a doubt when you say that windows clients can modify their dns records; are you referring to the generation of the A record when a computer joins the domain? or in some other situation a computer can somehow modify dns information within the dc's? In our case the A records are not generated automatically in the domain join, is this because we are not doing the domain join using the dns of the dc's directly? Regards Translated with www.DeepL.com/Translator (free version) El 19/05/2021 a las 16:56, Rowland penny via samba escribi?:> I wouldn't do that, I would get your network dns to forward all AD > domain requests to the DC's, that way you reduce dns traffic to the > DC's (no external dns requests get to them) and all the required AD > records are available. There is also the question of the Windows > clients updating their own records, if they are on your network dns, > then they will probably not be in AD. > > Rowland-- Marcos Ariel Negrini AFIP - Divisi?n Seguridad de Activos Direcci?n de Seguridad de la Informaci?n Paseo Colon 635 PB - CP 1063 - CABA