18.01.2023 18:45, Stefan G. Weichinger via samba wrote: ..> to only run the DC in the LAN network. > > Otherwise there were 4 or 5 DNS-entries created for the hostname of the DC, which seemed problematic to me. Maybe it is not? > > What if a client in LAN gets a DNS reply with a IP in the VLANs? timeouts?Is it impossible for the client to reach this IP on the VLAN? Quite often in this configuration it is possible, depending on routing and filtering in place. FWIW, this is one of the reasons I prefer to manage DNS elsewhere, without tying it to samba/DC, - this way I can control which records are being used. DNS is mostly static, it changes only when you reconfigure network, when you can update DNS explicitly too, so dynamic DNS isn't really necessary.> To reply to DHCP-clients in the VLANs I need the specific interfaces + routes. > > But if a client in a VLAN tries to "gpupdate" things fail: asymmetric routing, the replies don't get to the client. > > I am not sure how to solve this. > > Allow the DC to run on all interfaces? > > And no, we don't have additional hardware to move the DHCP-services to.You don't need additional hardware. It is trivial these days to run a virtual machine - with either samba or dhcpd or whatever else is needed. But so far, it's difficult to say which problem you're trying to solve. /mjt
On 20/01/2023 08:50, Michael Tokarev via samba wrote:> 18.01.2023 18:45, Stefan G. Weichinger via samba wrote: > .. >> to only run the DC in the LAN network. >> >> Otherwise there were 4 or 5 DNS-entries created for the hostname of >> the DC, which seemed problematic to me. Maybe it is not? >> >> What if a client in LAN gets a DNS reply with a IP in the VLANs? >> timeouts? > > Is it impossible for the client to reach this IP on the VLAN? > Quite often in this configuration it is possible, depending on > routing and filtering in place. > > FWIW, this is one of the reasons I prefer to manage DNS elsewhere, without > tying it to samba/DC, - this way I can control which records are being > used. > DNS is mostly static, it changes only when you reconfigure network, when > you > can update DNS explicitly too, so dynamic DNS isn't really necessary.Michael, how you run your systems is your prerogative, but please do not suggest using unsupported methods on this list, whilst they may work for you, they may not work for others. Rowland