samba - Dec 2023 - Provisioning new AD Domain Controller

On Thu Nov 30 13:38:35 2023 Rowland Penny via samba <samba at
lists.samba.org> wrote:
>
> On Thu, 30 Nov 2023 13:05:08 -0500
> Mark Foley via samba <samba at lists.samba.org> wrote:
>
> > The wiki
> >
https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller#Create_a_reverse_zone
> > says, "For a DC with the FQDN of dc1.samdom.example.com and the
> > ipaddress of 10.99.0.1, to add a record to the 0.99.10.in-addr.arpa
> > ..."
> > 
> > Is this correct or should the rDNS PTR be 1.99.10.in-addr.arpa? 
> > 
> > I just want to make sure this isn't a typeo.
> > 
> > Thanks --Mark
> > 
>
> No it isn't a typo, but it is just an example which will give you 255
> clients.
>
> From the given example '10.99.0.1', you would take the first three
> octets '10.99.0' and reverse them '0.99.10', add
'.in-addr.arpa' to get
> '0.99.10.in-addr.arpa' and this would be the name for the
reversezone.
>
> If you require more clients, just take less octets e.g. '10.99'
would
> give you '99.10.in-addr.arpa'
>
> Rowland
OK, thanks. I didn't know that. I just wrote another email to Dave
questioning
this. I'll move forward with the 3-octet version.

Thanks --Mark

On Thu Nov 30 14:10:39 2023 Mark Foley via samba <samba at
lists.samba.org> wrote:
>
> On Thu Nov 30 13:38:35 2023 Rowland Penny via samba <samba at
lists.samba.org> wrote:
> >
> > On Thu, 30 Nov 2023 13:05:08 -0500
> > Mark Foley via samba <samba at lists.samba.org> wrote:
> >
> > > The wiki
> > >
https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller#Create_a_reverse_zone
> > > says, "For a DC with the FQDN of dc1.samdom.example.com and
the
> > > ipaddress of 10.99.0.1, to add a record to the
0.99.10.in-addr.arpa
> > > ..."
> > > 
> > > Is this correct or should the rDNS PTR be 1.99.10.in-addr.arpa? 
> > > 
> > > I just want to make sure this isn't a typeo.
> > > 
> > > Thanks --Mark
> > > 
> >
> > No it isn't a typo, but it is just an example which will give you
255
> > clients.
> >
> > From the given example '10.99.0.1', you would take the first
three
> > octets '10.99.0' and reverse them '0.99.10', add
'.in-addr.arpa' to get
> > '0.99.10.in-addr.arpa' and this would be the name for the
reversezone.
> >
> > If you require more clients, just take less octets e.g.
'10.99' would
> > give you '99.10.in-addr.arpa'
> >
> > Rowland
>
> OK, thanks. I didn't know that. I just wrote another email to Dave
questioning
> this. I'll move forward with the 3-octet version.
>
> Thanks --Mark
Following up on this, not understanding the 'three octets' principle as
described
by Rowland, I previouly did the zone create as:

samba-tool dns zonecreate 182.168.0.2   2.0.168.192.in-addr.arpa  (i.e. entire
IP address)

doing 'samba-tool dns zonelist 192.168.0.2' gives (plus others):

  pszZoneName                 : 2.0.168.192.in-addr.arpa
  Flags                       : DNS_RPC_ZONE_DSINTEGRATED
DNS_RPC_ZONE_UPDATE_SECURE
  ZoneType                    : DNS_ZONE_TYPE_PRIMARY
  Version                     : 50
  dwDpFlags                   : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT
DNS_DP_ENLISTED
  pszDpFqdn                   : DomainDnsZones.hprs.locl

Should I delete this zone and recreate with "0.168.192.in-addr.arpa"?
If so, what
should I use for <Your-AD-DNS-Server-IP-or-hostname>? (my DC is
dc1.hprs.locl).
This template example says "or-hostname", so would that be just
"dc1" and not
the FQDN? If I'm interpreting this correctly,
"<Your-AD-DNS-Server-IP-or-hostname>" should be either
"182.168.9.2" or "dc1",
right? Which specification is preferable? IP or hostname?

Thanks --Mark