samba - Jan 2024 - Samba AD with bind and question about "split dns"/view

Hi, recently from Windows clients I have seen anomalous behavior in DNS 
resolution if there are multiple IP addresses, especially in DCs, 
referring to different subnets. More specifically the different subnets 
are mesh VPN networks such as zerotier and netbird.

Trying to make only the IPs of the corresponding subnet appear as a 
result based on where the request comes from, for example if the request 
comes from the LAN (192.168.1.x) reply with the IP of that subnet and if 
it comes from zerotier (10.13.100.x) reply with ip of this other subnet, 
I found "split dns" with use of "view" in bind.

Looking at the use of view in Bind it seems that it can be done but 
using different zones for view, I don't understand if is possible use it 
with Bind on samba AD and if you can manage to have any IPs of new 
members who join go to the correct zone and also be able to have the 
dynamic update still working.

Can someone please tell me if is possible doing this with samba AD and 
DNS management with Bind?


-- 
Questa email ? stata esaminata alla ricerca di virus dal software antivirus
Avast.
www.avast.com

On Thu, 4 Jan 2024 11:50:19 +0100
Fabio Fantoni via samba <samba at lists.samba.org> wrote:
> Hi, recently from Windows clients I have seen anomalous behavior in
> DNS resolution if there are multiple IP addresses, especially in DCs, 
> referring to different subnets. More specifically the different
> subnets are mesh VPN networks such as zerotier and netbird.
> 
> Trying to make only the IPs of the corresponding subnet appear as a 
> result based on where the request comes from, for example if the
> request comes from the LAN (192.168.1.x) reply with the IP of that
> subnet and if it comes from zerotier (10.13.100.x) reply with ip of
> this other subnet, I found "split dns" with use of
"view" in bind.
> 
> Looking at the use of view in Bind it seems that it can be done but 
> using different zones for view, I don't understand if is possible use
> it with Bind on samba AD and if you can manage to have any IPs of new 
> members who join go to the correct zone and also be able to have the 
> dynamic update still working.
> 
> Can someone please tell me if is possible doing this with samba AD
> and DNS management with Bind?
> 
> 
The IP isn't the problem, it sounds like you didn't use a subdomain of
your registered dns domain for your AD domain. For example, if your
registered dns domain is 'example.com', you should have used something
like 'ad.example.com' for your AD domain.

I am unsure if Samba can do what you require, Microsoft didn't get the
ability to use split-dns until version 2016 and Samba hasn't got that
far yet.

Rowland