Good evening folks I read this statement in the wiki regarding Bind9 "You must not add the AD domain forward or reverse zone records to the named.conf files, these zones are stored dynamically in Ad" This means that administration software like Webmin can't be used with the samba/bind combo, and zones must be managed exclusively with "samba-tool dns" . So what is the upside/benefit with using Bind9 compared with using Sambas internal dns?
Op 03-12-2024 om 19:46 schreef Anders ?stling via samba:> Good evening folks > > I read this statement in the wiki regarding Bind9 > > "You must not add the AD domain forward or reverse zone records to the > named.conf files, these zones are stored dynamically in Ad" > > This means that administration software like Webmin can't be used with the > samba/bind combo, and zones must be managed exclusively with "samba-tool > dns" .This is true for the Active Directory dns-domains and the reverse zones that go with it. Any other thing can safely managed with bind directly. I am thinking of forwarding for specific domains to specific dnsservers, dns-views and so on (as long as it does not work on the AD-dns-domain(s)). Do note that the AD domains are replicated though LDAP to all DCs, and for everything in bind you have arrange synchronization over all binds on a DC yourself.> > So what is the upside/benefit with using Bind9 compared with using Sambas > internal dns?The above: with bind you have more functionality than with Samba's internal DNS. - Kees.
On Tue, 3 Dec 2024 19:46:27 +0100 Anders ?stling via samba <samba at lists.samba.org> wrote:> Good evening folks > > I read this statement in the wiki regarding Bind9 > > "You must not add the AD domain forward or reverse zone records to the > named.conf files, these zones are stored dynamically in Ad" > > This means that administration software like Webmin can't be used > with the samba/bind combo, and zones must be managed exclusively with > "samba-tool dns" .From my perspective, webmin is seriously out of date, this is just one instance of where it needs updating, another is (and this shows just how far the Samba module is out of date) that webmin has no concept of the 'idmap config' lines in the smb.conf file.> > So what is the upside/benefit with using Bind9 compared with using > Sambas internal dns?Depends on how large your set up is, for small domains, not much, but for larger domains, Bind9 scales better. If unsure, I would start with the internal dns server, you can easily upgrade later. Rowland