Sami Hulkko
2025-Apr-24 07:48 UTC
[Samba] Is there any tool to convert DNS database to zone files?
Hi, The case I have is dns-sec that with current samba DC implementations with samba native or samba with Bind9 do not work. In Bind9 native this feature(dns-sec) is available. SH On 24/04/2025 9.50, Rowland Penny via samba wrote:> On Thu, 24 Apr 2025 08:55:07 +0300 > Sami Hulkko via samba <samba at lists.samba.org> wrote: > >> HI, >> >> Anybody have idea of how to get from BIND9 samba zone database neat >> BIND9 zone files automatically? >> >> Like: >> >> 389 Directory Server - Howto:BIND >> <https://www.port389.org/docs/389ds/howto/howto-bind.html> >> > On the page you linked to, the first line under 'Introduction' says > this: > > The instructions below are outdated. > > They are also for 389DS and that is very different from AD. > > AD is basically ldap, kerberos and dns combined and so it is best > practice to use what Samba suggests. > > There are those that suggest using a separate DNS server instead of the > builtin dns server or BIND_DLZ, but, while this can work, it is just > more work as you have to maintain it. > > A lot of people use Bind9 when really using the builtin dns server > would suffice, do you really need the extra complexity of Bind9 ? > > Rowland >-- Sami Hulkko +358 45 8569 319 sahulkko at gmail.com sahulkko at icloud.com
Rowland Penny
2025-Apr-24 07:58 UTC
[Samba] Is there any tool to convert DNS database to zone files?
On Thu, 24 Apr 2025 10:48:02 +0300 Sami Hulkko via samba <samba at lists.samba.org> wrote:> Hi, > > The case I have is dns-sec that with current samba DC implementations > with samba native or samba with Bind9 do not work. In Bind9 native > this feature(dns-sec) is available. >Samba AD does not implement DNSSEC, so I fail to see what using a different dns server will get you. Rowland