similar to: Samba4 with external bind - best practices?

On 26/07/16 09:31, mathias dufresne wrote: > Hi Elias, > > Separating DNS and AD services: > It should be possible to have AD DNS server hosted on a non-DC server. > Samba Wiki explain we just have to include > "/var/lib/samba/private/named.conf" in Bind configuration. This library can > be replaced be one of those shipped with Bind, this library will need >

I found this article about separate samba4 and bind. https://quercerjanath.wordpress.com/samba-active-directory-with-bind9-on-separate-machines-ubuntu-14-04/ Em 27/07/2016 9:39 AM, "mathias dufresne" <infractory at gmail.com> escreveu: > 2016-07-26 13:16 GMT+02:00 Rowland penny <rpenny at samba.org>: > > > On 26/07/16 09:31, mathias dufresne wrote: > >

Here we (the DNS team of our company, not me ;) chose the zone type forward as it is the way DNS works (one resolver on client system, this resolver will forward requests to others DNS server to get answer) and also because that seemed to them the strongest against failure: there is no data stored on the client resolver, there can't be corrupted data on this DNS server when with masters /

You do what you want! The point is the clients must resolve everything. You have two options: A - client resolver is non-DC DNS server: here the non-DC DNS server must be configured to forward DNS requests about AD to AD DNS servers (to DCs) B - client resolver is AD DNS server: here AD DNS server(s) used as resolver(s) must be configured to forward any non-AD DNS request to non-DC DNS server.

Hi Elias, Separating DNS and AD services: It should be possible to have AD DNS server hosted on a non-DC server. Samba Wiki explain we just have to include "/var/lib/samba/private/named.conf" in Bind configuration. This library can be replaced be one of those shipped with Bind, this library will need configuration for it can deal with remote DC(s). Please note I never tried that,

Thanks Mathias and Rowland for the answers. Rowland, You said: “Use the sub domain for your AD domain and forward anything outside the sub domain to your main DNS servers.” This forward I do on the settings of the bind in Samba4? Something like: acl goodclients { 192.168.1.0/24; localhost; localnets; }; options { directory "/var/cache/bind";

Looking over this thread it got me thinking of multiple domains and then thinking maybe it would be better to setup the external DNS as a slave to the AD domain? Then you could have it resolve from the external DNS for multiple AD domains. On Wed, Jul 27, 2016 at 9:32 AM, Elias Pereira <empbilly at gmail.com> wrote: > I found this article about separate samba4 and bind. > >

2016-07-26 13:16 GMT+02:00 Rowland penny <rpenny at samba.org>: > On 26/07/16 09:31, mathias dufresne wrote: > >> Hi Elias, >> >> Separating DNS and AD services: >> It should be possible to have AD DNS server hosted on a non-DC server. >> Samba Wiki explain we just have to include >> "/var/lib/samba/private/named.conf" in Bind

Guys, In the clients dns settings I configure the Samba4 or external DNS IP? On Thu, Jul 28, 2016 at 5:57 AM, mathias dufresne <infractory at gmail.com> wrote: > Here we (the DNS team of our company, not me ;) chose the zone type forward > as it is the way DNS works (one resolver on client system, this resolver > will forward requests to others DNS server to get answer) and also

mathias, I believe I get it. :D The "A" option can be "resolved" with the inclusion of the zone that you suggested me, right? zone "ad.domain.tld" IN { > type forward; > forward only; > forwarders { > <ip of 1st DC>; > <ip of 2nd DC>; > .... > <ip of Nth DC>; > }; > }; And in the "B"

> > Not so much forgetting but not understanding ;-) - Internal DNS that responds to our services (site, moodle, etc) - ns.myinstitution.edu (registered in registro.br) - Samba DNS answering for samba stuff - addc.myinstitution.edu Maybe it's better to use SAMBA_INTERNAL instead of BIND_DLZ? On Tue, May 16, 2017 at 4:29 PM, Rowland Penny via samba < samba at lists.samba.org>

Hallo, We have Samba4 (Sernet, Version4.1) on a Debian Wheezy server. There we try to use our Infoblox (It is our primary and secondary DNS server) as an external DNS server for the active directory on the samba4 server. It doesn?t matter which setup option (Samba_internal, bind_dlz, none) we use it doesn?t work. Harry

Hello, I provisioned an samba AD with the bind_dlz option. So far so good. Followed the samba wiki. I have a DNS for our external access services (website, moodle, etc) and I'm using it as a forwarder to AD but it is not working. In a win7 I configured the AD IP as primary DNS and put it in the domain. When I try to access, for example, "wiki.samba.org" it opens normally, but when

My first Active Directory setup had two DC's and shortly after getting things going the second DC created a hardware failure issue and I just continued life with one DC. Now, while upgrading I am returning to two DC's. In a normal Bind9 "master and slave" setup the master always "feeds" the slave. With Bind9_DLZ setup (recommended to be used with Samba4) there is

I keep seeing different approaches/recommendations as to which DNS services to utilize for an AD controller... what are your recommendations, and why? Thanks very much. -- Jefferson K Davis Technology and Information Systems Manager Standard School District 1200 North Chester Ave Bakersfield, CA 93308 661.392.2110 ext 120 (office) http://district.standard.k12.ca.us District

Il giorno mar 17 dic 2019 alle ore 17:49 Rowland penny via samba < samba at lists.samba.org> ha scritto: In the last year this has come up a few times, try reading this > > https://support.microsoft.com/en-gb/help/817470/how-to-reconfigure-an-msdcs-subdomain-to-a-forest-wide-dns-application > It looks like we need a tool to correct AD :-( > Thanks! I will read that article. Do

> > Sorry, must have missed that. No problem! :D OK, your dns domain is 'mydomain.edu' and your AD dns domain is 'addc.mydomain.edu', so far so good, but is the AD REALM set to 'ADDC.MYDOMAIN.EDU <http://addc.mydomain.edu/>' ? Yes, my AD REALM is ADDC.MYDOMAIN.EDU Yes, your AD DC should be the authoritative dns server for the AD dns > domain. ok.

Hi, we are running a Samba AD on UCS 4.2, which comes with Samba 4.6.1. The DNS server (192.168.0.200) is operated by bind with the samba DLZ module. It also hosts several zones outside of samba. Every couple of hours, I get messages like these on the server: Jun 5 23:04:58 ucsdc1 daemon:[warning] checkhints: h.root-servers.net/A (198.97.190.53) missing from hints Jun 5 23:04:58 ucsdc1

On Thu, 8 Jun 2017 19:19:21 +1000 Amitay Isaacs via samba <samba at lists.samba.org> wrote: > Hi, > > Let me try to clear some confusion. > > On Tue, Jun 6, 2017 at 7:36 PM, Torsten Kurbad via samba < > samba at lists.samba.org> wrote: > Samba's bind-dlz module does not export root hints to BIND named. So > the error you are seeing is an issue with your

Rowland, Seeing as BIND_DLZ uses the same info in AD as SAMBA_INTERNAL does, > then no, using the internal dns server will not make any difference. Ok. Which ever dns server you use, it must be authoritative for the AD > domain and if required it should be a subdomain of your registered > domain, see here: > > https://wiki.samba.org/index.php/Active_Directory_Naming_FAQ >