The Samba AD DNS Back Ends: Difference between revisions

From SambaWiki
m (Updated link)
m (/* minor update)
(7 intermediate revisions by 3 users not shown)
Line 27: Line 27:


* [[BIND9_DLZ_DNS_Back_End|BIND9_DLZ DNS Back End]]
* [[BIND9_DLZ_DNS_Back_End|BIND9_DLZ DNS Back End]]
:* Requires BIND 9.8 or later installed and configured locally on the Samba Active Directory (AD) domain controller (DC). For additional information, see [[Setup_a_basic_BIND_installation|Setting up a Basic BIND Installation]].
:* Requires BIND 9.8 or later installed and configured locally on the Samba Active Directory (AD) domain controller (DC). For additional information, see [[Setting_up_a_BIND_DNS_Server|Setting up a BIND DNS Server]].
:* Requires knowledge about the BIND DNS server and how to configure the service.
:* Requires knowledge about the BIND DNS server and how to configure the service.
:* Use this back end for complex DNS scenarios, you can not configure in the internal DNS.
:* Use this back end for complex DNS scenarios, you can not configure in the internal DNS.


* [[BIND9_FLATFILE_DNS Back End|BIND9_Flatfile DNS Back End]]
:* Do not use this back end! It is not supported and will be removed in the future.


If you are unsure which DNS back end to select during the DC installation, start with the Samba internal DNS. You can anytime change the back end. For details, see [[Changing_the_DNS_Back_End_of_a_Samba_AD_DC|Changing the DNS Back End of a Samba AD DC]].
If you are unsure which DNS back end to select during the DC installation, start with the Samba internal DNS. You can change the back end at any time. For details, see [[Changing_the_DNS_Back_End_of_a_Samba_AD_DC|Changing the DNS Back End of a Samba AD DC]].


{{Imbox
| type = important
| text = Do not use the <code>BIND9_FLATFILE</code> DNS back end. It is not supported and will be formally deprecated when 4.11.0 is released and removed at 4.12.0.
}}




Line 46: Line 50:
{{Imbox
{{Imbox
| type = warning
| type = warning
| text = Samba does not support renaming the AD forrest root domain.
| text = Samba does not support renaming the AD forest root domain.
}}
}}


Line 53: Line 57:
* Use a domain name you own.
* Use a domain name you own.
* Use a subdomain of your domain, such as <code>ad.example.com</code>.
* Use a subdomain of your domain, such as <code>ad.example.com</code>.
* Do not use <code>.local</code> domains. They can cause problems with MacOSX and Zeroconf.
* Do not use <code>.local</code> domains. They can cause problems with Mac OS X and Zeroconf.


For details, see [[Active_Directory_Naming_FAQ|Active Directory Naming FAQ]].
For details, see [[Active_Directory_Naming_FAQ|Active Directory Naming FAQ]].





----
[[Category:Active Directory]]
[[Category:DNS]]

Revision as of 12:30, 28 August 2019

Introduction

In an Active Directory (AD), DNS is a very important service. It is used for:

  • name resolution
  • locating services, such as Kerberos and LDAP
  • locating local domain controllers (DC) when using AD sites. For details, see Active Directory Sites.



Supported DNS Back Ends

Samba supports the following DNS back ends:

  • Default when provisioning a new domain, joining an existing domain or migrating an NT4 domain to AD.
  • No additional software or DNS knowledge is required.
  • Use this back end for simple DNS setups. For a list of limitations, see Limitations.
  • Requires BIND 9.8 or later installed and configured locally on the Samba Active Directory (AD) domain controller (DC). For additional information, see Setting up a BIND DNS Server.
  • Requires knowledge about the BIND DNS server and how to configure the service.
  • Use this back end for complex DNS scenarios, you can not configure in the internal DNS.


If you are unsure which DNS back end to select during the DC installation, start with the Samba internal DNS. You can change the back end at any time. For details, see Changing the DNS Back End of a Samba AD DC.




Selecting the AD Forest Root Domain

Before you provision your Active Directory (AD), you must select a DNS zone for your AD forest root domain. For details, see Active Directory Naming FAQ.

Best practices:

  • Use a domain name you own.
  • Use a subdomain of your domain, such as ad.example.com.
  • Do not use .local domains. They can cause problems with Mac OS X and Zeroconf.

For details, see Active Directory Naming FAQ.