The Samba AD DNS Back Ends: Difference between revisions
Mmuehlfeld (talk | contribs) (moved 'Additional BIND9 DNS issues' + 'A note on DNS problems with BIND9 DLZ' to the 'Dns-backend_bind' page) |
Mmuehlfeld (talk | contribs) (Small changes on the text, removed the small BIND & samba_dnsupdate section) |
||
| Line 1: | Line 1: | ||
=Internal DNS= |
= Internal DNS = |
||
The internal DNS server is built into Samba and uses AD as backend. Also it is the default DNS solution when you provisioning/upgrading an Samba AD controller. |
|||
==Status== |
|||
As of early September 2012, the internal DNS server is fully functional, for both GSS-TSIG-signed and unsigned updates. |
|||
== Configuration == |
== Configuration == |
||
If you choosed the internal server as DNS backend for your environment, there are three options that can be added to your smb.conf to control the behavior of DNS at this point: |
|||
# Allow unsigned updates | don't allow any updates | only allow signed updates |
# Allow unsigned updates | don't allow any updates | only allow signed updates |
||
| Line 16: | Line 14: | ||
# If recursive queries = yes is set, the following is also needed |
# If recursive queries = yes is set, the following is also needed |
||
dns forwarder = <ip addr of external dns server> |
dns forwarder = <ip addr of external dns server> |
||
== Known Issues == |
== Known Issues == |
||
The samba_dnsupdate command produces warnings when used with signed updates. We're currenly investigating a fix for the warnings, but the updates actually succeed. Client systems like samba3 or Win7 work fine |
The samba_dnsupdate command produces warnings when used with signed updates. We're currenly investigating a fix for the warnings, but the updates actually succeed. Client systems like samba3 or Win7 work fine. |
||
==Tests== |
== Tests == |
||
Run during make test |
Run during make test |
||
| Line 30: | Line 32: | ||
=BIND 9.8.0 DLZ plug-in= |
|||
Dynamically loaded zones plug-in for BIND 9.8.0. AD backend. |
|||
==Status== |
|||
= BIND DLZ plug-in (for BIND 9.8 and 9.9) = |
|||
Module is built with Samba, handles RFC 1035 and RFC 2136 |
|||
BIND can be setup to provide DNS resolving for zones managed in AD. They are accessable from BIND through the DLZ (dynamically loadable zones) plug-in. |
|||
=BIND & samba_dnsupdate= |
|||
Non-AD backend, but works with older BINDs. |
|||
== Installation / Setup == |
|||
==Status== |
|||
See the [[Dns-backend_bind|Bind as DNS backend HowTo]] for a detailed instruction. |
|||
samba_dnsupdate script shipped with Samba, lets BIND handle DNS and just dynamically modifies AD-related information. |
|||
Revision as of 16:53, 20 May 2013
Internal DNS
The internal DNS server is built into Samba and uses AD as backend. Also it is the default DNS solution when you provisioning/upgrading an Samba AD controller.
Configuration
If you choosed the internal server as DNS backend for your environment, there are three options that can be added to your smb.conf to control the behavior of DNS at this point:
# Allow unsigned updates | don't allow any updates | only allow signed updates allow dns updates = True | False | signed # If recursive queries = yes is set, the following is also needed dns forwarder = <ip addr of external dns server>
Known Issues
The samba_dnsupdate command produces warnings when used with signed updates. We're currenly investigating a fix for the warnings, but the updates actually succeed. Client systems like samba3 or Win7 work fine.
Tests
Run during make test
TDB_NO_FSYNC=1 make test TESTS=samba.tests.dns
Run against external servers (Windows or BIND)
SERVER_IP=<dns server ip> SERVER=<dns server name> REALM=<dns server domain name part> PYTHONPATH=`pwd`/bin/python ./source4/scripting/bin/subunitrun samba.tests.dns
BIND DLZ plug-in (for BIND 9.8 and 9.9)
BIND can be setup to provide DNS resolving for zones managed in AD. They are accessable from BIND through the DLZ (dynamically loadable zones) plug-in.
Installation / Setup
See the Bind as DNS backend HowTo for a detailed instruction.