The Samba AD DNS Back Ends

From SambaWiki
Revision as of 16:53, 20 May 2013 by Mmuehlfeld (talk | contribs) (Small changes on the text, removed the small BIND & samba_dnsupdate section)

Internal DNS

The internal DNS server is built into Samba and uses AD as backend. Also it is the default DNS solution when you provisioning/upgrading an Samba AD controller.


Configuration

If you choosed the internal server as DNS backend for your environment, there are three options that can be added to your smb.conf to control the behavior of DNS at this point:

# Allow unsigned updates | don't allow any updates | only allow signed updates
allow dns updates = True | False | signed

# If recursive queries = yes is set, the following is also needed
dns forwarder = <ip addr of external dns server>


Known Issues

The samba_dnsupdate command produces warnings when used with signed updates. We're currenly investigating a fix for the warnings, but the updates actually succeed. Client systems like samba3 or Win7 work fine.


Tests

Run during make test

TDB_NO_FSYNC=1 make test TESTS=samba.tests.dns

Run against external servers (Windows or BIND)

SERVER_IP=<dns server ip> SERVER=<dns server name> REALM=<dns server domain name part> PYTHONPATH=`pwd`/bin/python ./source4/scripting/bin/subunitrun samba.tests.dns



BIND DLZ plug-in (for BIND 9.8 and 9.9)

BIND can be setup to provide DNS resolving for zones managed in AD. They are accessable from BIND through the DLZ (dynamically loadable zones) plug-in.


Installation / Setup

See the Bind as DNS backend HowTo for a detailed instruction.