On Sun, 2012-12-23 at 14:20 -0500, Michael B. Trausch wrote: > On 12/22/2012 05:44 AM, Andrew Bartlett wrote: > > On Tue, 2012-12-18 at 11:58 -0500, Michael B. Trausch wrote: > >> Hello all, > >> > >> I'd like to have redundant DNS in our setup. But it seems that Samba 4 > >> does not yet support AXFR with its internal DNS server. Alright, that's > >> fine, so I figured I'd configure the system such that at the very least, > >> a caching nameserver was sitting in front of it. However, that doesn't > >> work; the caching nameserver (BIND 9) returns SERVFAIL, apparently > >> because Samba 4 isn't setting the authoritative bit on its DNS responses. > > > > That's odd. Please file a bug, so Kai can look into it. > > Well, I finally got it working, after an update. Yay. :) > > I still don't have the ability for AXFR, though, it seems. Is that > supported, or in-the-works?
Neither, at this stage. > >> Is this a known issue, a configuration error on my part, or something > >> entirely different altogether? > > > > You could run another Samba DC to get the redundant DNS. > > I _could_... but I'm not there yet, and Samba seems to drop queries a > fair bit on a lightly-loaded (about 1 QPS) network; what I mean there is > that we've observed failure-to-resolve several times a day. This seems > to have gone away now that we've turned off the forwarding option, and > are using BIND "in front" of Samba 4 as a caching/forwarding nameserver. > I'll know more as the week goes by. > > > Another option is to run the bind9 server and the dlz plugin. > > I'd opted to not set this domain up that way because I figured it'd be > easier to manage if Samba handled the domain itself. We could switch to > BIND for the server, but I have three questions there: > > 1. Can we switch from Samba 4 -> BIND without reprovisioning? Yes. See the samba_upgradedns script, which handles the switching required between backends. > 2. Is there any loss of client-side functionality (e.g., the Microsoft > DNS tool)? No. > 3. Are there any other downsides to using BIND over the internal Samba4 > DNS? The internal DNS is simpler, follows our internal handling of 'bind interfaces' and starts up with the rest of Samba. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
