I think we may be talking past each other. I was referring to (client) machine
trust accounts inside of AD, not hostnames in DNS.
I now think you are referring to the latter. I can see how that can work.
--
Grant. . . .
unix || die
smime.p7s
Description: S/MIME cryptographic signature
gotchas" associated with disjoint
namespaces.
- Kevin
-Original Message-
From: bind-users On Behalf Of Grant Taylor
via bind-users
Sent: Wednesday, June 27, 2018 12:35 AM
Hmmm... My understanding was that the only requirement was that the DNS
server pointed to by the AD DC (in this case the AD is managed by SAMBA)
had to be authoritative for the domain in DNS which represented the
matching AD domain. This was a common holy war between MCSE folks and Bind
groupies.
@all
I still do not see any relevant point that will take the DNS authority
leaving the AD and do something to resolve your queries. As the wiki says,
security is essential and you do not have to risk it and let the data be
compromised.
And remember, I'm at an education institute with courses in
On 06/26/2018 10:21 PM, Mark Andrews wrote:
And if you are not using AD you can use SIG(0) and KEY records to allow
hosts to authenticate updates to the DNS for their own records.
I'm not quite following. Do you mean that you can allow hosts to update
their own RRs without requiring AD and
And if you are not using AD you can use SIG(0) and KEY records
to allow hosts to authenticate updates to the DNS for their own
records.
Instead of registering a host with AD you add a KEY record into
the DNS which has the public key of the host which is to be used
to sign the UPDATE requests.
On 06/26/2018 06:21 PM, Elias Pereira wrote:
yes. :)
https://wiki.samba.org/index.php/Active_Directory_Naming_FAQ#Why_This_Matters
Hum.
After reading that section of the page you linked to, I'm not convinced
that the DNS /must/ be on the Samba server.
How would this work in the scenario
>
> Is that truly a requirement?
> Is this not the same with Samba? Is there something specific about
> Samba that does require it to be authoritative for the zone?
yes. :)
https://wiki.samba.org/index.php/Active_Directory_Naming_FAQ#Why_This_Matters
But I know that Windows servers just
>
On 06/26/2018 05:20 PM, Elias Pereira wrote:
since the samba needs to be authoritative on its own dns.
Is that truly a requirement?
I've not messed with AD on Samba. But I know that Windows servers just
need the ability to update DNS. They do not need to be authoritative
for it.
Is this
e are expecting to see (.com if you're a
> business, .org if a non-profit, country-based TLD depending on where
> you're at, etc.).
>
> John
>
> On Tue, Jun 26, 2018 at 4:03 PM, Elias Pereira wrote:
> > Hello,
> >
> > My external DNS can be a subdomain of my root d
that people are expecting to see (.com if you're a
business, .org if a non-profit, country-based TLD depending on where
you're at, etc.).
John
On Tue, Jun 26, 2018 at 4:03 PM, Elias Pereira wrote:
> Hello,
>
> My external DNS can be a subdomain of my root domain?
>
> Eg:
> root dom
Hello,
My external DNS can be a subdomain of my root domain?
Eg:
root domain: company.intra
external dns: named.company.intra
--
Elias Pereira
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind
12 matches
Mail list logo
