22.11.2022 15:57, Petr Špaček via Unbound-users wrote:
On 22. 11. 22 13:27, Michael Tokarev via Unbound-users wrote:
For example, we've a domain and a few geographically-spread
offices, each office is supposed to have its own proxy, email
server, file server and stuff like that. This is also an
AD DC domain. I thought about a single domain zone and local
overrides for certain commonly used names. But once again
faced this issue with unbound who is unable to resolve
(expand) CNAMEs in local-data or somesuch.
(Yes, I know there's another way, to give each office a
subdomain with the local names specified there, and specify
all other names in the main domain. But that doesn't work
because windows machines always query in its AD Domain
name first, and in DHCP-provided suffix next, - so I have
to override this at the resolver level).
Well, MS AD does support location-aware routing. I suggest using that instead
of hacking in your own way.
I know how to locate the AD DC closes to the client (site-specific),
that portion works.
Now I want to a) provide a short name (fs) which is used by all our
users to mean their closest local file server, - I can't find a way
to do that in AD. And b) to store user profiles only on the site-
specific server, so home server is different depending on the current
location a user logs in. If a) is solved, b) is solved too. For 2
weeks I tried to implement this in samba, - to discover a ton of
bugs and unexpected behavior. Now I did implement this in DNS, in
a test environment *finally*, - but it turned out I'll have to
replace whole our unbound infrastructure with something else b/c
this very unbound limitation - it can't expand CNAMEs in local-data
and local-zone.
See e.g.
https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/plan/site-functions and
search for "Client affinity".
MS keywords for this are "sites" and "locator".
Non-MS docs about this:
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/windows_integration_guide/sssd-ad-dns-sites
Yes, this is about locating the closest DC.
I want it to locate a closest file server given short name.
I'd *love* to do that on the AD side, but so far it didn't work.
And still, there question which I asked: *why* unbound can't
expand CNAMEs in local-data? I'm looking at the source now, -
but with any code which you see for the first time, this is
not exactly a quick thing to do :)
Thanks,
/mjt
