When to use BIND vs internal DNS for Samba 4 backend

centos samba dns bind
16,006

Solution 1

These are the limitations from Samba's wiki on internal backend:

The internal DNS does not support:

  • acting as a caching resolver
  • recursive queries
  • shared-key transaction signature (TSIG)
  • stub zones
  • zone transfers
  • wildcard DNS entries

A "simple DNS setup" reading as what Samba internal backend is capable of, consists of the following:

  • 1 domain, 1 domain controller (DC)
  • All workstations are joined to the domain
  • The DC is able to access Internet DNS servers
  • Kerberos-secured DNS updates are supported (Windows' ipconfig /registerdns) or similar
  • No trusts or other domains in the Active Directory (AD) forest
  • Only basic types of DNS records are allowed (A, AAAA, CNAME, MX, NS, SRV, TXT).

Everything else is "more complex setup of DNS".

Solution 2

If you are going to serve DNS (hostnames including your domain name visible on the internet) and want to move this away from the Windows sever you will have use bind.

SAMBA 3 and earlier only provide name resolution over NetBIOS (which is local subnet only and used generally only by Windows clients), and will not serve these names out to the internet at large, as that can only be done by bind (or any other name server program).

EDIT As Kev has pointed out, it seems that Samba 4 when the "Samba Directory" is enabled (a attempt to replace active directory of Windows), a rudimentary DNS server is enabled to handle requests for the "Samba Directory". I would still suspect that if your clients make heavy use of different domains on the internet you are still probably better off with BIND (with forwards for the AD domain, and caching for the rest of the internet).

That doesn't really answer the "threshold" question well, but surely that's something the Samba team could clarify?

Solution 3

In looking at the features it offers it looks to be fairly basic. It can perform lookups against a single domain. With bind you can have as single instance servicing multiple domains as well as having much more complex setups.

Samba 4's implementation does give you the ability to chain an additional server into the mix so you can have some of the resolving done by Samba 4 and for anything it can't resolve it can forward these requests to another server, however it's still limited to the one domain name.

You can do this by adding these lines to your /etc/samba/smb.conf:

dns recursive queries = yes 
dns forwarders = 192.168.1.5

Based on your description it's not enough to say conclusively whether you can/can't use just the Samba 4 DNS server, I think the main breaking point will have to do with how you are using domain names across your servers as well as any virtualhost's you may setup within the HTTP service.

For example I have a fairly complex setup where I host multiple domain names on a single instance of Apache. I then use forms of these names to access backend servers such as databases using forms of the domains used to access the HTTP server.

So if someone were to come in and access www.somedom.com, they would get their content served and the HTTP server would've been accessing the database server using the name db.somedom.com.

To achieve this I setup multiple domains within my DNS Bind instance to facilitate this.

Share:
16,006

Related videos on Youtube

Kev
Author by

Kev

I have been programming almost since the cradle. I am mostly based in Europe and remote (or mostly remote) programming jobs for EUR or CHF are my ideal. If you don't mind the time zone difference, I have successfully worked with North American companies from here before (EST and PST, but it depends on your requirements.)

Updated on September 18, 2022

Comments

  • Kev
    Kev over 1 year

    I am using Samba 4 as an AD DC with NetBIOS disabled, as I have it in Windows.

    The Samba documentation says:

    Bind as DNS backend is recommended, if you plan setup a complexer DNS setup, than the Samba 4 internal DNS currently made possible.

    What exactly is the threshold for "a complexer DNS setup"?

    I plan to use this on a small business network's CentOS 6.4 server for Internet access and to allow the main server to be accessed via HTTP by a few different names and IP addresses. Currently, we have a Windows server set up to do this task and are migrating.

    Does this count as complex enough to require Samba's internal DNS, or would it be better to install BIND?

    • Admin
      Admin over 9 years
      How about management aspects? When using "internal" DNS, will admins be able to use Microsoft Remote Administration Tool (RAT) to add/modify/remove DNS entries with the included DNS snap-in ? Will this DNS snap-in (RAT) work, too, in conjunction with BIND ?
  • Kev
    Kev almost 11 years
    Sorry, I didn't mean to imply it served our DNS hostname on the internet, rather that it acts as a DNS request forwarder so that I didn't have to reconfigure clients if I wanted to change which DNS server they used. So I'm not sure if your "have to use bind" still applies? In any case the latter part of your answer does not seem to be true about Samba 4, which includes an actual DNS server internally.
  • Kev
    Kev almost 11 years
    I've come across clearcenter.com/support/documentation/clearos_guides/… and if I understand your comment correctly and that page as well, would it be that Samba 4 DNS would be used for internal clients, but Samba 4 DNS would look at its nameserver directive to find where to forward non-AD DNS requests from clients, which could be the locally-run BIND server, just referenced with its network IP rather than 127.0.0.1? IOW, it's less "use one or the other" and more "Samba DNS runs either way, do we use BIND?"
  • Drav Sloan
    Drav Sloan almost 11 years
    @kev It seems that way! (news to me). Though a quick peruse of the docs seems to suggest you have to set up the equivalent of a Active Directory with it to gain the DNS. However, if you are not making use of other services in Samba, then it's probably better to go with bind (or some other lighter DNS server).
  • slm
    slm almost 11 years
    @Kev - see my updated 2nd attempt at answering your question, thanks for pointing that out, BTW.
  • Kev
    Kev almost 11 years
    So the complexity mostly hinges on single vs multiple domains? I'm only working with one domain, the server having multiple hostnames, but all on the same domain. It sounds like internal might suffice, so I think I'll give it a go and see what we come up against.
  • slm
    slm almost 11 years
    @Kev - yeah I would give a go as well. One other thing to determine if you need is reverse lookups (IP -> names), it wasn't clear if this feature was supported or not.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

how can I add records to the zone file without restarting the named service?
Can't start Bind open: /etc/named.conf: permission denied - Centos 7
BIND named... unknown host
binding ip address to hostname
NS: got insecure response; parent indicates it should be secure
How to setup BIND DNS to retrieve all non authoritative queries from another server
CentOS 6.3 Samba share over internet not working
difference between eth0 and venet0 configuration on CentOS 6.3
DNS configuration problem with BIND9
How to setup DNS Server on Local network