Bug 11745 - Samba Internal DNS not using dns forwarder for local domain
Summary: Samba Internal DNS not using dns forwarder for local domain
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: DNS server (internal) (show other bugs)
Version: 4.3.3
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Kai Blin
QA Contact: Samba QA Contact
Depends on:
Reported: 2016-02-22 19:24 UTC by Michael Evans
Modified: 2016-03-08 10:28 UTC (History)
1 user (show)

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Michael Evans 2016-02-22 19:24:48 UTC
I believe that the dns forwarder should be used for //all// dnsqueries which Samba cannot serve it's self, even ones that are part of the local domain.

There are at least two obvious use cases for this scenerio.

For both of these examples the domain name is: example.com

The first example is where not all hosts for the domain are local and are not managed locally.  They would be located based on the global public DNS records.

The second case, which is where I am falling, is that I need to have DNS working as a pre-requisite for systems that must come online before the domain can startup.  I already have to manage a configuration there, but I am not using BIND so it makes sense to have any non-successful queries sent to the forwarder, as I had expected the setting acted.

Based on tcpdump, the currently observed behavior is that Samba chooses to forward or not based entirely on the domain of the query, instead of forwarding all questions it does not have a successful answer for.
Comment 1 Michael Evans 2016-02-22 22:03:00 UTC
Search results finally lead me to ask a slightly different version of this question:


How can I make Samba //NOT// be an authoritative DNS server?

Should this be configurable, that would be particularly useful for legacy installations (such as what I'm working with).
Comment 2 Björn Jacke 2016-03-08 10:28:04 UTC
let's not discuss all kinds of DNS configurations here. The bug/feature request was about forward DNS queries for the own example.com domain to the forwarder. This will not be supported. If you want to make any (deprecated/unsupported) hacks like that, then you should do such thing on a different DNS server, wherer you configured the example.com zone as a forwarding zone with the coresponding DNS servers as forwarders.