When creating a new Samba AD Domain (using `samba-tool domain provision`), samba-tool will copy your current nameserver from /etc/resolv.conf to `dns forwarder` in the newly-generated smb.conf. However, when joining a DC (using `samba-tool domain join`), samba-tool does not write `dns forwarder` to the new smb.conf. Is there any reason Samba should be inconsistent here? After all, a DC is a DC. I feel that this is a bug because a) it's different from provision, and b) the AD DC configuration tends to be more up-front, and less hacking on smb.conf. During a new provision, the code will get the current nameserver from /etc/resolv.conf [1], and pass it as `dns_forwarder` to `provision()` which will write into the newly-generated smb.conf [2]. During a join, the code does not pass `dns_forwarder`[3]. [1] https://gitlab.com/samba-team/samba/blob/samba-4.10.4/python/samba/netcmd/domain.py#L377 [2] https://gitlab.com/samba-team/samba/blob/samba-4.10.4/python/samba/provision/__init__.py#L2172 [3] https://gitlab.com/samba-team/samba/blob/samba-4.10.4/python/samba/join.py#L1738
Complicating this is the fact that during a `domain join`, Samba needs to be able to query a Domain DNS server (e.g., to find a writable DC). That implies that, during join, resolver.conf should be changed to point at a DC, but this is not what one would want to use for `dns forwarder`. An alternative to this would be to continue to expect (prior to `domain join`) that resolv.conf already points at a Domain DNS server. However, after joining (and changing resolv.conf to localhost), the `dns forwarder` entries need to be then added.