Installing and configuring Hybrid DNS

Tranquil IT recommends the use of both Samba-AD internal DNS server and Bind. The Samba-AD internal DNS server will handle internal queries, while Bind will manage external ones. This configuration uses few resources and benefits from the caching functionality provided by Bind.

• Install the Bind package:

  yum install bind bind-utils
  

• Modify the options section of the file /etc/named.conf (remember to modify the forwarder):

  options {
      directory "/var/named";
      // Exemple de forwarder :
      forwarders {
          1.1.1.1;
      };
      allow-query { any; };
      dnssec-validation no;
      minimal-responses yes;
      auth-nxdomain no;    # conform to RFC1035
  
      listen-on-v6 port 5353 { ::1; };
      listen-on port 5353 { 127.0.0.1; };
  };
  

• If needed, you can set a forwarder for a specific zone, modify the local section of the file /etc/named.conf:

  zone "myforwardedzone.lan" {
      type forward;
      forward only;
      forwarders { 192.168.50.10; } ;
  };
  

• Disable IPv6 bind on the local network in /etc/sysconfig/named:

  # startup options for the server
  OPTIONS="-4"
  

• In /etc/samba/smb.conf, add the following line:

  [global]
  ...
  dns forwarder = 127.0.0.1:5353
  

• Finally restart the samba and named services:

  systemctl restart samba
  systemctl restart named
  

Ensuring the correct configuration of Bind

• Ensure that the Bind server is listening on port 5353:

  netstat -tapn | grep 5353
    tcp     0    0 127.0.0.1:5353    0.0.0.0:*    LISTEN      5291/named
  

• Test local and recursive queries:

  dig @localhost google.fr
  dig @localhost srvads.mydomain.lan
  dig -t SRV @localhost _ldap._tcp.mydomain.lan
  

Congratulations, your configuration is moving forward and you have just taken another step towards the solidity and efficacy of your Samba-AD installation.

Now, we will configure the NTP service so that your Samba-AD and the workstations of your network are all on the right time and synchronized!!