.. Reminder for header structure: Parts (H1) : #################### with overline Chapters (H2) : ******************** with overline Sections (H3) : ==================== Subsections (H4) : -------------------- Subsubsections (H5) : ^^^^^^^^^^^^^^^^^^^^ Paragraphs (H6) : """"""""""""""""""""" .. |date| date:: .. meta:: :description: Installing and configuring hybrid DNS for Samba-AD :keywords: Bind, Samba-AD, documentation, DNS .. _server_install_hybrid_dns_redhat: ##################################### Installing and configuring Hybrid DNS ##################################### Tranquil IT recommends the use of both Samba-AD internal DNS server and Bind. The Samba-AD internal DNS server will handle internal queries, while Bind will manage external ones. This configuration uses few resources and benefits from the caching functionality provided by Bind. .. image:: ../../images/samba_hybrid_dns.png * Install the Bind package: .. code-block:: bash yum install bind bind-utils * Modify the options section of the file :file:`/etc/named.conf` (remember to modify the *forwarder*): .. code-block:: ini options { directory "/var/named"; // Exemple de forwarder : forwarders { 1.1.1.1; }; allow-query { any; }; dnssec-validation no; minimal-responses yes; auth-nxdomain no; # conform to RFC1035 listen-on-v6 port 5353 { ::1; }; listen-on port 5353 { 127.0.0.1; }; }; * If needed, you can set a forwarder for a specific zone, modify the local section of the file :file:`/etc/named.conf`: .. code-block:: ini zone "myforwardedzone.lan" { type forward; forward only; forwarders { 192.168.50.10; } ; }; * Disable IPv6 bind on the local network in :file:`/etc/sysconfig/named`: .. code-block:: ini # startup options for the server OPTIONS="-4" * In :file:`/etc/samba/smb.conf`, add the following line: .. code-block:: ini [global] ... dns forwarder = 127.0.0.1:5353 * Finally restart the **samba** and **named** services: .. code-block:: bash systemctl restart samba systemctl restart named ****************************************** Ensuring the correct configuration of Bind ****************************************** * Ensure that the Bind server is listening on port 5353: .. code-block:: bash netstat -tapn | grep 5353 tcp 0 0 127.0.0.1:5353 0.0.0.0:* LISTEN 5291/named * Test local and recursive queries: .. code-block:: bash dig @localhost google.fr dig @localhost srvads.mydomain.lan dig -t SRV @localhost _ldap._tcp.mydomain.lan Congratulations, your configuration is moving forward and you have just taken another step towards the solidity and efficacy of your Samba-AD installation. Now, we will :ref:`configure the NTP service ` so that your Samba-AD and the workstations of your network are all on the right time and synchronized!!