Use the nsdc container as DNS (?)

(Jeroen Visser) #1

Actually, member servers and workstations should ONLY use the nsdc container as DNS and never something else.
There is no reliable way to mix and match there … AD requires the use of the AD DNS to function properly.

Reverse Lookup Zones and PTR records
SSSD-Error when joining NS to another NS-AD
(Davide Principi) #2

Right, I want to remark that dnsmasq can forward DNS queries to nsdc and vice versa. You can actually use both IPs as DNS. The advantages on dnsmasq side are

  • reverse zone (if configured as DHCP server)
  • define overrides for the authoritative zone in DNS page

Networking DNS configs
(Jeroen Visser) #3

If that is how it should be working, then either I am doing something very wrong or there are a few bugs.

With the following settings:
nethserver ad host: ip
nethserver ad host: DNS set to in Networking settings.
samba container IP:

Random DHCP server in network supplying as DNS, clients can not ping eachother by hostname. The entries that end up in the samba container DNS are not propagated to the nethserver ad host. Due to this being so, I added this specific part to my guide, and just repeated it :slight_smile:
Let me know where I fubar or what I dont get here.

When I use the for DNS for clients, entries on the DNS page of the nethserver host are not functional for clients.

(Davide Principi) #4

…you got the cons of nsdc as DNS :smile:

You should set NS as DHCP server. In other words both DNS and DHCP should be served by dnsmasq.

When dnsmasq is also DHCP server it automatically fills up the forward and reverse zones with client IPs and names.

This solution is far from being perfect, but works on small networks.

(Jeroen Visser) #5

…it rapidly fails when your Nethserver is on a different subnet then your clients :stuck_out_tongue:

With this comment I now both get why this was chosen, and why I have been loosing a few hairs :stuck_out_tongue:

(Davide Principi) #6

I know: there’s room for improvements on this area… Using BIND samba backend, DDNS updates…

Ideas are welcome!

I think we should try to make AD DNS work as it’s designed to do. It should receive DDNS updates directly from clients, so that DHCP is no longer required to sync DNS.

And server manager should be able to update AD DNS…

(Jeroen Visser) #7

…that’s what I assumed to be the case when I started out. … image the fun that gave me, discovering the details :stuck_out_tongue: