Move to bind9 dns

[cfoellmann]

I just ran into a samba internal dns Limitation.

Expected to run an internal zone for our public domain internally and wondered why Recursive queries did not work and locked out all internal users from a lot of services.

https://wiki.samba.org/index.php/Samba_Internal_DNS_Back_End#Limitations

I haven't looked into it but I need to move to bind9 + on my existing deployment.

I will test this https://wiki.samba.org/index.php/Changing_the_DNS_Back_End_of_a_Samba_AD_DC

@burnbabyburn are you open to switching to bind9 in the container?

[burnbabyburn]

I haven't looked into it but I need to move to bind9 + on my existing deployment.

I will test this https://wiki.samba.org/index.php/Changing_the_DNS_Back_End_of_a_Samba_AD_DC

@burnbabyburn are you open to switching to bind9 in the container?

I would be fine using bind9, but i think it could be quite a hassle to implement. I've never used it and the mailinglists were full of bind9 issues, so i dodged it. Would check pull req though.

• Bind9 entries relies on inode numbers for its dns entries/databse. Could be a real pain if you move your volumes.
• The script must ensure a valid keytab exists => so maybe samba needs to autorefresh keytab

[burnbabyburn]

@cfoellmann Initial bind9 branch. works fine in test env so far € Should be working fine now. There is even an option to disable DNSSEC checks on specified domains (e.g. forwarding to a pihole)

[cfoellmann]

I am on a convention next week so no time for testing yet. Will test all your work asap

[burnbabyburn]

not related, but i wanted to add, that the scripts should be posix compliant and should run in an sh-env (alpine). atleast in chrony branch. have toi pull back

[cfoellmann]

I am all for an alpine based image as long as there are no blockers for the feature set

[burnbabyburn]

Branch:

• Bind9=>Bind9 with ntpd
• chrony=>chrony without Bind9
• test=>chrony,bind9 and csript runs fine on alpine and ubuntu

[burnbabyburn]

@cfoellmann there should be enough options. Would recommend v2.0

[cfoellmann]

I am sorry for not getting back to you and test.

I was on convention and after that had to work on the backlog

[burnbabyburn]

Hope you had a good time :) As you're running this in an prdouctive env: Be carefull while testing. The data volume is one of the breaking changes. Both new images are build from test branch. (Which was tested A LOT) ATM the legacy branches (My,chrony and bind9) need to be build manually

[cfoellmann]

I am finally starting to realize that I should NOT have started using the project for production 👿 BUT now I am committed and as far as I can see the v2.0 seems like a great package.

Now I will be brave (probably stupid) and join a dc3 to my AD with the image ghcr.io/burnbabyburn/docker-samba-dc:alpine

I hope you are open for some conversation 😉 since I need to get my AD into shape for a RDS host 🤯 💥

[cfoellmann]

I "just" realized that my AD is an a nearly non-working state. GPO is not working since the domain folder in sysvol was never created. Going to rebuild this now and will report on my results