Reverse resolution ambiguities
cra at WPI.EDU
Thu Sep 25 14:18:18 UTC 2014
On Thu, Sep 25, 2014 at 11:39:37AM +0200, Lars Hanke wrote:
> Now we decided to move our authentication to a samba4 based AD. This
> means that the AD runs yet another domain .ad.my.official.tld, which
> introduces a third name for those systems, which joined the domain.
> But not all systems are expected to join. The master Bind currently
> replicates the .ad.my.official.tld zone of the AD.
> However, to make Kerberos work, reverse lookup must yield
> client.ad.my.offcial.tld for any machine that joined the domain and
> it should yield client.internal.my.official.tld otherwise.
I don't know how our setup works, but the reverse lookup doesn't match
our Windows-hosted AD domain name and everything works fine. Windows
hosts the DNS domain for AD though, so that might be why.
More information about the bind-users