Reverse resolution ambiguities

Chuck Anderson cra at WPI.EDU
Thu Sep 25 14:18:18 UTC 2014

On Thu, Sep 25, 2014 at 11:39:37AM +0200, Lars Hanke wrote:

> Now we decided to move our authentication to a samba4 based AD. This
> means that the AD runs yet another domain, which
> introduces a third name for those systems, which joined the domain.
> But not all systems are expected to join. The master Bind currently
> replicates the zone of the AD.
> However, to make Kerberos work, reverse lookup must yield
> for any machine that joined the domain and
> it should yield otherwise.

I don't know how our setup works, but the reverse lookup doesn't match
our Windows-hosted AD domain name and everything works fine.  Windows
hosts the DNS domain for AD though, so that might be why.

More information about the bind-users mailing list