.. Reminder for header structure:        
  Parts (H1)          : #################### with overline
  Chapters (H2)       : ******************** with overline
  Sections (H3)       : ====================
  Subsections (H4)    : --------------------
  Subsubsections (H5) : ^^^^^^^^^^^^^^^^^^^^
  Paragraphs (H6)     : """""""""""""""""""""

.. |date| date::

.. meta::
  :description: Installing and configuring hybrid DNS for Samba-AD
  :keywords: Bind, Samba-AD, documentation, DNS

.. _server_install_hybrid_dns_redhat:


#####################################
Installing and configuring Hybrid DNS
#####################################

Tranquil IT recommends the use of both Samba-AD internal DNS server and Bind.
The Samba-AD internal DNS server will handle internal queries, while Bind will manage external ones.
This configuration uses few resources and benefits from the caching functionality provided by Bind.

.. image:: images/samba_hybrid_dns.png
  :scale: 40%
  :align: center

* Install the Bind package:

  .. code-block:: bash

    yum install bind bind-utils

* Modify the options section of the file :file:`/etc/named.conf` (remember to modify the *forwarder*):

  .. code-block:: ini

    options {
        directory "/var/named";
        // Exemple de forwarder :
        forwarders {
            1.1.1.1;
        };
        allow-query { any; };
        dnssec-validation no;
        minimal-responses yes;
        auth-nxdomain no;    # conform to RFC1035

        listen-on-v6 port 5353 { ::1; };
        listen-on port 5353 { 127.0.0.1; };
    };

* If needed, you can set a forwarder for a specific zone, modify the local section of the file :file:`/etc/named.conf`:

  .. code-block:: ini

    zone "myforwardedzone.lan" {
        type forward;
        forward only;
        forwarders { 192.168.50.10; } ;
    };

* Disable IPv6 bind on the local network in :file:`/etc/sysconfig/named`:

  .. code-block:: ini

    # startup options for the server
    OPTIONS="-4"


* In :file:`/etc/samba/smb.conf`, add the following line:

  .. code-block:: ini

    [global]
    ...
    dns forwarder = 127.0.0.1:5353


* Finally restart the **samba** and **named** services:

  .. code-block:: bash

    systemctl restart samba
    systemctl restart named

******************************************
Ensuring the correct configuration of Bind
******************************************

* Ensure that the Bind server is listening on port 5353:

  .. code-block:: bash

    netstat -tapn | grep 5353
      tcp     0    0 127.0.0.1:5353    0.0.0.0:*    LISTEN      5291/named

* Test local and recursive queries:

  .. code-block:: bash

    dig @localhost google.fr
    dig @localhost srvads.mydomain.lan
    dig -t SRV @localhost _ldap._tcp.mydomain.lan


Congratulations, your configuration is moving forward and you have just taken another step towards the solidity and efficacy of your Samba-AD installation.

Now, we will :ref:`configure the NTP service <server_install_ntp_redhat>` so that your Samba-AD and the workstations of your network are all on the right time and synchronized!!
