Some questions about domain controller, DNS and DHCP servers.
Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Some questions about domain controller, DNS and DHCP servers.
Hello,
I want to use CentOS as an Active Directory Domain Controller, DNS and DHCP servers and join Windows OS clients to my domain and user could use their Usernames and passwords for logging into their systems.
I have some questions:
1- Is "dnsmasq" OK to launch a DNS and DHCP server? Why some Linux administrators prefer it and why others prefer DNS and DHCP services separately?
In an Active Directory domain, the DNS server serving the Active Directory DNS zone must be AD-integrated. The internal Samba DNS server is obviously capable of this, and so is BIND, using the BIND9_DLZ module.
dnsmasq knows nothing of AD, and cannot function as a DNS server for an AD zone.
Was it you who asked that question in another thread? Samba's DNS server is a full DNS server only for AD. It can't be used as a full DNS server otherwise; it can only function as a forwarder. If that sounds reasonable to you, go ahead.
In an Active Directory domain, the DNS server serving the Active Directory DNS zone must be AD-integrated. The internal Samba DNS server is obviously capable of this, and so is BIND, using the BIND9_DLZ module.
dnsmasq knows nothing of AD, and cannot function as a DNS server for an AD zone.
Thanks.
Thus, "dnsmasq" is not an enterprise solution is not a good option for a large network?
It is an enterprise solution, but in the context of virtual networks. For example, it's used as the default DHCP and DNS server for virtual networks in OpenStack clouds. I guess it's not suitable as a robust solution for an enterprise network, but I can't explain what deficits it has compared to, say, BIND or PowerDNS, and the standard ISC dhcpd.
I'd just like to "chime in" here with a few "terminology clarifications." To briefly explain what each of these three server (roles ...) are, conceptually what they do, and conceptually why they exist. They're in no particular order.
(1) In a Windows environment, a domain controller is a fundamental part of the shared-control mechanism that's a hallmark of the way that they allow a single management-point to control an entire network. It provides many services in a centrally-manageable way. It might provide some of the other services described below, and the purpose of it doing so is so that they, also, can be "centrally managed." If you're not participating in – or being managed by – a Windows network, you won't use this.
(2) "DNS" is the "Domain Name Server" which acts as the "master telephone directory." What's the "telephone number" (IP address) of linuxquestions.org? DNS knows the answer.
(3) "DHCP" is a service that's usually provided by router hardware. When a new computer, phone, or whatchamacallit "powers on," it needs a unique IP-address that it can use. DHCP servers dole them out.
Also:
(4) "LDAP" is a method of providing structured data – such as configuration entries or authentication credentials. "Active DirectoryŽ" is Microsoft's trademark for their own particular flavor of more-or-less the same thing. For instance, if you want every computer in your network to present the same set of userids and passwords, and if you want to centrally manage their characteristics, one good way to do this (with or without Windows ...) is to arrange for each computer to consult LDAP instead of using local password-files. Web servers and even Linux itself can be programmed to do this.
"HTH!"
Last edited by sundialsvcs; 05-04-2021 at 03:54 PM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.