So i have a dream! My plan is to have a website and a database accessible through public IP but over SSL encrypted connection with proper authentication. To get the SSL certificate i'm setting up samba domain controller with BIND9_DLZ dns server (for Windows and Linux machines). Once that's done, i will certificate my domain and setup the connections to DB and websites.

Minding the general idea above, i'm in process of building the samba AD DC with BIND9_DLZ on my PI 3b+ (on centos7). I'm wondering which DNS server should i build, authoritative or recursive. I'm not quite sure. I read about differences online, but still.. Is authoritative necessary or recursive is enough with named.root file specifying the root domain servers?

Another question: I'm wondering where is the actual table where i can input the new machines and assign IP to it in the BIND9 setup. Is it in the zones(forward and reverse), or is there any central place where i can add new machines?

It's more of a concept to talk about best tips and practises for home labs and environments. Any setups/ideas are appreciated.

Of course if further information is required, let me know, i will provide. Regards,