This improves Samba AD DC performance as a DNS server dramatically, because NS records do not
need to be looked up and there is less risk the response will have to fall back
to TCP, doubling the cost again.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Jun 21 00:52:19 UTC 2019 on sn-devel-184
# Additional information for DNS setup using BIND
-# If you are running a capable version of BIND and you wish to support
-# secure GSS-TSIG updates, you must make the following configuration
-# changes:
+# You must make the following configuration changes to BIND to support
+# Samba's AD DC:
#
# Steps for BIND 9.8.x and 9.9.x -----------------------------------------
# 1. Insert following lines into the options {} section of your named.conf
# file:
tkey-gssapi-keytab "${DNS_KEYTAB_ABS}";
+minimal-responses yes;
# 2. If SELinux is enabled, ensure that all files have the appropriate
# SELinux file contexts. The ${DNS_KEYTAB} file must be accessible by the
projects / thirdparty / samba.git / commitdiff
