The BIND9_DLZ plugin turned out to be pretty flaky. It craps out
whenever `named` is reloaded, which seems to happen occasionally for
reasons I cannot identify. Combined with the weird SELinux issues, and
the fact that upstream recommends against it anyway, I decided to just
use the built-in DNS server in Samba.
If a file exists at `vault/samba-dc/{{ krb5_realm }}`, it will be loaded
before applying the tasks to deploy a Samba domain controller. This can
be used, for example, to set the credentials for adding a new domain
controller to an existing domain.
The `domain-controller.yml` playbook combins the `samba-dc.yml` and
`named-server.yml` playbooks, making the process of deploying a new AD
DC using Samba and BIND slightly simpler.
Dustin