[Samba] Changing DC from external to internal DNS

Rowland Penny rowlandpenny at googlemail.com
Wed Jan 28 12:13:20 MST 2015 

On 28/01/15 18:56, support at remsnet.de wrote:
> Hello Lars,
>
>> I set up two AD DC with external bind and it used to work for a while.
>> Following a Bind9 upgrade named complained about missing SOA and NS
>> records in the DLZ zones and could not be started anymore.
>>
>> Monday, due to a misinterpretation of some queries, I restarted Bind on
>> the hitherto working system and I got the same error messages. No
>> nothing changed - no changes in configuration, no updates.
>>
>> I made a slave DNS master and activated its backup of the AD zone, so
>> the infrastructure is currently working.
>>
>> Since I asked about that issue before on this list and received no
>> answer, I assume it is unknown. Whatever I tried to analyze the ldb, I I
>> couldn't find anything suspicious.
>>
>> However, my idea now is to reduce complexity. Use the internal DNS for
>> the AD zone and keep the slave Bind to serve requests from the network.
>>
> have & see equal issues here like you but on "VPN based slave networks" ..
>
> I have now 5 vpns and only 2 of them have an local  AD, the rest are slave bind9.
>
> Seen BUGS had been filled , as some forest entrys for forward
> and reverse not correctly created by samba tool while using bind9 dlz.
>
>> My questions:
>>
>> 1) Can the internal DNS of Samba4 work as a master DNS, or are features
>> missing, e.g. zone transfer, which are expected by the slave?
>>
> uppon samba4 internal dns docu >- don´t support axfr fully.
>
> see https://wiki.samba.org/index.php/DNS_Administration#Known.2Fissues_missing_features
> and https://wiki.samba.org/index.php/Samba_Internal_DNS#Limitations_.2F_Known_issues
>
>> 2) As it seems the steps for falling back to internal DNS are: demote
>> one AD DC, configure a new one with internal DNS, join it as new DC.
>> Then do the same with the other DC. Is there a simpler method or
>> anything more to consider? Did someone do that before?
>>
> you can simply switch to internal dns using samba-tool dns upgrade internal.
> But then lack´s soome required modern dns feagers .
>
> looks like  that the docu for "samba-tool dns upgrade internal."
>   that had been dropted of the dns managment wiki page.. ?!?
>
> @Marc ? review it please...
>
>
>

Hi, there is another page for that: 
https://wiki.samba.org/index.php/Changing_the_DNS_backend

Rowland

More information about the samba mailing list