[Samba] Horrible BIND9_DLZ DNS breakage after DC replaced and samba-tool domain demote --remove-other-dead-server
Alex Crow
acrow at integrafin.co.uk
Sun Aug 14 18:18:41 UTC 2016
>
> Ok, lets just run through this:
> You have an NT4-style PDC
Correct.
> You classicupgrade this to a DC
Yes, with BIND9_DLZ DNS backend.
> You join another computer as a DC
>
> At this point, have you checked that all DNS records etc are correct ?
Yes, I followed the procedure on the Wiki at:
https://wiki.samba.org/index.php/Check_and_fix_DNS_entries_on_DC_joins
I setup bind as documented and start it as soon as the domain is joined.
It works fine at this point.
In addition even after this I find essential DNS records missing, eg the
A record for the domain only exists for the initial server, not the
newly joined one. The same with all the SRV records.
So I issue this command to add them:
samba_dnsupdate --verbose
> Is Bind9 running on both DCs at this point.
> Is everything working as expected ?
Yes.
> You now turn off the first DC
> You now seize all FSMO roles to the remaining DC
I've tried this in two different ways:
1. Turn off the first DC, fsmo seize then
--remove-other-dead-server=<original DC name>
2. Try to demote the first DC, fails to complete. then carry on as above
> Are you turning Bind9 off on the remaining DC at this point ?
After this point I've shut down the original DC.
>
> You run the demote command and then Bind9 will not start ?
In either of these scenarios bind9 will not start as it claims there are
no records for my realm's domains.
Best regards
Alex
>
> Rowland
>
>
--
This message is intended only for the addressee and may contain
confidential information. Unless you are that person, you may not
disclose its contents or use it in any way and are requested to delete
the message along with any attachments and notify us immediately.
This email is not intended to, nor should it be taken to, constitute advice.
The information provided is correct to our knowledge & belief and must not
be used as a substitute for obtaining tax, regulatory, investment, legal or
any other appropriate advice.
"Transact" is operated by Integrated Financial Arrangements Ltd.
29 Clement's Lane, London EC4N 7AE. Tel: (020) 7608 4900 Fax: (020) 7608 5300.
(Registered office: as above; Registered in England and Wales under
number: 3727592). Authorised and regulated by the Financial Conduct
Authority (entered on the Financial Services Register; no. 190856).
More information about the samba
mailing list