[Samba] Cleanup after demoting an offline DC
Rowland Penny
rpenny at samba.org
Fri Jan 5 11:28:01 UTC 2024
On Fri, 5 Jan 2024 11:41:45 +0100
Thorsten Marquardt via samba <samba at lists.samba.org> wrote:
> Hi,
>
> I demoted an outdated and offline DC following to:
> https://wiki.samba.org/index.php/Demoting_a_Samba_AD_DC
>
> Everthing appears to work well but there is still one, perhaps minor,
> question regarding to the dns SOA-record:
>
> The zone _msdcs.samdom.example.com still lists the demoted server in
> the SOA record.
>
> Is it ok to manually change it to fsmo holder dc or an other dc?
You may not have to, AD dns is multi-master, which means that every DC
is the SOA. It all depends on which DC is the first nameserver in
/etc/resolv.conf
For instance on a Linux client with 192.168.1.2 (rpidc1) as the first
nameserver, I get this:
host -t SOA _msdcs.samdom.example.com
_msdcs.samdom.example.com has SOA record rpidc1.samdom.example.com. hostmaster.samdom.example.com. 114 900 600 86400 3600
Whilst on a DC (that is using itself as its first nameserver), I get
this:
host -t SOA _msdcs.samdom.example.com
_msdcs.samdom.example.com has SOA record tmpdc1.samdom.example.com. hostmaster.samdom.example.com. 114 900 600 86400 3600
If your old demoted DC is still in the SOA record, you probably only
need to delete it.
Rowland
More information about the samba
mailing list