Where does samba_dnsupdate send updates when run from a secundary DC

David Gonzalez info at dghvoip.com
Wed Sep 15 17:31:14 MDT 2010 

Hi,

I did net vampire from a secondary DC and it gave me this warning when it
finished:

mark ROOTDSE with isSynchronized=TRUE
../dsdb/common/util.c:3003: WARNING: domainFunctionality not setup
../dsdb/common/util.c:3003: WARNING: domainFunctionality not setup
Vampired domain DGHVOIP (S-1-5-21-384766495-3257629274-1013326832)

Is this behavior normal, I did this once in the past and it did not show
that warning; and I don't know if it has to do with this following question.

when I start the replicated DC, after adding the A record and objectguid to
my DNS server running on the same machine as Samba I get this when starting:

/usr/local/samba/sbin/samba_dnsupdate: update failed: REFUSED
/usr/local/samba/sbin/samba_dnsupdate: update failed: REFUSED

my smb.conf looks like this on the primary samba DC

[globals]
        netbios name    = GATEWAY
        workgroup       = DGHVOIP
        realm           = SAMBA.DGHVOIP.COM
        server role     = domain controller
        interfaces      = eth1 lo
        setup directory = bin/python/samba/../../../setup/
        posix:eadb      = /usr/local/samba/private/eadb.tdb
        wins support    = Yes
        bind interfaces only = Yes
        time server     = Yes
        socket address  = 192.168.254.1
        msdfs root      = Yes
        log level       = 3
        log file        = /var/log/samba.log
        nsupdate command = /usr/bin/nsupdate

As you see I removed the -g from nsupdate on both servers which makes
dynamic dns update work well from this machine.

And on the second DC after replication:

[globals]
        netbios name    = VPNSERVER
        workgroup       = DGHVOIP
        realm           = SAMBA.DGHVOIP.COM
        server role     = domain controller
        setup directory = /usr/local/samba/share/setup/
        wins server     = 192.168.254.1
        time server     = Yes
        socket address  = 192.168.254.130
        msdfs root      = Yes
        log level       = 3
        log file        = /var/log/samba.log
        nsupdate command = /usr/bin/nsupdate

Some params I added myself, I also changed nsupdate command here removing
the -g option so TSIG isn't used, but this error I showed above shows when I
start samba

/usr/local/samba/sbin/samba_dnsupdate: update failed: REFUSED

my named.conf allows updates to the samab zone from anywhere using
allow-update { any; };. And that way is working good. But I don't have BIND
running on the second DC and I'm in doubt where does samba_dnsupdate try to
do the updates to zone file if it's to localhost (itself) or if t tries to
update my main BIND server?.

using rndc trace 4 on my main BIND server and tail -f on the logs I don't
see anything, so my first guess is that samba_dnsupdate script is trying to
update zone files on localhost.

So is there anyway to tell that dnsupdate script to point it's updates to
the other server? or should I setup BIND on the secondary DC and make the
zone a slave zone?, which doesn't make much sense as it'd have to send the
updated zone to it's master, it's a circular update, so I would like your
thoughts on this if possible.

Thanks

---
... Chi va piano va sano e va lontano.
David Gonzalez H.
DGHVoIP - OPEN SOURCE TELEPHONY SOLUTIONS
Phone Bogotá: +(57-1)289-1168
Phone Medellin: +(57-4)247-0985
Mobile: +(57)315-838-8326
MSN: david at planetaradio.net
Skype: davidgonzalezh
WEB: http://www.dghvoip.com/
Linux User #294661

More information about the samba-technical mailing list