redundant DNS setup with bind_dlz possible ?

Justin Foreman jforeman at dignitastech.com
Thu Apr 12 03:07:53 MDT 2012 

On 04/12/2012 04:50 AM, Andreas Oster wrote:
> Am 12.04.2012 10:42, schrieb Andrew Bartlett:
>> On Thu, 2012-04-12 at 07:52 +0200, Andreas Oster wrote:
>>> Hello all,
>>>
>>> I am currently have a samba4 setup with bind9 as DNS server
>>> running on the same machine using the bind_dlz module provided
>>> by samba4. I am now curious if it is possible to set up a
>>> redundant/second samba4/bind9 DC for redundancy. I know that
>>> the AD part is no problem but what about the DNS part ? Will
>>> the zone infos be replicated between the two DCs ? What do I
>>> have to configure to add the new DC/bind9 as a secondary DNS ?
>>> How would secure DNS updates be handled ?
>>
>> It should be as simple as running the samba_upgradedns script on the
>> second DC (to export the new partitions to the DLZ module on the second
>> DC), but there have been some reported issues with that.
>>
>> Andrew Bartlett
> Hello Andrew,
>
> thank you for your fast response.
> I am not sure if I do understand what needs to be done :-)
>
> 1) setup a new samba4 DC and join it to AD
> 2) run samba_upgradedns --no-migrate
> 3) setup bind9 with DLZ module
> 4) start bind9
>
> is this correct ?
>
> best regards
>
> Andreas
>

I was wondering just the same thing. I have been running into issues 
with DLZ and a secondary Samba4 DC. I'm wondering if it's an issue with 
the order of operations. Should Samba be running on the second DC when 
samba_upgradedns is run, or not? I couldn't find any documentation 
specific to adding a second DC with BIND DLZ.

I was thinking that the following process would work:

1. Provision a first Samba4 DC.
2. Configure DLZ and start BIND on the first DC.
3. Use samba-tool domain join on a second Samba4 DC.
4. Run samba_upgradedns on the second DC.
5. Start Samba4 on the second DC.
6. Configure DLZ and start BIND on the second DC.

This has not worked. I get "No RID Set DN - Remote RID Set allocation 
needs refresh" at step 4. The /usr/local/samba/private/dns directory 
does not get created on the second DC.

Andreas, I'm eager to see if you have better luck.

I'm running 4.0.0alpha20-GIT-81d1749 (git pull from 2012-04-11).

-- 
Justin Foreman

More information about the samba-technical mailing list