redundant DNS setup with bind_dlz possible ?

Justin Foreman jforeman at dignitastech.com
Thu Apr 12 03:22:30 MDT 2012


On 04/12/2012 05:11 AM, Andrew Bartlett wrote:
> On Thu, 2012-04-12 at 05:07 -0400, Justin Foreman wrote:
>> On 04/12/2012 04:50 AM, Andreas Oster wrote:
>>> Am 12.04.2012 10:42, schrieb Andrew Bartlett:
>>>> On Thu, 2012-04-12 at 07:52 +0200, Andreas Oster wrote:
>>>>> Hello all,
>>>>>
>>>>> I am currently have a samba4 setup with bind9 as DNS server
>>>>> running on the same machine using the bind_dlz module provided
>>>>> by samba4. I am now curious if it is possible to set up a
>>>>> redundant/second samba4/bind9 DC for redundancy. I know that
>>>>> the AD part is no problem but what about the DNS part ? Will
>>>>> the zone infos be replicated between the two DCs ? What do I
>>>>> have to configure to add the new DC/bind9 as a secondary DNS ?
>>>>> How would secure DNS updates be handled ?
>>>>
>>>> It should be as simple as running the samba_upgradedns script on the
>>>> second DC (to export the new partitions to the DLZ module on the second
>>>> DC), but there have been some reported issues with that.
>>>>
>>>> Andrew Bartlett
>>> Hello Andrew,
>>>
>>> thank you for your fast response.
>>> I am not sure if I do understand what needs to be done :-)
>>>
>>> 1) setup a new samba4 DC and join it to AD
>>> 2) run samba_upgradedns --no-migrate
>>> 3) setup bind9 with DLZ module
>>> 4) start bind9
>>>
>>> is this correct ?
>>>
>>> best regards
>>>
>>> Andreas
>>>
>>
>> I was wondering just the same thing. I have been running into issues
>> with DLZ and a secondary Samba4 DC. I'm wondering if it's an issue with
>> the order of operations. Should Samba be running on the second DC when
>> samba_upgradedns is run, or not? I couldn't find any documentation
>> specific to adding a second DC with BIND DLZ.
>>
>> I was thinking that the following process would work:
>
> Try this order:
>
>> 1. Provision a first Samba4 DC.
>> 2. Configure DLZ and start BIND on the first DC.
>> 3. Use samba-tool domain join on a second Samba4 DC.
>> 5. Start Samba4 on the second DC.
>
> 4. Run samba_upgradedns on the second DC.
>>
>> 6. Configure DLZ and start BIND on the second DC.
>>
>> This has not worked. I get "No RID Set DN - Remote RID Set allocation
>> needs refresh" at step 4. The /usr/local/samba/private/dns directory
>> does not get created on the second DC.
>
> When Samba isn't running, it can't ask for a RID pool (literally, a
> collection of RID values so it does not need to ask the RID manager for
> them individually) to add the dns-$HOSTNAME user we use for BIND.
>
> Andrew Bartlett
>

Ah yes. I had tried that order as well. I just tried again and got the 
following message (clean install):

root at ds2:~# samba_upgradedns
Reading domain information
Looking up IPv4 addresses
Looking up IPv6 addresses
DNS accounts already exist
No zone file /usr/local/samba/private/dns/us.dignitastech.com.zone
DNS records will be automatically created
Creating DNS partitions
Populating DNS partitions
Traceback (most recent call last):
   File "/usr/local/samba/sbin/samba_upgradedns", line 406, in <module>
     "msDS-hasMasterNCs")
_ldb.LdbError: (1, 'Operations error')

I can add more verbosity if interested.

I found this earlier thread where another user appears to be having the 
same issue.
https://lists.samba.org/archive/samba-technical/2012-April/082591.html

-- 
Justin Foreman


More information about the samba-technical mailing list