redundant DNS setup with bind_dlz possible ?

Thu Apr 12 03:52:55 MDT 2012

Am 12.04.2012 11:46, schrieb Justin Foreman:
> On 04/12/2012 05:11 AM, Andrew Bartlett wrote:
>> On Thu, 2012-04-12 at 05:07 -0400, Justin Foreman wrote:
>>> On 04/12/2012 04:50 AM, Andreas Oster wrote:
>>>> Am 12.04.2012 10:42, schrieb Andrew Bartlett:
>>>>> On Thu, 2012-04-12 at 07:52 +0200, Andreas Oster wrote:
>>>>>> Hello all,
>>>>>>
>>>>>> I am currently have a samba4 setup with bind9 as DNS server
>>>>>> running on the same machine using the bind_dlz module provided
>>>>>> by samba4. I am now curious if it is possible to set up a
>>>>>> redundant/second samba4/bind9 DC for redundancy. I know that
>>>>>> the AD part is no problem but what about the DNS part ? Will
>>>>>> the zone infos be replicated between the two DCs ? What do I
>>>>>> have to configure to add the new DC/bind9 as a secondary DNS ?
>>>>>> How would secure DNS updates be handled ?
>>>>>
>>>>> It should be as simple as running the samba_upgradedns script on the
>>>>> second DC (to export the new partitions to the DLZ module on the
>>>>> second
>>>>> DC), but there have been some reported issues with that.
>>>>>
>>>>> Andrew Bartlett
>>>> Hello Andrew,
>>>>
>>>> thank you for your fast response.
>>>> I am not sure if I do understand what needs to be done :-)
>>>>
>>>> 1) setup a new samba4 DC and join it to AD
>>>> 2) run samba_upgradedns --no-migrate
>>>> 3) setup bind9 with DLZ module
>>>> 4) start bind9
>>>>
>>>> is this correct ?
>>>>
>>>> best regards
>>>>
>>>> Andreas
>>>>
>>>
>>> I was wondering just the same thing. I have been running into issues
>>> with DLZ and a secondary Samba4 DC. I'm wondering if it's an issue with
>>> the order of operations. Should Samba be running on the second DC when
>>> samba_upgradedns is run, or not? I couldn't find any documentation
>>> specific to adding a second DC with BIND DLZ.
>>>
>>> I was thinking that the following process would work:
>>
>> Try this order:
>>
>>> 1. Provision a first Samba4 DC.
>>> 2. Configure DLZ and start BIND on the first DC.
>>> 3. Use samba-tool domain join on a second Samba4 DC.
>>> 5. Start Samba4 on the second DC.
>>
>> 4. Run samba_upgradedns on the second DC.
>>>
>>> 6. Configure DLZ and start BIND on the second DC.
>>>
>>> This has not worked. I get "No RID Set DN - Remote RID Set allocation
>>> needs refresh" at step 4. The /usr/local/samba/private/dns directory
>>> does not get created on the second DC.
>>
>> When Samba isn't running, it can't ask for a RID pool (literally, a
>> collection of RID values so it does not need to ask the RID manager for
>> them individually) to add the dns-$HOSTNAME user we use for BIND.
>>
>> Andrew Bartlett
>>
> 
> My apologies; I didn't intend to hijack this thread, by the way. Just
> wanted to share my experiences with this same attempted configuration.
> 
Hello Justin,

no apologies needed, I am happy to see someone in the same boat :-)

best regards

Andreas