redundant DNS setup with bind_dlz possible ?

Amitay Isaacs amitay at gmail.com
Thu Apr 12 19:08:06 MDT 2012 

On Fri, Apr 13, 2012 at 3:43 AM, Andreas Oster <aoster at novanetwork.de> wrote:
>
>
> Am 12.04.2012 16:32, schrieb Daniele Dario:
>
>> Hi Andreas,
>>
>> On
> Thu, 2012-04-12 at 16:25 +0200, Daniele Dario wrote:
>>
>>> On Thu,
> 2012-04-12 at 15:22 +0200, Andreas Oster wrote: ...
>>>
>>>> Hello
> Daniele, I have now set up a second DC and joined it to AD. I have seen
> that replication of ForestDnsZones and DomainDnsZones in
> private/sam.ldb.d is working, but I am missing the private/dns part.
> samba_upgradedns gave the same error as Justin has observed. best
> regards Andreas
>>> Hallo Andreas, for me (I've just demoted the
> secondary DC and than reinstalled and re-joined it to the domain) I
> don't see DNS zones in private/sam.ldb.d. I guess that for you,
> samba-tool drs showrepl shows also the DNS zones in the INBOUND and
> OUTBOUND NEIGHBORS isn't it? Daniele.
>>
>> After trying to run
> samba_upgradedns, even if zones were not replicated,
>> I've seen that
> DNS zones appeared on sam.ldb.d.
>>
>> Can you confirm that the DNS
> partitions are currently replicated (drs
>> showrepl should show them)?
>>
>
>> Thanks,
>> Daniele.
>
> Hello Daniele,
>
> yes I can confirm, that I see
> inbound replication on second DC for ForestDnsZones and DomainDnsZones
> coming from first DC. I do see any sign of either inbound or outbound
> replication on the first DC though.
>
> best regards
>
> Andreas

Hi Andreas/Daniele,

samba_upgradedns was designed mainly to upgrade old provisions using
BIND9 flat files to using AD based DNS. As a side effect, the script
can be also be used to "fix" the dns provision after "samba-tool
join". However there are few requisites for this to work. If you are
using samba_upgradedns script to "fix" the provision on second DC,
make sure of the following:

1. Do not run samba_upgradedns immediately after join. It won't work,
since samba_upgradedns may create new entries and on a fresh join,
there are no RIDs allocated to second DC, so no new entries cannot be
created.

2. Run first and second DCs, and make sure they replicate DNS
partitions. One trick is to restart second DC after it has done
initial replication. On the first replication, DNS partitions are
created and on the second replication (after restart) the DNS
partitions should get replicated. You should be able to query DNS
records on second DC using samba-tool dns after the replication.

3. Now run samba_upgradedns script. It will detect that the partitions
exist and will not attempt to create them, but only create private/dns
directory with a copy of samdb to be used with BIND.

The script sometimes is failing with LDB "Operations Error". I haven't
had a chance to look at that. If you notice it again, let me know your
set up. I will try to re-create the set up to debug this error.

Amitay.

More information about the samba-technical mailing list