redundant DNS setup with bind_dlz possible ?
Andreas Oster
aoster at novanetwork.de
Fri Apr 13 00:09:54 MDT 2012
Am 13.04.2012 03:08, schrieb Amitay Isaacs:
> On Fri, Apr 13, 2012 at 3:43 AM, Andreas Oster <aoster at novanetwork.de> wrote:
>>
>> Am 12.04.2012 16:32, schrieb Daniele Dario:
>>
>>> Hi Andreas,
>>>
>>> On
>> Thu, 2012-04-12 at 16:25 +0200, Daniele Dario wrote:
>>>> On Thu,
>> 2012-04-12 at 15:22 +0200, Andreas Oster wrote: ...
>>>>> Hello
>> Daniele, I have now set up a second DC and joined it to AD. I have seen
>> that replication of ForestDnsZones and DomainDnsZones in
>> private/sam.ldb.d is working, but I am missing the private/dns part.
>> samba_upgradedns gave the same error as Justin has observed. best
>> regards Andreas
>>>> Hallo Andreas, for me (I've just demoted the
>> secondary DC and than reinstalled and re-joined it to the domain) I
>> don't see DNS zones in private/sam.ldb.d. I guess that for you,
>> samba-tool drs showrepl shows also the DNS zones in the INBOUND and
>> OUTBOUND NEIGHBORS isn't it? Daniele.
>>> After trying to run
>> samba_upgradedns, even if zones were not replicated,
>>> I've seen that
>> DNS zones appeared on sam.ldb.d.
>>> Can you confirm that the DNS
>> partitions are currently replicated (drs
>>> showrepl should show them)?
>>>
>>> Thanks,
>>> Daniele.
>> Hello Daniele,
>>
>> yes I can confirm, that I see
>> inbound replication on second DC for ForestDnsZones and DomainDnsZones
>> coming from first DC. I do see any sign of either inbound or outbound
>> replication on the first DC though.
>>
>> best regards
>>
>> Andreas
> Hi Andreas/Daniele,
>
> samba_upgradedns was designed mainly to upgrade old provisions using
> BIND9 flat files to using AD based DNS. As a side effect, the script
> can be also be used to "fix" the dns provision after "samba-tool
> join". However there are few requisites for this to work. If you are
> using samba_upgradedns script to "fix" the provision on second DC,
> make sure of the following:
>
> 1. Do not run samba_upgradedns immediately after join. It won't work,
> since samba_upgradedns may create new entries and on a fresh join,
> there are no RIDs allocated to second DC, so no new entries cannot be
> created.
>
> 2. Run first and second DCs, and make sure they replicate DNS
> partitions. One trick is to restart second DC after it has done
> initial replication. On the first replication, DNS partitions are
> created and on the second replication (after restart) the DNS
> partitions should get replicated. You should be able to query DNS
> records on second DC using samba-tool dns after the replication.
>
> 3. Now run samba_upgradedns script. It will detect that the partitions
> exist and will not attempt to create them, but only create private/dns
> directory with a copy of samdb to be used with BIND.
>
> The script sometimes is failing with LDB "Operations Error". I haven't
> had a chance to look at that. If you notice it again, let me know your
> set up. I will try to re-create the set up to debug this error.
>
> Amitay.
Hello Amitay,
thank you for these informations, I will demote my second DC and start again
from scratch with your tips.
Thank you for your kind help.
best regards
Andreas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 260 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20120413/21d934d3/attachment.pgp>
More information about the samba-technical
mailing list