DNS zones replication
amitay at gmail.com
Tue Jan 31 06:22:01 MST 2012
On Tue, Jan 31, 2012 at 9:02 PM, Daniele Dario <d.dario76 at gmail.com> wrote:
> Hi Samba team,
> I've some (maybe stupid) questions.
> I have two samba4 AD DCs on the same domain.
> At the moment one of them also acts as DNS for my network with bind9_dlz
> (kdc01) while the other (kdc02) no.
> kdc01 runs on a VM while kdc02 is a physical machine.
> Would it be possible (now or in the future) to replicate also the
> DomainDnsZones and ForestDnsZones partitions between the DCs to allow
> the bind_dlz module to work also on the second DC?
If one of the DC is samba is others are windows, then DNS partitions
automatically provided you have configured DNS role on windows DCs. If you have
two samba DCs, then the second DC does not yet replicate DNS partitions. It's
being worked on and replication should happen automatically then.
> When that partitions are replicated between DCs, what will be the
> topology of the zones? Will I have many SOAs? The DNSs will act all as
> "masters" and the replication keeps them synced so we don't allow zone
> transfer between DNSs?
Windows DCs put their names in the SOA record, so if you query a windows DC
it'll report itself in SOA record. Samba DC (primary provisioned) will
in SOA record. Since we don't have replication for DNS partitions working yet
for secondary joined samba DCs, so we don't have to worry about it, just yet.
I guess it would follow the behaviour of windows DC in this regard. But each
DC will report multiple NS records corresponding to the DCs with DNS roles
To answer your question, replication will keep the DNS records among DCs
in sync. You don't need to enable zone transfers.
More information about the samba-technical