DNS zones replication

Charles Tryon charles.tryon at gmail.com
Tue Jan 31 10:02:10 MST 2012 

When you are talking about replicating DNS information, is that assuming
you are using the "internal" DNS server, or will that also work with an
independent bind9_dlz service?



On Tue, Jan 31, 2012 at 8:22 AM, Amitay Isaacs <amitay at gmail.com> wrote:

> Hi Daniele,
>
> On Tue, Jan 31, 2012 at 9:02 PM, Daniele Dario <d.dario76 at gmail.com>
> wrote:
> > Hi Samba team,
> > I've some (maybe stupid) questions.
> >
> > I have two samba4 AD DCs on the same domain.
> > At the moment one of them also acts as DNS for my network with bind9_dlz
> > (kdc01) while the other (kdc02) no.
> > kdc01 runs on a VM while kdc02 is a physical machine.
> >
> > Would it be possible (now or in the future) to replicate also the
> > DomainDnsZones and ForestDnsZones partitions between the DCs to allow
> > the bind_dlz module to work also on the second DC?
>
> If one of the DC is samba is others are windows, then DNS partitions
> will replicate
> automatically provided you have configured DNS role on windows DCs. If you
> have
> two samba DCs, then the second DC does not yet replicate DNS partitions.
> It's
> being worked on and replication should happen automatically then.
>
> > When that partitions are replicated between DCs, what will be the
> > topology of the zones? Will I have many SOAs? The DNSs will act all as
> > "masters" and the replication keeps them synced so we don't allow zone
> > transfer between DNSs?
>
> Windows DCs put their names in the SOA record, so if you query a windows DC
> it'll report itself in SOA record. Samba DC (primary provisioned) will
> report itself
> in SOA record. Since we don't have replication for DNS partitions working
> yet
> for secondary joined samba DCs, so we don't have to worry about it, just
> yet.
> I guess it would follow the behaviour of windows DC in this regard. But
> each
> DC will report multiple NS records corresponding to the DCs with DNS roles
> enabled.
>
> To answer your question, replication will keep the DNS records among DCs
> in sync. You don't need to enable zone transfers.
>
> Amitay.
>



-- 
    Charles Tryon
_________________________________________________________________________
  “Risks are not to be evaluated in terms of the probability of success,
but in terms of the value of the goal.”
                - Ralph D. Winter

More information about the samba-technical mailing list