S4 and BIND

titantoppler at gmail.com titantoppler at gmail.com
Mon Jun 18 21:19:56 MDT 2012

Hi list,

Have been trying this over the last few days, but keep getting stymied by
the samba_upgradedns script.

Recap - I'm trying to set up a proper DNS server; the one that I used
previously was set up merely by copying the zone files from my original S4
server to another server. Dynamic updates from a newly-provisioned DC did
not work

I'm attempting to set up a second DNS server on the new DC (dc2) so as not
to affect the original DNS server.

1) I copied the zone files to /usr/local/samba/private/dns/
2) I ran /usr/local/samba/sbin/samba_dnsupgrade
3) It throws out the following:

Reading domain information
Looking up IPv4 addresses
Looking up IPv6 addresses
DNS accounts already exist
Reading records from zone file
Error parsing DNS data from
'/usr/local/samba/private/dns/example.local.zone' ()
DNS records will be automatically created
DNS partitions already exist
dns-DC2 account already exists
See /usr/local/samba/private/named.conf for an example configuration
include file for BIND
and /usr/local/samba/private/named.txt for further documentation required
for secure DNS updates
Finished upgrading DNS

4) Although it says "Finished upgrading DNS", the DLZ files are nowhere to
be found in /usr/local/samba/var/lib, where they are supposed to be.



On Mon, Jun 11, 2012 at 9:22 AM, Andrew Bartlett <abartlet at samba.org> wrote:

> On Mon, 2012-06-11 at 09:18 +0800, titantoppler at gmail.com wrote:
> > Hi Andrew and list,
> >
> > Yes, creating a second DC was my intended first step in shutting down
> > the original alpha12 DC (bypassing the upgrading and just provisioning
> > it all over again without losing my original domain information.
> >
> > So to confirm, what I should be doing is:
> This is the order you need:
> 1) Copy my zone files from my original DNS server to my second DC (dc2)
> 2) Run samba_upgradedns on dc2
> 3) Start BIND on dc2
> You will need to ensure the config is in place for the samba_dlz
> (dlz_bind9) module, as you will be using that.  The internal server
> doesn't support secure updates yet.
> Plus lots of testing.  This is just off the top of my head - slight
> variation may be required, but others here should be able to help you
> with that.
> Andrew Bartlett
> --
> Andrew Bartlett                                http://samba.org/~abartlet/
> Authentication Developer, Samba Team           http://samba.org

More information about the samba-technical mailing list