How to get DNS replication working properly?

simo idra at samba.org
Sun Jun 24 05:24:50 MDT 2012 

On Sun, 2012-06-24 at 12:19 +0100, Mike Howard wrote: 
> On 24/06/2012 12:05, Morten Kramer wrote:
> > On 06/24/2012 01:01 PM, Andrew Bartlett wrote:
> >> On Sun, 2012-06-24 at 10:33 +0100, Mike Howard wrote:
> >>> On 24/06/2012 08:35, Andrew Bartlett wrote:
> >>>> On Fri, 2012-06-22 at 17:32 +0200, Morten Kramer wrote:
> >>>>> Hi all,
> >>>>>
> >>>>>
> >>>>> I've been trying to get DNS replication to work for a few days now.
> >>>>>
> >>>>>
> >>>>> What I've done:
> >>>>> - Compile Samba (Beta1/Beta2/recent git pull) under Centos 6.2 x64
> >>>>> Any help will be greatly appreciated!
> >>>> Could you both please try
> >>>>
> >>>> git://git.samba.org/abartlet/samba.git fix-dns-replication
> >>>>
> >>>> If you start with that, for a new join, it should do the 
> >>>> replication of
> >>>> the DNS partitions.  Otherwise, follow the steps you took.
> >>>>
> >>>> Please let me know if this works, so I can get this in to master to
> >>>> assist others.
> >>>>
> >>>> Andrew Bartlett
> >>>>
> >>> I tried the two patches you posted the other day and using the internal
> >>> dns server got replication to work.
> >>>
> >>> There was a minor issue of the secondary dc's details were not added to
> >>> the primary's dns at all. Easily added manually though. The SOA doesn't
> >>> include the secondary ns info
> >>>
> >>> Thanks for the hard work..
> >> Thanks for the confirmation!
> >>
> >> The reason that the secondary DC isn't enrolled in DNS is that the
> >> internal DNS server does not support dynamic updates (yet, Kai is still
> >> working on it).
> >>
> >> Andrew Bartlett
> >>
> >
> > Interesting,
> >
> >
> > So should I use the internal DNS or Bind DLZ? Does it matter?
> >
> >
> 
> The internal server does not support secure dynamic updates yet, so if 
> you want secure dynamic updates, go with bind_dlz. Linux clients have a 
> hard time with that though, so, if you have linux clients and don't 
> _need_ secure updates, go with samba_internal. Just my opinion of course.

What problem would Linux clients have ?

In my experience GSS-TSIG updates work just fine.

Simo.

-- 
Simo Sorce
Samba Team GPL Compliance Officer <simo at samba.org>
Principal Software Engineer at Red Hat, Inc. <simo at redhat.com>

More information about the samba-technical mailing list