How to get DNS replication working properly?

Andrew Bartlett abartlet at samba.org
Sun Jun 24 17:01:52 MDT 2012


On Sun, 2012-06-24 at 19:43 +0200, Morten Kramer wrote:
> On 06/24/2012 04:07 PM, Morten Kramer wrote:
> > On 06/24/2012 02:49 PM, Andrew Bartlett wrote:
> >> On Sun, 2012-06-24 at 14:43 +0200, Morten Kramer wrote:
> >>> On 06/24/2012 09:35 AM, Andrew Bartlett wrote:
> >>>> On Fri, 2012-06-22 at 17:32 +0200, Morten Kramer wrote:
> >>>>> Hi all,
> >>>>>
> >>>>>
> >>>>> I've been trying to get DNS replication to work for a few days now.
> >>>>>
> >>>>>
> >>>>> What I've done:
> >>>>> - Compile Samba (Beta1/Beta2/recent git pull) under Centos 6.2 x64
> >>>>> Any help will be greatly appreciated!
> >>>> Could you both please try
> >>>>
> >>>> git://git.samba.org/abartlet/samba.git fix-dns-replication
> >>>>
> >>>> If you start with that, for a new join, it should do the 
> >>>> replication of
> >>>> the DNS partitions.  Otherwise, follow the steps you took.
> >>>>
> >>>> Please let me know if this works, so I can get this in to master to
> >>>> assist others.
> >>>>
> >>>> Andrew Bartlett
> >>>>
> >>> I tried git clone git://git.samba.org/abartlet/samba.git 
> >>> fix-dns-replication
> >>> But it looks like it's missing the netcmd/ subdirectory and e.g.
> >>> domain.py you patched?
> >> You need to check out the fix-dns-replication branch, eg
> >>
> >> cd fix-dns-replication
> >> git checkout abartlet/fix-dns-replication -b fix-dns-replication
> >> make
> >>
> >> Andrew Bartlett
> >>
> >
> > Checked out the branch, it all compiled fine.
> >
> > Joined Samba to the Windows 2008R2 domain.
> >
> > I got a few of those:
> >
> > Schema update now failed: Invalid DN syntax
> > Commit failed: Invalid DN syntax
> > Failed to commit objects: 
> > WERR_DS_INTERNAL_FAILURE/NT_STATUS_INVALID_NETWORK_RESPONSE
> >
> > After repadmine /kcc, replication succeeded.
> >
> > I ran samba_upgradedns with SAMBA_INTERNAL as backend.
> > I started samba again, and then something scary happened:
> >
> > My win2k8 DC become Unavailable, the Windows DNS server stopped 
> > working (connection timeout). All the .msc management tools telling 
> > me, that naming information are unavailable. I'm not sure if the whole 
> > DC failed, or just DNS?
> >
> > Since this is productive i quickly had to revert to the snapshot i did 
> > before the join.
> >
> > Any ideas?
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> 
> Just trying again, this time with the DLZ plugin.
> 
> Getting this error though:
> 
> Jun 24 19:36:16 SambaDC named[1308]: samba_dlz: Failed to configure zone 
> '..TrustAnchors'
> Jun 24 19:36:16 SambaDC named[1308]: loading configuration: empty label
> 
> I'm assuming this is because of the '..' in the zone name?
> Any idea how to fix this?

If you look into source4/dns_server/dlz_samba.c you can change the error
for that statement to a 'continue;' like the other tests above. it. 

> Is this zone even required?

I'm not sure, but can you work out how windows presents this zone?  If
we learn that bind9 simply can't present the zone, we need to work out
why (and if we can relax some rules in the named.conf) or skip them
until we can get them to be loaded.

Thanks,

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org




More information about the samba-technical mailing list