Sites and DNS

Amitay Isaacs amitay at
Mon Mar 26 16:40:02 MDT 2012

Hi Kev,

On Tue, Mar 27, 2012 at 2:40 AM, Kev Latimer <klatimer at> wrote:
> Afternoon all,
> This has had me rattling my head all day trying to figure out my best
> approach.
> I'm wanting to stick a DC in each of our physical offices, as they're all
> either side of WAN links.  I've set up and provisioned many tests over the
> last 8 or so weeks (mainly to try any permutation I could think of to find
> my "sweet spot") and once I had my initial DC provisioned I created another
> 5 - one extra in the initial site and one in each office.  Logically, I
> created 4 new sites in "AD sites and services" MMC and renamed the
> Default-First-Site-Name to reflect the geographic region of the original
> site.

I have not tested what happens when you rename the default site. Samba
daemon runs a samba_dnsupdate script periodically to update DNS
records for DC. This should update the names with correct site name.
Do you see any names in AD DNS with the new site name?

> First deployment had DRS issues, one of the DC's would repeatedly give out
> errors no matter how many times I brought them back in sync but my
> subsequent attempts seem to be quite happy.  Sites were shown properly in
> the MMC and aside from not trying a client at a remote site, I was happy
> that the implementation looked okay.
> It's been a couple of weeks since I did that last test with sites as I've
> been looking at DNS implementation - all with clean provisions and always
> latest git, first using bind9_dlz, then flatfile, then internal this morning
> (using Amitay's dns-wip git branch)  and now back to dlz.  While going
> through both the DLZ and Internal structures through the DNS MMC, it seems
> to me that while the sites are showing up correctly in AD, this isn't
> reflected in DNS.  I've been reading through MS's docs on DNS in AD to make
> sure I'm reading it all right (I think I am) but I figure that if I add a
> new site, I should see it as

You don't need to use my dns-wip branch anymore. All the dns changes
in my branch are in samba master tree.

> I've tried asking it to resolve through "host" on a shell to see if it's a
> trick of the MMC but it seems no matter what I do with regards to changing
> the Default-First-Site-Name or adding new sites, DNS just doesn't change.
> Can anyone tell me if I've been staring at this for so long I'm going a bit
> mad or if this isn't supported yet?  I'm sure I read it was, but I do wonder
> if it's something that's supported as far as directory objects but not
> within directory-based DNS (dlz _or_ internal)?

Whether you use BIND9_DLZ or SAMBA_INTERNAL backend, you'll see the
same DNS records. Since the DNS records are updated when you
provision, via samba_dnsupdate script and via directory replication.
(If you have windows DC, then it will try to update the names via
secure dynamic dns update.) For samba only DCs, the way to get all
sites to work is by ensuring that all sites are replicating. That will
replicate the DNS information.

Please note that DNS in this kind of multi-site set up is not really
tested. So if you notice something is not working, probably it needs
to be fixed. And you're not going mad. :) If you can pinpoint specific
problems, I can help to sort them out.


More information about the samba-technical mailing list