samba_upgradedns issues on secondary DC SOLVED!!
Andreas Oster
aoster at novanetwork.de
Thu May 3 07:10:17 MDT 2012
Am 03.05.2012 14:51, schrieb Daniele Dario:
> On Thu, 2012-05-03 at 14:04 +0200, Andreas Oster wrote:
>> Am 23.04.2012 12:56, schrieb Daniele Dario:
>>> Hi Amitay,
>>>
>>> as said in last mail, I tried to start bind on secondary DC and it
>>> started without errors.
>>>
>>> nslookup works (as expected) same for samba-tool dns ...
>>>
>>> The only one thing I'm facing is that on the zones names are
>>> automatically replicated but records not. To clarify things, after I had
>>> DNS zones replicated I found that on secondary DC, using samba-tool dns
>>> query I saw the presence of the zones, and inside the zones I found that
>>> names were populated but records no: for example, on kdc02 dns query on
>>> forward zone tells me this about kdc01
>>> Name=, Records=0, Children=0
>>> while on kdc01 I read
>>> Name=, Records=1, Children=0
>>> A: 192.168.12.5 (flags=f0, serial=142, ttl=900)
>>> After the week-end, I've seen that windows boxes which started working
>>> today have updated records on both DCs.
>>>
>>> Is this behavior corrected?
>>>
>>> Daniele.
>>>
>>>
>> Hello Daniele,
>>
>> have you been able to successfully add a secondary DC as additional
>> bind9 DNS server ? If so, can you explain the steps to get working
>> configuration ?
>>
>> Thank you
>>
>> best regards
>>
>> Andreas
> Hi Andreas,
> as said by Amitay, the first step is to have DNS zones replicated
> between DCs.
>
> 1. join the 2nd DC to the domain as per
> https://wiki.samba.org/index.php/Samba4_joining_a_domain
> 2. after the join, before start samba I increment the log level to
> see problems in detail (add log level = 3 or more in
> etc/smb.conf in [global] section)
> 3. once you have started samba4 on both DCs you should see that
> replication starts (at least the basic three zones)
> 4. Amitay's tip is to restart samba4 again to start replication of
> DNS zones but this has not worked for me so I had to run
> samba-tool drs replicate <dst dc> <src dc>
> DC=DomainDnsZones,DC=domain,DC=local and
> DC=ForestDnsZones,DC=domain,DC=local on primary and than on
> secondary DC to get them replicated
> 5. once you have DNS zones replicated between DCs you can try to
> look if samba-tool dns query on secondary DC works
> 6. at this point, if you try to run samba_upgradedns you should see
> that the private/dns folder (and the ldbs) will be created
> 7. last, configure bind as in primary DC and start it
>
> As said in point 4, I was not able to get replication of DNS zones
> working automatically as said by Amitay.
> BTW, after I started them manually I was able to see the zones by RPC
> (using samba-tool dns ...).
> Even if replication is working it seems that zones are not fully
> replicated because them are populated with entries but without records.
>
> I've seen that after a while, windows boxes which work on the domain had
> updated their dns entries and the appeared also on the secondary DC.
>
> Let me know it you are luckier than me.
>
> Cheers,
> Daniele.
Hello Daniele,
I also got stuck at the step 4. The ForestDnsZones and DomainDnsZones do
not replicate
between DC1 and DC2. I currently have a quite stable samba4
configuration and I am a bit
afraid to break it (again). The last time I tried to create a secondary
DNS I ended up with
a semi-functional secondary DC which I could not demote anymore (I think
you've had the
same issue). Unfortunately I did not backup the samba files :-(
Is your second DNS now fully populated with the same entries as the
primary one ? Does
replication work in both ways if you add an entry to one of the DNS
servers ?
Thanks
Andreas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 260 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20120503/7bf125ee/attachment.pgp>
More information about the samba-technical
mailing list