DNS partitions replication on secondary DC is not full

Daniele Dario d.dario76 at gmail.com
Mon May 7 03:42:21 MDT 2012 

Hi samba team,
I've some problems with the dns of the secondary DC.

I have 2 samba4 DCs: kdc01 and kdc02 (respectively Version
4.0.0alpha21-GIT-7b55ec2 and Version 4.0.0alpha21-GIT-8026550).
I have successfully joined the secondary DC and replication seems to be
working fine.

As said in another thread I see that replication between DNS zones is
not full:

[root at kdc02:/usr/local/samba/private]# samba-tool dns query kdc01
_msdcs.saitelitalia.local @ ALL -U administrator
...
  Name=, Records=2, Children=0
    NS: kdc01.saitelitalia.local. (flags=600000f0, serial=1, ttl=900)
    SOA: serial=147, refresh=900, retry=600, expire=86400,
ns=kdc01.saitelitalia.local., email=hostmaster.saitelitalia.local.
(flags=600000f0, serial=146, ttl=3600)
  Name=06f11708-b11c-4848-879d-565d72adfaf3, Records=1, Children=0
    CNAME: kdc02.saitelitalia.local. (flags=f0, serial=284, ttl=900)
  Name=bdbaecef-ace9-4314-b65e-54933ac8b660, Records=1, Children=0
    CNAME: kdc01.saitelitalia.local. (flags=f0, serial=1, ttl=900)
  Name=dc, Records=0, Children=2
  Name=domains, Records=0, Children=1
  Name=gc, Records=0, Children=2
  Name=kdc01, Records=1, Children=0
    NS: 192.168.12.5. (flags=f0, serial=62, ttl=900)
  Name=pdc, Records=0, Children=1

[root at kdc02:/usr/local/samba/private]# samba-tool dns query kdc02
_msdcs.saitelitalia.local @ ALL -U administrator
...
  Name=, Records=0, Children=0
  Name=06f11708-b11c-4848-879d-565d72adfaf3, Records=0, Children=0
  Name=bdbaecef-ace9-4314-b65e-54933ac8b660, Records=0, Children=0
  Name=dc, Records=0, Children=2
  Name=domains, Records=0, Children=1
  Name=gc, Records=0, Children=2
  Name=kdc01, Records=0, Children=0
  Name=pdc, Records=0, Children=1

If I shutdown kdc01, kdc02 is not able to keep things working (no _ldap,
_kerberos and other records are present in secondary DNS).

samba_dnsupdate --verbose works fine on secondary DC while primary is on
but if I remove from resolv.conf the address of the primary DC/DNS and
leave just the address of the secondary DC/DNS it (takes a long time)
says that all records are missing and when it tries to auth to krb it
fails (again no _kerberos.udp... record present).

I tried to add these records by hand to see if something goes better but
if I try to add records on secondary DC, samba-tool fails always saying:
[root at kdc02:/usr/local/samba/private]# samba-tool dns add kdc02
saitelitalia.local kdc01 A 192.168.12.5 -U administrator
...
ERROR(runtime): uncaught exception - (1383, 'WERR_INTERNAL_DB_ERROR')
  File
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
line 160, in _run
    return self.run(*args, **kwargs)
  File
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/dns.py", line
1055, in run
    None)

while it works fine on primary.

I'm a little bit confused by the error message because
WERR_INTERNAL_DB_ERROR seems to be related to an error in adding the
record to the DB but in line 1055 of .../samba/netcmd/dns.py it seems
that the problem is related to some missing/wrong argument to the update
record call.

Am I doing something wrong?

I'll be happy to contribute but need to be addressed how.

Thanks,
Daniele.

More information about the samba-technical mailing list