DNS partitions replication on secondary DC is not full

Daniele Dario d.dario76 at gmail.com
Mon May 7 08:46:50 MDT 2012 

On Mon, 2012-05-07 at 11:42 +0200, Daniele Dario wrote:
> Hi samba team,
> I've some problems with the dns of the secondary DC.
> 
> I have 2 samba4 DCs: kdc01 and kdc02 (respectively Version
> 4.0.0alpha21-GIT-7b55ec2 and Version 4.0.0alpha21-GIT-8026550).
> I have successfully joined the secondary DC and replication seems to be
> working fine.
> 
> As said in another thread I see that replication between DNS zones is
> not full:
> 
> [root at kdc02:/usr/local/samba/private]# samba-tool dns query kdc01
> _msdcs.saitelitalia.local @ ALL -U administrator
> ...
>   Name=, Records=2, Children=0
>     NS: kdc01.saitelitalia.local. (flags=600000f0, serial=1, ttl=900)
>     SOA: serial=147, refresh=900, retry=600, expire=86400,
> ns=kdc01.saitelitalia.local., email=hostmaster.saitelitalia.local.
> (flags=600000f0, serial=146, ttl=3600)
>   Name=06f11708-b11c-4848-879d-565d72adfaf3, Records=1, Children=0
>     CNAME: kdc02.saitelitalia.local. (flags=f0, serial=284, ttl=900)
>   Name=bdbaecef-ace9-4314-b65e-54933ac8b660, Records=1, Children=0
>     CNAME: kdc01.saitelitalia.local. (flags=f0, serial=1, ttl=900)
>   Name=dc, Records=0, Children=2
>   Name=domains, Records=0, Children=1
>   Name=gc, Records=0, Children=2
>   Name=kdc01, Records=1, Children=0
>     NS: 192.168.12.5. (flags=f0, serial=62, ttl=900)
>   Name=pdc, Records=0, Children=1
> 
> [root at kdc02:/usr/local/samba/private]# samba-tool dns query kdc02
> _msdcs.saitelitalia.local @ ALL -U administrator
> ...
>   Name=, Records=0, Children=0
>   Name=06f11708-b11c-4848-879d-565d72adfaf3, Records=0, Children=0
>   Name=bdbaecef-ace9-4314-b65e-54933ac8b660, Records=0, Children=0
>   Name=dc, Records=0, Children=2
>   Name=domains, Records=0, Children=1
>   Name=gc, Records=0, Children=2
>   Name=kdc01, Records=0, Children=0
>   Name=pdc, Records=0, Children=1
> 
> If I shutdown kdc01, kdc02 is not able to keep things working (no _ldap,
> _kerberos and other records are present in secondary DNS).
> 
> samba_dnsupdate --verbose works fine on secondary DC while primary is on
> but if I remove from resolv.conf the address of the primary DC/DNS and
> leave just the address of the secondary DC/DNS it (takes a long time)
> says that all records are missing and when it tries to auth to krb it
> fails (again no _kerberos.udp... record present).
> 
> I tried to add these records by hand to see if something goes better but
> if I try to add records on secondary DC, samba-tool fails always saying:
> [root at kdc02:/usr/local/samba/private]# samba-tool dns add kdc02
> saitelitalia.local kdc01 A 192.168.12.5 -U administrator
> ...
> ERROR(runtime): uncaught exception - (1383, 'WERR_INTERNAL_DB_ERROR')
>   File
> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
> line 160, in _run
>     return self.run(*args, **kwargs)
>   File
> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/dns.py", line
> 1055, in run
>     None)
> 
> while it works fine on primary.
> 
> I'm a little bit confused by the error message because
> WERR_INTERNAL_DB_ERROR seems to be related to an error in adding the
> record to the DB but in line 1055 of .../samba/netcmd/dns.py it seems
> that the problem is related to some missing/wrong argument to the update
> record call.
> 
> Am I doing something wrong?
> 
> I'll be happy to contribute but need to be addressed how.
> 
> Thanks,
> Daniele.
> 

After some other tries, I've seen that an update (or for linux boxes
with fixed addresses a delete+add) of records on the zones of the
primary DC/DNS, records have appeared also on secondary DC/DNS.

Next step I'll try to stop primary DC/DNS to see if secondary keeps the
domain up.

Daniele.

More information about the samba-technical mailing list