[Solved] Samba with internal dns server does not replicate DomainDnsZones and ForestDnsZones to win2008r2
Günter Kukkukk
linux at kukkukk.com
Wed Nov 19 21:32:50 MST 2014
Hi all,
some days ago nick "xdexter" on IRC-channel #samba brought this
to my attention:
When a samba server with internal dns server is joined to
a win2008r2 server, DomainDnsZones and ForestDnsZones are *not*
replicated (outbound) from samba to w2008r2.
In the reverse direction all is fine!
I atm have a setup with 3 AD DCs joined to a domain
- samba with DLZ module
- samba with internal DNS server
- w2008r2
I saw the same strange behavior.
All replications were done pretty well in both directions
(inbound / outbound), BUT the samba server with internal dns
server was *not* replicating (outbound) DomainDnsZones and
ForestDnsZones to win2008r2! (only these 2 were missing)
On IRC I talked with ekacnet about this phenomenon and he told
me that DomainDnsZones and ForestDnsZones are special, because
both are "application partitions".
He said, that one can enable those application partitions for
replication and he will have a look, which (python) commands
can be used for that...
Nick "xdexter" posted a solution for this using MS tool ntdsutil.
In the following example the server with missing outbound
dns replication is named "li131":
ntdsutil
- partition management
-- connections
--- connect to server li131
--- q
-- List NC Replicas DC=ForestDnsZones,DC=addlz,DC=kukkukk,DC=com // li131 should not be listed here
-- List NC Replicas DC=DomainDnsZones,DC=addlz,DC=kukkukk,DC=com // li131 should not be listed here
-- Add NC Replica DC=ForestDnsZones,DC=addlz,DC=kukkukk,DC=com li131.addlz.kukkukk.com
-- Add NC Replica DC=DomainDnsZones,DC=addlz,DC=kukkukk,DC=com li131.addlz.kukkukk.com
-- q
- q
After this all 3 DCs were replicating all NCs in all directions! :-)
One question remains:
Why was samba with DLZ module working and the one with internal dns was not?
Could have been the sequence in which i've joined the DCs.
Afair, the very first DC was samba/DLZ, then i joined w2008r2, then samba/internal dns.
But user "xdexter" only had 2 DCs.
Hopefully ekacnet can add a command to samba-tool to also allow enabling of
application partitions.
Cheers, Günter
--
More information about the samba-technical
mailing list