[PATCH] Add NS records for secondary DCs to SOA records
repenny241155 at gmail.com
Wed Dec 30 21:09:54 UTC 2015
On 30/12/15 20:29, Stefan Metzmacher wrote:
> Hi Rowland,
>> OK, I tried using github, sorry but I find it easier doing it this way :-)
>> This patch adds a couple of lines to dns_update_list, these lines will
>> add the secondary DCs NS records to the zone's SOA records.
>> There is a bit of a problem though, it will only affect bind9 users, it
>> seems to have no affect on the internal dns server. Even if the NS
>> records are added to the SOA, the internal dns server only sees the
>> first DC as being authoritative for the zone, whilst bind9 will see both
>> DCs as each being authoritative.
> I think we need to have a look at what a Windows DNS server does.
Perhaps someone can find an ldif of the SOA record used by windows, I
cannot (dratted point & click). What I have been able to ascertain,
every windows DC that is also a dns server has a SOA record, now is this
a separate SOA record for each DC, or just one SOA (as Samba) that holds
NS & A records for all DCs.
What I can also say is, even if you do add the NS & A records for any
secondary record to the SOA, you still only have one authoritative DC
(the first one) if you use the internal dns server. If you use Bind9,
each DC can be authoritative.
> Regarding the patch I agree we have a problem, we also have a bug report
> for it.
> But I think we need to fix it differently, we need to use rpc calls to
> the NS records.
If you are going to do that, why not add all the other records the same
way? better still, add them during the join, just as the provision does.
> I haven't looked in details but it seems Andrew already has fixes for it.
I will examine these.
> One remaining problem is that we need a way to separate the
> dns_update_list that we
> as developers control and a file where the admin can add custom values.
More information about the samba-technical