[Samba] Samba4 AD DC Sites / Rename Default-First-Site-Name and internal DNS

Andrew Bartlett abartlet at samba.org
Sat Dec 29 18:03:19 MST 2012


On Sat, 2012-12-29 at 13:38 +0100, Achim Gottinger wrote:
> Hello,
> 
> I'm running a  few tests here with two locations.
> 
> site1: server-site1.gsg.local subnet 192.168.200.0/24
> site2: server-site2.gsg.local subnet 192.168.190.0/24
> 
> both are connected via VPN.
> 
> I migrated an samba3 domain at server-site1 it gets 
> Default-First-Site-Name assigned. Then I joined the new samba4 domain 
> withe server-site2. Both servers work and i can join and access them 
> with clients at both locations. I created reverse zones for both subnets 
> and added the required static entries.
> Then I created an new site (name site2) and two subnets with MS AD Site 
> Management. I assigned subnet 192.168.200.0/24 to the site 
> "Default-First-Site-Name" and subnet 192.168.190.0/24 to the site 
> "site2". And moved server-site2 from Default-First-Site-Name to site2.
> Machines at site1 randomly picked server-site2 for logins. On site2 they 
> always picked server-site2.
> 
> So I deleted a few DNS records.
> 
> _ldap._tcp.Default-First-Site-Name._sites.gsg.local SRV site2.gsg.local
> 
> _kerberos._tcp.Default-First-Site-Name._sites.gsg.local SRV site2.gsg.local
> 
> _gc._tcp.Default-First-Site-Name._sites.gsg.local SRV site2.gsg.local
> 
> _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.gsg.local SRV site2.gsg.local
> 
> 
> And after an samba restart also
> 
> _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.gsg.local SRV site2.gsg.local
> 
> _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.gsg.local SRV site2.gsg.local
> 
> Afterwards machines at site1 also chose server-site1 most of the time. 
> Hope i can optimize the behaviour of logon server choosing abit more but 
> it happened really seldom and it all ran virtualized with 1GB bandwidth 
> for the VPN connection, which will be 1-2MBit once in production.
> 
> As an last step i renamed the site "Default-First-Site-Name" into 
> "site1". Restarted the samba services at both sites check replication. 
> But there are still a few DNS entries left whom i deleted manual.
> 
> _ldap._tcp.Default-First-Site-Name._sites.gsg.local SRV site1.gsg.local
> _kerberos._tcp.Default-First-Site-Name._sites.gsg.local SRV site1.gsg.local
> _gc._tcp.Default-First-Site-Name._sites.gsg.local SRV site1.gsg.local
> _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.gsg.local SRV site1.gsg.local
> _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.gsg.local SRV site1.gsg.local
> _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.gsg.local SRV site1.gsg.local
> 
> So there are no more (visible) entries left in
> 
> Default-First-Site-Name._sites.gsg.local
> Default-First-Site-Name._sites.gc._msdcs.gsg.local
> Default-First-Site-Name._sites.dc._msdcs.gsg.local
> 
> But the structure remains an can not be deleted. (things like 
> _tcp.Default-First-Site-Name._sites.gsg.local). Things still seem to 
> work at both sites but i'm curious if these leftovers can be completely 
> removed.

As you have noticed, we are very good at adding DNS records, but never
remove the old ones.  What you have done seems reasonable, if you have
renamed the site, removing the remaining DNS references seems entirely
reasonable.

Please file a bug about the left-behind DNS stuff, we really should
clean that up. 

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org




More information about the samba mailing list