[Samba] Secondary DNS - samba 4 domain

Ryan Whelan rcwhelan at gmail.com
Wed May 30 21:36:45 MDT 2012 

I was able to get dns to replicate from the first to the second DC.  Its
working well- except I can't create records on the second machine.  Should
I be able to?  DomainDnsZone and ForestDnsZone are replicating both
directions.

When i try; I get WERR_INTERNAL_DB_ERROR.  Is there a way to verify the
structure of the DBs on the second machine?  samba-tool dbcheck returns
without issue.

root at SMB2:/usr/local/samba# bin/samba-tool dns add -Uadministrator smb2
cngtest.local tester A 192.168.0.250
Password for [CNGTEST\administrator]:
ERROR(runtime): uncaught exception - (1383, 'WERR_INTERNAL_DB_ERROR')
  File
"/usr/local/samba/lib/python2.6/site-packages/samba/netcmd/__init__.py",
line 160, in _run
    return self.run(*args, **kwargs)
  File "/usr/local/samba/lib/python2.6/site-packages/samba/netcmd/dns.py",
line 1055, in run
    None)

It errors out in the MS server admin tools as well.


On Wed, May 30, 2012 at 8:09 PM, Ryan Whelan <rcwhelan at gmail.com> wrote:

> I was able to get the DomainDnsZone and ForestDnsZone replicated to the
> second machine.  I ran the samba_upgradedns script and it created the
> private/dns dir and populated it with with the ldbs.  Bind starts fine with
> the dlopen.  However, bind fails to resolve anything. Trying to do a zone
> transfer (via `dig`) from the second machine fails- looking at the log, it
> says the zone has no SOA.  However, running `samba-tool dns query smb2
> cngtest.local cngtest.local SOA` returns:
>
>   Name=, Records=0, Children=0
>   Name=_msdcs, Records=0, Children=0
>   Name=_sites, Records=0, Children=1
>   Name=_tcp, Records=0, Children=4
>   Name=_udp, Records=0, Children=2
>   Name=DomainDnsZones, Records=0, Children=2
>   Name=ForestDnsZones, Records=0, Children=2
>   Name=smb1, Records=0, Children=0
>   Name=tester, Records=0, Children=0
>
> If i try to resolve a single host (via `dig`) returns SERVFAIL.  I've
> tried restarting both bind and samba. It didn't help.
>
>
> On Wed, May 30, 2012 at 7:10 PM, Amitay Isaacs <amitay at gmail.com> wrote:
>
>> Hi Ryan,
>>
>> On Thu, May 31, 2012 at 5:52 AM, Ryan Whelan <rcwhelan at gmail.com> wrote:
>> > How do I do about setting up a second samba DC as a DNS server?  I have
>> 2
>> > DCs in the domain (setup via the How-to on the wiki)
>> >
>> > If I try to follow the steps I used for the first controller on the
>> second,
>> > bind won't start because /usr/local/samba/private/dns hasn't been
>> created
>> > or populated. (I'm using the dlz backend).  Searching the wiki has
>> provided
>> > nothing.  How to I create the needed ldb zone files?  Do i just copy
>> them
>> > from the first machine?
>>
>> It's slightly more involved. First you have to make sure that DNS
>> partitions are getting replicated between two DCs. If the DNS
>> partitions are not replicated correctly you won't be able to run DNS
>> server on secondary DC. Next step is to use samba_upgradedns script to
>> "fix" the provision on secondary DC and to create the files required
>> by DLZ backend.
>>
>> The main issue reported by few users is that the replication fails at
>> times and I have not yet been able to figure out the root cause of
>> this. So if you notice issues with replication, let me know.
>>
>> Amitay
>>
>
>

More information about the samba mailing list