[Samba] Secondary DNS - samba 4 domain

Ryan Whelan rcwhelan at gmail.com
Thu May 31 07:03:29 MDT 2012 

On Thu, May 31, 2012 at 7:31 AM, Amitay Isaacs <amitay at gmail.com> wrote:

> Hi Ryan,
>
> On Thu, May 31, 2012 at 1:36 PM, Ryan Whelan <rcwhelan at gmail.com> wrote:
> > I was able to get dns to replicate from the first to the second DC.  Its
> > working well- except I can't create records on the second machine.
> Should I
> > be able to?  DomainDnsZone and ForestDnsZone are replicating both
> > directions.
> >
> > When i try; I get WERR_INTERNAL_DB_ERROR.  Is there a way to verify the
> > structure of the DBs on the second machine?  samba-tool dbcheck returns
> > without issue.
> >
> > root at SMB2:/usr/local/samba# bin/samba-tool dns add -Uadministrator smb2
> > cngtest.local tester A 192.168.0.250
> > Password for [CNGTEST\administrator]:
> > ERROR(runtime): uncaught exception - (1383, 'WERR_INTERNAL_DB_ERROR')
> >   File
> > "/usr/local/samba/lib/python2.6/site-packages/samba/netcmd/__init__.py",
> > line 160, in _run
> >     return self.run(*args, **kwargs)
> >   File
> "/usr/local/samba/lib/python2.6/site-packages/samba/netcmd/dns.py",
> > line 1055, in run
> >     None)
> >
> > It errors out in the MS server admin tools as well.
>
> Check the DNS records using ldbsearch.
>
>  # ldbsearch -H /path/to/private/dns/sam.ldb -b
> "DC=DomainDnsZones,DC=cngtest,DC=local"  "(objectclass=dnsNode)"
> --show-binary
>

the results are not exactly the same.  Here is a diff of the 2 outputs.
(first machine on the left, the second machine on the right)
http://pastebin.com/13xGYcUH


>
> This should dump all the DNS records and the details of each type of
> record. Can you confirm the output is similar to the output from the
> first DC?
>
> WERR_INTERNAL_DB_ERROR is caused by missing SOA record. You can verify
> with following command:
>
>  # samba-tool dns query smb2 cngtest.local @ ALL -U administrator
>
>
This is the same on bot machines:

root at SMB2:/usr/local/samba# bin/samba-tool dns query smb2 cngtest.local @
ALL -U administrator
Password for [CNGTEST\administrator]:
  Name=, Records=5, Children=0
    NS: smb1.cngtest.local. (flags=600000f0, serial=1, ttl=900)
    A: 192.168.0.201 (flags=600000f0, serial=1, ttl=900)
    NS: smb2.cngtest.local. (flags=600000f0, serial=8, ttl=0)
    A: 192.168.0.202 (flags=600000f0, serial=9, ttl=900)
    SOA: serial=24, refresh=900, retry=600, expire=86400,
ns=smb1.cngtest.local., email=hostmaster.cngtest.local. (flags=600000f0,
serial=24, ttl=3600)
  Name=_msdcs, Records=0, Children=0
  Name=_sites, Records=0, Children=2
  Name=_tcp, Records=0, Children=4
  Name=_udp, Records=0, Children=2
  Name=DomainDnsZones, Records=0, Children=2
  Name=ForestDnsZones, Records=0, Children=2
  Name=smb1, Records=1, Children=0
    A: 192.168.0.201 (flags=f0, serial=21, ttl=900)
  Name=smb2, Records=1, Children=0
    A: 192.168.0.202 (flags=f0, serial=9, ttl=0)
  Name=tester, Records=1, Children=0
    A: 192.168.0.241 (flags=f0, serial=24, ttl=0)
  Name=winxp-test, Records=1, Children=0
    A: 192.168.0.205 (flags=f0, serial=24, ttl=1200)
root at SMB2:/usr/local/samba#


Should the SOA from the second machine be its self? (rather than smb1)

ryan


> Amitay.
>

More information about the samba mailing list