[Samba] Internal DNS replication and how to fix

Brett Rowley browley at owneriq.com
Fri Oct 5 08:57:01 MDT 2012

Hi All,

First, off I'm a bit of a n00b w/Samba4 so I'll apologize ahead of time 
if any of this seems obvious/trivial.  I'm working with Samba RC1 tar 
build and trying to get DNS replication working. Right how I get the 
following under


Connection --
Connection name: fa253d86-3549-4208-ab29-a0d702ccdb02
Enabled        : TRUE
Server DNS name : target.OwnerIQ.local
     Server DN name  : CN=NTDS 
     TransportType: RPC
options: 0x00000001
Warning: No NC replicated for Connection!

I only have one server running W2k3 SP1.  I have trolled Google and read 
that both the internal DNS does not replicate some objects and that 
dynamic updates are not fully functional.  But, even after reading a 
bunch of documents, it's not clear /how/I fix that.  I've read that the 
replication is not complete on a additional DC and that it has to be 
done manually.  Not sure if that has anything to do with the 
"samba_upgradedns" command (which I ran, it complained about not having 
a zone file in /usr/local/samba/private/dns but all else seemed well).  
I also ran "samba_dnsupdate --verbose" and while that seemed alright, I 
did notice:

schema_fsmo_init: we are master[no] updates allowed[no]
Skipping PDC entry (SRV _ldap._tcp.pdc._msdcs.${DNSDOMAIN}

Shouldn't updates allowed be yes if I added "allow dns updates = true" 
in smb.conf?  One final note, I do have my resolv.conf pointing to my 
Win2k3 as the first DNS server.

My end goal is to replace the 2k3 server with Samba4 so, either way, if 
internal DNS is not an option right now because it hasn't matured, I'm 
tempted, based on what I've read, to try BIND to get around the internal 
problems.  I have that built with Bind 9.8.3 with the following:
./configure --prefix=/var/named --bindir=/usr/bin --sbindir=/usr/sbin 
--sysconfdir=/etc --datadir=/usr/share --includedir=/usr/include 
--libexecdir=/usr/libexe --sharedstatedir=/var/lib --with-libtool 
--enable-threads  --with-dlopen --with-gssapi

I would be willing to try the switch over but, while it's clear how to 
switch the backend (--/dns/-/backend=/BIND_DLZ) when provisioning Samba, 
how would I do this from a join perspective? Thanks in advance for any help!


