[Samba] DNS Issues when joining a Domain as a DC

Rowland Penny rowlandpenny at googlemail.com
Thu Oct 16 04:30:44 MDT 2014

On 16/10/14 11:12, Daniel Müller wrote:
> Is your first DC a Samba4 host?
> Did you: samba-tool domain join YOURDOMAIN DC -Uadministrator
> --realm=your.realm --dns-backend=BIND9_DLZ
> samba-tool dns add your.master.dc your.realm YOUR.NEW.DC A your.new.dc.ip
> -Uadministrator
> host -t A YOUR.NEW.DC.  must show no errors!!

Hi Daniel, kerberos has nothing to do with DNS (unless you are trying to 
run nsupdate), so shouldn't impact on the OP's problem.


> What about your krb5.conf?
> What about : samba-tool drs kcc -Uadministrator Your.domain.controllers  ?
> Ex:
> samba-tool drs kcc -Uadministrator s4master.tplk.loc
> Password for [TPLK\administrator]:
> Consistency check on s4master.tplk.loc successful.
> EDV Daniel Müller
> Leitung EDV
> Tropenklinik Paul-Lechler-Krankenhaus
> Paul-Lechler-Str. 24
> 72076 Tübingen
> Tel.: 07071/206-463, Fax: 07071/206-499
> eMail: mueller at tropenklinik.de
> Internet: www.tropenklinik.de
> -----Ursprüngliche Nachricht-----
> Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] Im
> Auftrag von Thomas Kempf
> Gesendet: Donnerstag, 16. Oktober 2014 11:35
> An: samba at lists.samba.org
> Betreff: [Samba] DNS Issues when joining a Domain as a DC
> Hi,
> yesterday i tried to join a domain as a DC with bind9 as dns-backend on
> Debian Wheezy with samba 4.1.11 from backports. I followed the tutorial in
> the wiki https://wiki.samba.org/index.php/Join_a_domain_as_a_DC but didn'
> find the instruction completely clear, so perhaps i made a mistake during
> the join.
> It is written there:
> "If you choose BIND as DNS backend, instead of the internal DNS, then you,
> of course, have to finish this before you continue"
> I could not figure out how to finish configuring bind as a backend, when the
> keytab file and the other bind-related files get created after joining the
> domain.
> So i ran the join command first, and with the files created in this step, i
> was able to get the DC up and running...
> I had to manually create the A and CNAME records on the old DC like it is
> written in the wiki in the part "Check required DNS entries of the new
> host". my guess was, that those entries should be replicated later on to the
> new DC seems not to work.
> When i check the name resolving of the A record on the newly joined DC it
> does not resolve whereas on the old one it works fine.
> AD-Domain is ad.hueper.de
> old DC is dns2.ad.hueper.de
> new DC is dns1.ad.hueper.de
> dns1:~# host -t A dns1.ad.hueper.de dns2.ad.hueper.de Using domain server:
> Name: dns2.ad.hueper.de
> Address:
> Aliases:
> dns1.ad.hueper.de has address
> dns1:~# host -t A dns1.ad.hueper.de dns1.ad.hueper.de Using domain server:
> Name: dns1.ad.hueper.de
> Address:
> Aliases:
> Host dns1.ad.hueper.de not found: 3(NXDOMAIN)
> When i look at the servers using RSAT DNS-Manager i can see the A-Record on
> both DNS-Servers, so i wonder why doesn't it resolve on the new DC ?
> Is it save to delete the A and CNAME Records and recreate them using RSAT ?
> kind regards
> Tom
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list