[Samba] Starting second DC makes named to freeze on primary DC
Rowland Penny
rowlandpenny at googlemail.com
Mon Sep 8 09:57:01 MDT 2014
On 08/09/14 16:33, Bruno Andrade wrote:
> hey,
>
> first, i user bind 9.8.1 as my DNS backend
>
> Well, I have a domain controller, dc1.example.com, running correctly
> and with the following configurations...
>
> == smb.conf ==
>
> [global]
> workgroup = EXAMPLE
> realm = EXAMPLE.COM
> netbios name = DC1
> server role = active directory domain controller
> idmap_ldb:use rfc2307 = yes
>
> server services = -dns
>
> dsdb:schema update allowed = true
>
> dos charset = ISO8859-1
> unix charset = cp850
>
> interfaces = vlan2
> bind interfaces only = Yes
>
> allow dns updates = nonsecure
> #nsupdate command = nsupdate
> #nsupdate command = /usr/bin/nsupdate -g -t 5
>
> == named.conf ==
>
> options {
> listen-on port 53 { 127.0.0.1; 10.1.11.2; };
> listen-on-v6 port 53 { ::1; };
> directory "/var/named";
> dump-file "/var/named/data/cache_dump.db";
> statistics-file "/var/named/data/named_stats.txt";
> memstatistics-file "/var/named/data/named_mem_stats.txt";
> allow-query { any; };
> recursion yes;
>
> # just example
> forwarders { 8.8.8.8; };
>
> dnssec-enable no;
> dnssec-validation no;
> dnssec-lookaside auto;
>
> bindkeys-file "/etc/named.iscdlv.key";
> managed-keys-directory "/var/named/dynamic";
> tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
> };
>
> zone "." IN {
> type hint;
> file "named.ca";
> };
>
> include "/etc/named.rfc1912.zones";
> include "/etc/named.root.key";
> include "/var/lib/samba/private/named.conf";
>
> And I have second DC with configurations:
>
> == smb.conf ==
>
> [global]
> workgroup = EXAMPLE
> realm = EXAMPLE.COM
> netbios name = DC2
> server role = active directory domain controller
> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
> drepl, winbind, ntp_signd, kcc, dnsupdate
>
> interfaces = eth1
> bind interfaces only = Yes
>
> dsdb:schema update allowed = true
>
> dos charset = ISO8859-1
> unix charset = cp850
>
> allow dns updates = nonsecure
> #nsupdate command = nsupdate
> #nsupdate command = /usr/bin/nsupdate -g -t 5
>
> == named.conf ==
>
> options {
> listen-on port 53 { 127.0.0.1; 10.1.1.150; };
> listen-on-v6 port 53 { ::1; };
> directory "/var/named";
> dump-file "/var/named/data/cache_dump.db";
> statistics-file "/var/named/data/named_stats.txt";
> memstatistics-file "/var/named/data/named_mem_stats.txt";
> allow-query { any; };
> recursion yes;
>
> forwarders { 10.1.11.2; };
>
> dnssec-enable no;
> dnssec-validation no;
> dnssec-lookaside auto;
>
> /* Path to ISC DLV key */
> bindkeys-file "/etc/named.iscdlv.key";
> tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
> };
>
> zone "." IN {
> type hint;
> file "named.ca";
> };
>
> include "/etc/named.rfc1912.zones";
> include "/etc/named.root.key";
> include "/var/lib/samba/private/named.conf";
>
> DC1 works fine until I start samba on DC2... then named on DC1 freezes
> and some logs related to DNS failed updates appear on the logs.
>
> Both DCs have samba 4.1.6 installed and bind 9.8.2.
>
> Is there anyone with some problems related to this.
>
> best regards,
> Bruno.
>
>
>
Hi, can you let us know what OS you are using, I did spot one potential
problem, though this shouldn't give the problems you are having:
On dc1:
listen-on port 53 { 127.0.0.1; 10.1.11.2; };
forwarders { 8.8.8.8; };
on dc2:
listen-on port 53 { 127.0.0.1; 10.1.1.150; };
forwarders { 10.1.11.2; };
I think that this means your DC's have the address's of '10.1.11.2' &
'10.1.1.150' and that you are forwarding anything that dc2 knows nothing
about to dc1. dc2 should know what dc1 knows, so you need to change
this, they should both forward to outside the samba AD domain.
How did you join the second DC to the first and did you get any errors
when you did so, did you follow this page on the wiki:
https://wiki.samba.org/index.php/Join_a_domain_as_a_DC
Rowland
More information about the samba
mailing list