[Samba] Authentication to Secondary Domain Controller initially fails when PDC is offline

Rowland penny rpenny at samba.org
Thu Dec 10 09:41:07 UTC 2015

On 10/12/15 09:23, L.P.H. van Belle wrote:
> I was wondering why because in a full windows domain, every DC has an NS record.

When you join a DC, the basic info is added to AD and then when the 
samba deamon is started, samba_dnsupdate is run, this uses the file 
dns_update_list to add (if required) various dns records. Guess what dns 
records are not in that file?

However, even if you add the missing NS records to the SOA records, if 
you use the internal dns server, you will still only have one NS, this 
appears to be your first DC. I am beginning to think that if you have 
more than one DC, you should forget the internal DNS server and use 
BIND_DLZ instead.


More information about the samba mailing list