[Samba] Changing DC from external to internal DNS

support at remsnet.de support at remsnet.de
Wed Jan 28 11:56:49 MST 2015 

Hello Lars,

>
> I set up two AD DC with external bind and it used to work for a while. 
> Following a Bind9 upgrade named complained about missing SOA and NS 
> records in the DLZ zones and could not be started anymore.
> 
> Monday, due to a misinterpretation of some queries, I restarted Bind on 
> the hitherto working system and I got the same error messages. No 
> nothing changed - no changes in configuration, no updates.
> 
> I made a slave DNS master and activated its backup of the AD zone, so 
> the infrastructure is currently working.
> 
> Since I asked about that issue before on this list and received no 
> answer, I assume it is unknown. Whatever I tried to analyze the ldb, I I 
> couldn't find anything suspicious.
> 
> However, my idea now is to reduce complexity. Use the internal DNS for 
> the AD zone and keep the slave Bind to serve requests from the network.
> 

have & see equal issues here like you but on "VPN based slave networks" ..

I have now 5 vpns and only 2 of them have an local  AD, the rest are slave bind9. 

Seen BUGS had been filled , as some forest entrys for forward 
and reverse not correctly created by samba tool while using bind9 dlz.

> My questions:
> 
> 1) Can the internal DNS of Samba4 work as a master DNS, or are features 
> missing, e.g. zone transfer, which are expected by the slave?
> 

uppon samba4 internal dns docu >- don´t support axfr fully.

see https://wiki.samba.org/index.php/DNS_Administration#Known.2Fissues_missing_features
and https://wiki.samba.org/index.php/Samba_Internal_DNS#Limitations_.2F_Known_issues

> 2) As it seems the steps for falling back to internal DNS are: demote 
> one AD DC, configure a new one with internal DNS, join it as new DC. 
> Then do the same with the other DC. Is there a simpler method or 
> anything more to consider? Did someone do that before?
> 

you can simply switch to internal dns using samba-tool dns upgrade internal.
But then lack´s soome required modern dns feagers .

looks like  that the docu for "samba-tool dns upgrade internal."
 that had been dropted of the dns managment wiki page.. ?!?

@Marc ? review it please...


> Thanks for your help,
>   - lars.
>structions:  https://lists.samba.org/mailman/options/samba
> 
regards Horst

More information about the samba mailing list