[Samba] Authentication to Secondary Domain Controller initially fails when PDC is offline

Ole Traupe ole.traupe at tu-berlin.de
Wed Nov 18 15:44:43 UTC 2015

> It is DNS related.
>> What is the best way of dealing with this?
> The *best way* is a HA solution for your DNS Servers, but its expensive.
> The DNS client (resolver) caches the srv records for 15 minutes aka 900
> seconds.
> ipconfig /flushdns drops the cache. Reboot does the same.
> On server side you may set shorter TTL for the server records, but then
> you have more DNS traffic. On small netwoks (sites up to 20 clients, no
> wifi) I have good experience with a TTL of 180.

Harry, I tried this - unsuccessfully.

I have TTL settings in a) the SOA and b) the NS record of the FQDN and 
the _msdcs.FQDN sections in my Windows RSAT DNS console. None of these 4 
entries I can change: I get something like "The Source Of Authority 
(SOA) cannot be updated. The record already exists."

Do you have an idea how to accomplish this? Currently the setting is 1h, 
which is pretty long.


More information about the samba mailing list