[Samba] Authentication to Secondary Domain Controller initially fails when PDC is offline

Ole Traupe ole.traupe at tu-berlin.de
Thu Nov 26 15:51:16 UTC 2015

> they can all reply to queries.
> But on my AD there is only one NS, the SOA.
> In fact I thought the SOA was here to distinguish which NS among all NS is
> the master.
> With only one NS record when several DNS are present for the same zone, I
> expect only one NS will reply to every request so, according to what I had
> understood about DNS, only one DC will receive all requests from clients.
> If I'm right, why Samba does not add NS when a DC is joined?
> Today I played with fsmo seize. I haven't checked NS records until now. I
> have 2 DCs, DC1 & DC2, DC2 became new FSMO, I also modified SOA record to
> set SOA on DC2.
> Looking for NS record of my AD I have only DC1 as NS when DC2 is SOA.
> Ole,
> I would declare DC2 as NS. Then once DC1 is off, when a client would ask
> for NS list of your AD this client would receive DC1 + DC2 and would have
> more chances to send its request to DC2.
> Then you re-run your test with only DC2 up and running.
> Note DNS have need time to be updated if you are using others DNS servers
> between clients and AD DCs.

Mathias, thank you, I will try this. This is very similar to what 
Rowland suggested. Sorry for not testing this earlier, there were other 
things I had to attend to.

What I ask myself: this is the content of my /etc/resolv.conf (without 
">", of course)

 > search my.domain.tld
 > nameserver __IP_of_First_DC__
 > nameserver __IP_of_Second_DC__

This doesn't do the trick? Or will the client ask the NS, who the NS for 
the AD domain is?

More information about the samba mailing list