[Samba] Authentication to Secondary Domain Controller initially fails when PDC is offline
James
lingpanda101 at gmail.com
Fri Nov 27 13:23:51 UTC 2015
On 11/26/2015 11:12 AM, Ole Traupe wrote:
>
>>> Then you re-run your test with only DC2 up and running.
>>> Note DNS have need time to be updated if you are using others DNS
>>> servers between clients and AD DCs.
>> The SOA RR identifies a primary DNS name server for the zone as the
>> best source of information for the data within that zone and as a
>> entity processing the updates for the zone.
>>
>> The NS resource record is used to notate which DNS servers are
>> designated as authoritative for the zone. Listing a server in the NS
>> RR, it becomes known to others as an authoritative server for the
>> zone. This means that any server specified in the NS RR is to be
>> considered an authoritative source by others, and is able to answer
>> with certainty any queries made for names included in the zone.
>>
>> Much of the above was taken almost verbatim from online Microsoft
>> tech documents. I don't believe that DC's create NS records by default.
>
> You mean Samba DCs or DCs in general?
>
> I am not sure I understand the above. Do you suggest to create another
> NS record for the Second_DC, or not to?
>
> In the resolv.conf on my member servers both DCs are listed as DNS
> servers. I like to think that the member servers eventually ask the
> second DNS server, if the first won't respond. This seems to be
> reflected by ping taking more than 5 s for the first packet to arrive.
>
> BUT what does the second DNS server (Second_DC) reply? Which logon
> server does it announce?
>
>
DNS can be very confusing. You do not need to create a NS record for
your second DC if the zone is directory integrated. By default the DC is
authoritative for that zone.
--
-James
More information about the samba
mailing list