[Samba] DNS issues after FSMO seize
lingpanda101 at gmail.com
lingpanda101 at gmail.com
Tue Apr 5 12:48:51 UTC 2016
On 4/5/2016 8:17 AM, mathias dufresne wrote:
> For me:
> - SOA means where updates can be sent.
> - SOA can be one or several.
> - NS is a record to help non-authoritative name servers to find a valid
> name server for the zone they receive a request and they don't know
> anything about that zone.
> - SOA is often declared as NS, I agree. I explained this is not mandatory.
>
> There is no link between these two notions except they share a zone.
>
> You are two to tell that's absurd. What I want is to understand things,
> things includes DNS protocol and its usage into an AD. So if you have
> anything to _*explain*_ me why these concepts are really linked, please
> tell me. Develop your argumentation because I'm really thick.
>
> Then we could go back to define the role of SOA and NS.
> For me, again:
> - SOA where to write
> - NS where to ask
>
> Again, if you do not agree with that, explain, develop, be clear, I'm still
> thick.
>
> And please don't come back to tell me NS stands for name server and SOA
> stands for Start of authority. If I wouldn't be able to find these
> information I would have nothing to do in IT world, not designing an AD for
> a large company at least.
>
> And please accept my apologizes about the tone, I really hate people who do
> not explain. We are here to understand, to grow up together. Telling
> someone "you're wrong" and stop there is a non-sense, that won't help the
> guy to understand his error, where not what he misunderstood.
>
>
>
> 2016-04-05 12:01 GMT+02:00 L.P.H. van Belle <belle at bazuin.nl>:
>
I'll throw my two cents in. I noted this from a Mircosoft technet
article for a 2003 server I jotted down.
"The SOA RR identifies a primary DNS name server for the zone as the
best source of information for the data within that zone and as an
entity processing the updates for the zone. "
"A name within a zone can also be delegated to a different zone that is
hosted on a different DNS server. Delegation is a process of assigning
responsibility for a portion of a DNS namespace to a DNS server owned by
a separate entity. This separate entity could be another organization,
department or workgroup within your company. Such delegation is
represented by the NS resource record that specifies the delegated zone
and the DNS name of the server authoritative for that zone."
"The name server (NS) RRs facilitate delegation by identifying DNS
servers for each zone and the NS RRs appear in all zones. Whenever a DNS
server needs to cross a delegation in order to resolve a name, it will
refer to the NS RRs for DNS servers in the target zone."
"If multiple NS records exist for a delegated zone identifying multiple
DNS servers available for querying, the Windows Server 2003 DNS Server
service will be able to select the closest DNS server based on the round
trip intervals measured over time for every DNS server."
The above is how I view the SOA and NS RR's. This is difficult for many,
due to users using Samba Internal DNS or Bind. Both exhibit different
behavior with respect to the SOA and NS records. With that said, the
above is how the SOA and NS RR's records should behave (if things have
changed, please advise).
The biggest issue facing the Samba Internal DNS, is it only reports one
server as SOA. Bind does not have this limitation, as Rowland has
attested to with several threads showing his findings. Each server
should report itself as SOA.
When I had to seize FSMO roles, I had to update the SOA to a different
DC, as it still pointed to the removed DC. This is using internal DNS.
I'm not sure if using bind, if when seizing you still need to do this.
--
-James
More information about the samba
mailing list