[Samba] DNS issues after FSMO seize
rpenny at samba.org
Tue Apr 5 13:11:33 UTC 2016
On 05/04/16 13:48, lingpanda101 at gmail.com wrote:
> On 4/5/2016 8:17 AM, mathias dufresne wrote:
>> For me:
>> - SOA means where updates can be sent.
>> - SOA can be one or several.
>> - NS is a record to help non-authoritative name servers to find a valid
>> name server for the zone they receive a request and they don't know
>> anything about that zone.
>> - SOA is often declared as NS, I agree. I explained this is not
>> There is no link between these two notions except they share a zone.
>> You are two to tell that's absurd. What I want is to understand things,
>> things includes DNS protocol and its usage into an AD. So if you have
>> anything to _*explain*_ me why these concepts are really linked, please
>> tell me. Develop your argumentation because I'm really thick.
>> Then we could go back to define the role of SOA and NS.
>> For me, again:
>> - SOA where to write
>> - NS where to ask
>> Again, if you do not agree with that, explain, develop, be clear, I'm
>> And please don't come back to tell me NS stands for name server and SOA
>> stands for Start of authority. If I wouldn't be able to find these
>> information I would have nothing to do in IT world, not designing an
>> AD for
>> a large company at least.
>> And please accept my apologizes about the tone, I really hate people
>> who do
>> not explain. We are here to understand, to grow up together. Telling
>> someone "you're wrong" and stop there is a non-sense, that won't help
>> guy to understand his error, where not what he misunderstood.
>> 2016-04-05 12:01 GMT+02:00 L.P.H. van Belle <belle at bazuin.nl>:
> I'll throw my two cents in. I noted this from a Mircosoft technet
> article for a 2003 server I jotted down.
> "The SOA RR identifies a primary DNS name server for the zone as the
> best source of information for the data within that zone and as an
> entity processing the updates for the zone. "
> "A name within a zone can also be delegated to a different zone that
> is hosted on a different DNS server. Delegation is a process of
> assigning responsibility for a portion of a DNS namespace to a DNS
> server owned by a separate entity. This separate entity could be
> another organization, department or workgroup within your company.
> Such delegation is represented by the NS resource record that
> specifies the delegated zone and the DNS name of the server
> authoritative for that zone."
> "The name server (NS) RRs facilitate delegation by identifying DNS
> servers for each zone and the NS RRs appear in all zones. Whenever a
> DNS server needs to cross a delegation in order to resolve a name, it
> will refer to the NS RRs for DNS servers in the target zone."
> "If multiple NS records exist for a delegated zone identifying
> multiple DNS servers available for querying, the Windows Server 2003
> DNS Server service will be able to select the closest DNS server based
> on the round trip intervals measured over time for every DNS server."
> The above is how I view the SOA and NS RR's. This is difficult for
> many, due to users using Samba Internal DNS or Bind. Both exhibit
> different behavior with respect to the SOA and NS records. With that
> said, the above is how the SOA and NS RR's records should behave (if
> things have changed, please advise).
> The biggest issue facing the Samba Internal DNS, is it only reports
> one server as SOA. Bind does not have this limitation, as Rowland has
> attested to with several threads showing his findings. Each server
> should report itself as SOA.
> When I had to seize FSMO roles, I had to update the SOA to a
> different DC, as it still pointed to the removed DC. This is using
> internal DNS. I'm not sure if using bind, if when seizing you still
> need to do this.
This is the problem I found with the internal dns, you only get one SOA
record, even if you add other DC NS & A records to the SOA. Bind works
differently, you still have to add DC NS & A records to the SOA, but
then every DC claims to have a SOA.
More information about the samba