[Samba] Horrible BIND9_DLZ DNS breakage after DC replaced and samba-tool domain demote --remove-other-dead-server

Fri Aug 12 17:00:06 UTC 2016

Hi List,

We are running through testing our migration to Samba4/AD domain and hit 
an odd issue.

We set up one new VM as a legacy PDC and performed a migration on this 
machine. All went fine. We added a second DC with no issues. We then 
simulated the first DC going away by unplugging the VM NIC and did an 
FSMO seize.

The next step was to reinstall the original VM from scratch as a new DC 
on the same IP as the original, which also worked well. However there 
were many missing DNS records on this and the previous second DC, which 
we fixed by running "samba_dnsupdate --verbose".

We then tried to use "samba-tool domain demote 
--remove-other-dead-server=<original DC name>" which seemed to run 
successfully. However the next time named was restarted it complained 
that the main forward zone had no records, on both new DCs, and could 
not complete the startup sequence:

Aug 12 14:44:56 samba4-dc-1 named[2483]: samba_dlz: started for DN 
DC=samba,DC=ifa,DC=net
Aug 12 14:44:56 samba4-dc-1 named[2483]: samba_dlz: starting configure
Aug 12 14:44:56 samba4-dc-1 named[2483]: zone samba.ifa.net/NONE: has no 
NS records

I've checked with ldbedit and there seems to be nothing corrupted or 
obviously wrong. There is a correct FSMO role for both DNS roles, but 
still no joy.

Does anyone have any ideas or has anyone else experienced a similar issue?

Best regards

Alex

--
This message is intended only for the addressee and may contain
confidential information. Unless you are that person, you may not
disclose its contents or use it in any way and are requested to delete
the message along with any attachments and notify us immediately.
This email is not intended to, nor should it be taken to, constitute advice.
The information provided is correct to our knowledge & belief and must not
be used as a substitute for obtaining tax, regulatory, investment, legal or
any other appropriate advice.

"Transact" is operated by Integrated Financial Arrangements Ltd.
29 Clement's Lane, London EC4N 7AE. Tel: (020) 7608 4900 Fax: (020) 7608 5300.
(Registered office: as above; Registered in England and Wales under
number: 3727592). Authorised and regulated by the Financial Conduct
Authority (entered on the Financial Services Register; no. 190856).