[Samba] Horrible BIND9_DLZ DNS breakage after DC replaced and samba-tool domain demote --remove-other-dead-server
Rowland Penny
rpenny at samba.org
Sun Aug 14 18:01:32 UTC 2016
On Sun, 14 Aug 2016 18:02:19 +0100
Alex Crow via samba <samba at lists.samba.org> wrote:
> Hi List,
>
> I have just reproduced this issue with Sernet Samba 4.4.5. I did a
> migration from classic on a new VM, and this time created the next DC
> on a new IP. As soon as I issued "samba-tool domain demote
> --remove-other-dead-server=<original DC name>". I could no longer
> start named/bind. It gave the same error as above.
>
> It seems that this command corrupts the LDB in a way that Bind DLZ
> can't see any valid records. Ideally we'd like to migrate from an
> NT-style domain, add extra DCs, and get rid of the DC used for
> migration afterwards, thereby making sure we don't have any traces of
> the old setup remaining. It's also a worry that if a DC really did
> fail and we had to remove it, that we'd still have various orphan
> records in the LDB.
>
> I'd me most grateful for any pointers. If it's worth raising a BZ I
> will do so, but as usual I'm not sure if I'm doing things correctly
> and I don't want to pollute BZ...
>
Ok, lets just run through this:
You have an NT4-style PDC
You classicupgrade this to a DC
You join another computer as a DC
At this point, have you checked that all DNS records etc are correct ?
Is Bind9 running on both DCs at this point.
Is everything working as expected ?
You now turn off the first DC
You now seize all FSMO roles to the remaining DC
Are you turning Bind9 off on the remaining DC at this point ?
You run the demote command and then Bind9 will not start ?
Rowland
More information about the samba
mailing list