[Samba] Horrible BIND9_DLZ DNS breakage after DC replaced and samba-tool domain demote --remove-other-dead-server

Alex Crow acrow at integrafin.co.uk
Sun Aug 28 20:37:57 UTC 2016


Thanks Rowland, just got back from holidays to see this.

It's great to have a solution but I don't think these "secret
incantations" should really be required. Do you agree with this sentiment?

Cheers

Alex


On 16/08/16 15:04, Rowland Penny via samba wrote:
> On Tue, 16 Aug 2016 09:20:56 +0100
> Rowland Penny via samba <samba at lists.samba.org> wrote:
>
>> On Mon, 15 Aug 2016 19:59:56 +0100
>> Rowland Penny via samba <samba at lists.samba.org> wrote:
>>
>>> On Mon, 15 Aug 2016 16:02:38 +0100
>>> Rowland Penny via samba <samba at lists.samba.org> wrote:
>>>
>>>
>>> So, as the OP said, this is a bit of a chicken and egg situation,
>>> you need the SOA records to add the SOA records via samba_dnsupdate.
>>>
>>> Rowland
>>>
>>>
>> And after further testing, but this time using the internal DNS
>> server, the problem doesn't exist, so it is a 'using Bind9 with Samba
>> problem'
>>
>> Rowland
>>
> After much further testing, I 'think' I have the magic incantation to
> get this working ;-)
>
> Install samba and Bind9 as normal on the second DC.
> Edit /etc/resolv.conf so that the nameserver points to the first DC. 
> Now join the computer as a DC, once the join is finalised and before
> you start bind9 or Samba, edit /etc/resolv.conf again, but this time,
> point the nameserver at the new DCs ipaddress or 127.0.0.1 i.e. itself.
>
> Start bind9 and then samba, this should run samba_dnsupdate and add all
> the missing records. You can check this with:
>
> host -t SRV _ldap._tcp.example.com.
>
> You should get a result similar to this:
>
> _ldap._tcp.example.com has SRV record 0 100 389 devdc1.example.com.
> _ldap._tcp.example.com has SRV record 0 100 389 devdc2.example.com.
>
> edit /etc/resolv.conf on both DCs to use the other as a nameserver and
> then itself:
>
> DC1:
>
> search example.com
> nameserver 192.168.0.251
> nameserver 127.0.0.1
>
> DC2:
>
> search example.com
> nameserver 192.168.0.250
> nameserver 127.0.0.1
>
> Finally, restart samba on both DCs
>
> Rowland
>

--
This message is intended only for the addressee and may contain
confidential information. Unless you are that person, you may not
disclose its contents or use it in any way and are requested to delete
the message along with any attachments and notify us immediately.
This email is not intended to, nor should it be taken to, constitute advice.
The information provided is correct to our knowledge & belief and must not
be used as a substitute for obtaining tax, regulatory, investment, legal or
any other appropriate advice.

"Transact" is operated by Integrated Financial Arrangements Ltd.
29 Clement's Lane, London EC4N 7AE. Tel: (020) 7608 4900 Fax: (020) 7608 5300.
(Registered office: as above; Registered in England and Wales under
number: 3727592). Authorised and regulated by the Financial Conduct
Authority (entered on the Financial Services Register; no. 190856).



More information about the samba mailing list