[Samba] Horrible BIND9_DLZ DNS breakage after DC replaced and samba-tool domain demote --remove-other-dead-server

Rowland Penny rpenny at samba.org
Sun Aug 28 20:57:41 UTC 2016

On Sun, 28 Aug 2016 21:37:57 +0100
Alex Crow via samba <samba at lists.samba.org> wrote:

> Thanks Rowland, just got back from holidays to see this.
> It's great to have a solution but I don't think these "secret
> incantations" should really be required. Do you agree with this
> sentiment?
> Cheers
> Alex

To a certain extent, yes.

The basics of it is, when you do the join, the new DC has to find
the old DC, but when you first start the new DC, it uses its own
kerberos key to update it own records in AD and so has to connect to
itself. Well that is how it appears to me.

when you provision the first DC, all its records are created during the
provision, I wonder if this could also be done when a new DC is
joined ?


More information about the samba mailing list