[Samba] which DNS backend ?

Rowland penny rpenny at samba.org
Mon Feb 29 11:29:06 UTC 2016


On 29/02/16 10:45, Reindl Harald wrote:
>
>
> Am 29.02.2016 um 11:28 schrieb Rowland penny:
>> On 29/02/16 09:42, Reindl Harald wrote:
>>>
>>>
>>> Am 29.02.2016 um 10:10 schrieb Rowland penny:
>>>> Everything you say is valid except for when it comes to AD dns.
>>>> When you want data from a zone, you start with the SOA record, you ask
>>>> 'who holds the records for this zone?', it replies with the nameserver
>>>> that holds the zone records. OK so far ?
>>>>
>>>> Only problem is that with AD, *every* DC that runs a dns server holds
>>>> the zone records. Now if you have only one NS record in the SOA (or if
>>>> only one NS record is returned, like the internal dns server does), 
>>>> then
>>>> only one DC will be asked for the zone records, if this DC is down, 
>>>> you
>>>> don't have a nameserver to ask!
>>>
>>> than its a bug in the internal dns server only return one NS record
>>
>> Totally agree
>>
>>>
>>>> Every windows DC that runs a dns server is authoritative for the dns
>>>> domain and has a SOA record. The only way I have found of doing this
>>>> with a Samba DC, is to use Bind9 and add the second DCs NS record 
>>>> to the
>>>> SOA, this SOA is stored in AD
>>>
>>> how would a SOA record look like with two NS records?
>>>
>>
>> There was a thread dealing with this in December, see here for what I
>> posted then:
>>
>> https://lists.samba.org/archive/samba/2015-December/196367.html
>
> i just want to see how a "dig SOA example.lan." would look like to 
> contain two nameservers, that below form the thread is as always a SOA 
> containing one origin
>
> example.lan
>      origin = testdc1.example.lan
>      mail addr = hostmaster.example.lan
>      serial = 3
>      refresh = 900
>      retry = 600
>      expire = 86400
>      minimum = 3600
>
>
>

OK, your wish is my command :-)

root at dc1:~# dig SOA samdom.example.com

; <<>> DiG 9.9.5-9+deb8u2-Debian <<>> SOA samdom.example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54539
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;samdom.example.com.        IN    SOA

;; ANSWER SECTION:
samdom.example.com.    3600    IN    SOA    dc2.samdom.example.com. 
hostmaster.samdom.example.com. 185 900 600 86400 3600

;; AUTHORITY SECTION:
samdom.example.com.    900    IN    NS    dc1.samdom.example.com.
samdom.example.com.    900    IN    NS    dc2.samdom.example.com.

;; ADDITIONAL SECTION:
dc1.samdom.example.com.    900    IN    A    192.168.0.5
dc2.samdom.example.com.    900    IN    A    192.168.0.6

;; Query time: 8 msec
;; SERVER: 192.168.0.6#53(192.168.0.6)
;; WHEN: Mon Feb 29 11:28:10 GMT 2016
;; MSG SIZE  rcvd: 162

Rowland


More information about the samba mailing list