[Samba] which DNS backend ?

Reindl Harald h.reindl at thelounge.net
Mon Feb 29 11:51:15 UTC 2016



Am 29.02.2016 um 12:29 schrieb Rowland penny:
> On 29/02/16 10:45, Reindl Harald wrote:
>>
>>
>> Am 29.02.2016 um 11:28 schrieb Rowland penny:
>>> On 29/02/16 09:42, Reindl Harald wrote:
>>>>
>>>>
>>>> Am 29.02.2016 um 10:10 schrieb Rowland penny:
>>>>> Everything you say is valid except for when it comes to AD dns.
>>>>> When you want data from a zone, you start with the SOA record, you ask
>>>>> 'who holds the records for this zone?', it replies with the nameserver
>>>>> that holds the zone records. OK so far ?
>>>>>
>>>>> Only problem is that with AD, *every* DC that runs a dns server holds
>>>>> the zone records. Now if you have only one NS record in the SOA (or if
>>>>> only one NS record is returned, like the internal dns server does),
>>>>> then
>>>>> only one DC will be asked for the zone records, if this DC is down,
>>>>> you
>>>>> don't have a nameserver to ask!
>>>>
>>>> than its a bug in the internal dns server only return one NS record
>>>
>>> Totally agree
>>>
>>>>
>>>>> Every windows DC that runs a dns server is authoritative for the dns
>>>>> domain and has a SOA record. The only way I have found of doing this
>>>>> with a Samba DC, is to use Bind9 and add the second DCs NS record
>>>>> to the
>>>>> SOA, this SOA is stored in AD
>>>>
>>>> how would a SOA record look like with two NS records?
>>>>
>>>
>>> There was a thread dealing with this in December, see here for what I
>>> posted then:
>>>
>>> https://lists.samba.org/archive/samba/2015-December/196367.html
>>
>> i just want to see how a "dig SOA example.lan." would look like to
>> contain two nameservers, that below form the thread is as always a SOA
>> containing one origin
>>
>> example.lan
>>      origin = testdc1.example.lan
>>      mail addr = hostmaster.example.lan
>>      serial = 3
>>      refresh = 900
>>      retry = 600
>>      expire = 86400
>>      minimum = 3600
>
> OK, your wish is my command :-)

as i say all the time - the SOA record has only one nameserver

;; ANSWER SECTION:
samdom.example.com.    3600    IN    SOA    dc2.samdom.example.com. 
hostmaster.samdom.example.com. 185 900 600 86400 3600

that's the SOA and nothing else :-)

 > ;; AUTHORITY SECTION:
 > samdom.example.com.    900    IN    NS    dc1.samdom.example.com.
 > samdom.example.com.    900    IN    NS    dc2.samdom.example.com.

these are NS records

> root at dc1:~# dig SOA samdom.example.com
>
> ; <<>> DiG 9.9.5-9+deb8u2-Debian <<>> SOA samdom.example.com
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54539
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ;; QUESTION SECTION:
> ;samdom.example.com.        IN    SOA
>
> ;; ANSWER SECTION:
> samdom.example.com.    3600    IN    SOA    dc2.samdom.example.com.
> hostmaster.samdom.example.com. 185 900 600 86400 3600
>
> ;; AUTHORITY SECTION:
> samdom.example.com.    900    IN    NS    dc1.samdom.example.com.
> samdom.example.com.    900    IN    NS    dc2.samdom.example.com.
>
> ;; ADDITIONAL SECTION:
> dc1.samdom.example.com.    900    IN    A    192.168.0.5
> dc2.samdom.example.com.    900    IN    A    192.168.0.6
>
> ;; Query time: 8 msec
> ;; SERVER: 192.168.0.6#53(192.168.0.6)
> ;; WHEN: Mon Feb 29 11:28:10 GMT 2016
> ;; MSG SIZE  rcvd: 162

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20160229/6a6f8003/signature.sig>


More information about the samba mailing list