[Samba] which DNS backend ?

Rowland penny rpenny at samba.org
Mon Feb 29 12:03:03 UTC 2016 

On 29/02/16 11:51, Reindl Harald wrote:
>
>
> Am 29.02.2016 um 12:29 schrieb Rowland penny:
>> On 29/02/16 10:45, Reindl Harald wrote:
>>>
>>>
>>> Am 29.02.2016 um 11:28 schrieb Rowland penny:
>>>> On 29/02/16 09:42, Reindl Harald wrote:
>>>>>
>>>>>
>>>>> Am 29.02.2016 um 10:10 schrieb Rowland penny:
>>>>>> Everything you say is valid except for when it comes to AD dns.
>>>>>> When you want data from a zone, you start with the SOA record, 
>>>>>> you ask
>>>>>> 'who holds the records for this zone?', it replies with the 
>>>>>> nameserver
>>>>>> that holds the zone records. OK so far ?
>>>>>>
>>>>>> Only problem is that with AD, *every* DC that runs a dns server 
>>>>>> holds
>>>>>> the zone records. Now if you have only one NS record in the SOA 
>>>>>> (or if
>>>>>> only one NS record is returned, like the internal dns server does),
>>>>>> then
>>>>>> only one DC will be asked for the zone records, if this DC is down,
>>>>>> you
>>>>>> don't have a nameserver to ask!
>>>>>
>>>>> than its a bug in the internal dns server only return one NS record
>>>>
>>>> Totally agree
>>>>
>>>>>
>>>>>> Every windows DC that runs a dns server is authoritative for the dns
>>>>>> domain and has a SOA record. The only way I have found of doing this
>>>>>> with a Samba DC, is to use Bind9 and add the second DCs NS record
>>>>>> to the
>>>>>> SOA, this SOA is stored in AD
>>>>>
>>>>> how would a SOA record look like with two NS records?
>>>>>
>>>>
>>>> There was a thread dealing with this in December, see here for what I
>>>> posted then:
>>>>
>>>> https://lists.samba.org/archive/samba/2015-December/196367.html
>>>
>>> i just want to see how a "dig SOA example.lan." would look like to
>>> contain two nameservers, that below form the thread is as always a SOA
>>> containing one origin
>>>
>>> example.lan
>>>      origin = testdc1.example.lan
>>>      mail addr = hostmaster.example.lan
>>>      serial = 3
>>>      refresh = 900
>>>      retry = 600
>>>      expire = 86400
>>>      minimum = 3600
>>
>> OK, your wish is my command :-)
>
> as i say all the time - the SOA record has only one nameserver
>
> ;; ANSWER SECTION:
> samdom.example.com.    3600    IN    SOA dc2.samdom.example.com. 
> hostmaster.samdom.example.com. 185 900 600 86400 3600
>
> that's the SOA and nothing else :-)
>
> > ;; AUTHORITY SECTION:
> > samdom.example.com.    900    IN    NS dc1.samdom.example.com.
> > samdom.example.com.    900    IN    NS dc2.samdom.example.com.
>
> these are NS records
>
>> root at dc1:~# dig SOA samdom.example.com
>>
>> ; <<>> DiG 9.9.5-9+deb8u2-Debian <<>> SOA samdom.example.com
>> ;; global options: +cmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54539
>> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3
>>
>> ;; OPT PSEUDOSECTION:
>> ; EDNS: version: 0, flags:; udp: 4096
>> ;; QUESTION SECTION:
>> ;samdom.example.com.        IN    SOA
>>
>> ;; ANSWER SECTION:
>> samdom.example.com.    3600    IN    SOA dc2.samdom.example.com.
>> hostmaster.samdom.example.com. 185 900 600 86400 3600
>>
>> ;; AUTHORITY SECTION:
>> samdom.example.com.    900    IN    NS dc1.samdom.example.com.
>> samdom.example.com.    900    IN    NS dc2.samdom.example.com.
>>
>> ;; ADDITIONAL SECTION:
>> dc1.samdom.example.com.    900    IN    A    192.168.0.5
>> dc2.samdom.example.com.    900    IN    A    192.168.0.6
>>
>> ;; Query time: 8 msec
>> ;; SERVER: 192.168.0.6#53(192.168.0.6)
>> ;; WHEN: Mon Feb 29 11:28:10 GMT 2016
>> ;; MSG SIZE  rcvd: 162
>
>
>

OK, same command run on the second DC:

root at dc2:~# dig SOA samdom.example.com

; <<>> DiG 9.9.5-9+deb8u2-Debian <<>> SOA samdom.example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24665
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;samdom.example.com.        IN    SOA

;; ANSWER SECTION:
samdom.example.com.    3600    IN    SOA    dc1.samdom.example.com. 
hostmaster.samdom.example.com. 185 900 600 86400 3600

;; AUTHORITY SECTION:
samdom.example.com.    900    IN    NS    dc2.samdom.example.com.
samdom.example.com.    900    IN    NS    dc1.samdom.example.com.

;; ADDITIONAL SECTION:
dc1.samdom.example.com.    900    IN    A    192.168.0.5
dc2.samdom.example.com.    900    IN    A    192.168.0.6

;; Query time: 2 msec
;; SERVER: 192.168.0.5#53(192.168.0.5)
;; WHEN: Mon Feb 29 12:01:23 GMT 2016
;; MSG SIZE  rcvd: 162

Rowland

More information about the samba mailing list