[Samba] which DNS backend ?

Rowland penny rpenny at samba.org
Mon Feb 29 13:00:12 UTC 2016 

On 29/02/16 12:20, Reindl Harald wrote:
>
>
> Am 29.02.2016 um 13:03 schrieb Rowland penny:
>>>>> i just want to see how a "dig SOA example.lan." would look like to
>>>>> contain two nameservers, that below form the thread is as always a 
>>>>> SOA
>>>>> containing one origin
>>>>>
>>>> OK, your wish is my command :-)
>>>
>>> as i say all the time - the SOA record has only one nameserver
>>>
>>> ;; ANSWER SECTION:
>>> samdom.example.com.    3600    IN    SOA dc2.samdom.example.com.
>>> hostmaster.samdom.example.com. 185 900 600 86400 3600
>>>
>>> that's the SOA and nothing else :-)
>>>
>>> > ;; AUTHORITY SECTION:
>>> > samdom.example.com.    900    IN    NS dc1.samdom.example.com.
>>> > samdom.example.com.    900    IN    NS dc2.samdom.example.com.
>>>
>>> these are NS records
>>>
>>>> ;; ANSWER SECTION:
>>>> samdom.example.com.    3600    IN    SOA dc2.samdom.example.com.
>>>> hostmaster.samdom.example.com. 185 900 600 86400 3600
>>
>> OK, same command run on the second DC:
>>
>> ;; ANSWER SECTION:
>> samdom.example.com.    3600    IN    SOA dc1.samdom.example.com.
>> hostmaster.samdom.example.com. 185 900 600 86400 3600
>
> well, that are still SOA records with one nameserver

Well yes, but each DC uses the other DC to get zone records, i.e. 
/etc/resolv.conf on the first DC is this:

search samdom.example.com
nameserver 192.168.0.6    # <-- second DC ipaddress
nameserver 192.168.0.5    # <-- this DC ipaddress

and on the second DC:

search samdom.example.com
nameserver 192.168.0.5    # <-- first DC ipaddress
nameserver 192.168.0.6    # <-- this DC ipaddress


>
> that each server lists the other one as SOA is a different story and 
> my whole point was the the SOA itself can not have 2 nameservers which 
> is unchanged

Each DC is reporting that the other DC is authoritative for the zone, 
there is only *one* SOA record in AD and this contains the NS records 
for both DCs

So while the SOA reports only one nameserver, it is a different one 
depending on which DC you ask, therefore whilst the Bind dns server 
works like the windows dns server, the internal dns server does not. If 
you use the internal dns server, from my testing, it will only report 
one NS record, even if you have added the NS record for the second DC to 
the SOA.

Rowland
>
>
>

More information about the samba mailing list