[Samba] which DNS backend ?

Rowland penny rpenny at samba.org
Tue Mar 1 13:50:10 UTC 2016 

On 01/03/16 13:23, Reindl Harald wrote:
>
>
> Am 01.03.2016 um 11:23 schrieb mathias dufresne:
>> Several SOA is easy to design without breaking RFC: as every DNS server
>> in AD is able to modify the zone, every DNS server in AD is SOA. As any
>> DNS server is SOA and only one SOA can be returned, these DNS server
>> must reply "I am SOA".
>> 10 DC running a DNS server.
>> One client asking to DC07 for SOA.
>> DC07 replies "SOA is DC07".
>> One client asking to DC02 for SOA.
>> DC02 replies "SOA is DC02".
>
> yes, but that's not a SOA containing two nameservers - period
> nothing else is what i criticized because the term is wrong
>
>
>

OK, lets use 'nslookup' to get the SOA record from my netbook:

rowland at debnet:~$ nslookup
 > set querytype=soa
 > samdom.example.com
Server:        192.168.0.5
Address:    192.168.0.5#53

samdom.example.com
     origin = dc1.samdom.example.com
     mail addr = hostmaster.samdom.example.com
     serial = 185
     refresh = 900
     retry = 600
     expire = 86400
     minimum = 3600

This shows that 'dc1.samdom.example.com' is authoritative for the domain.

Lets change the server that 'nslookup' uses:

 > server 192.168.0.6
Default server: 192.168.0.6
Address: 192.168.0.6#53

Now rerun the soa lookup:

 > set querytype=soa
 > samdom.example.com
Server:        192.168.0.6
Address:    192.168.0.6#53

samdom.example.com
     origin = dc2.samdom.example.com
     mail addr = hostmaster.samdom.example.com
     serial = 185
     refresh = 900
     retry = 600
     expire = 86400
     minimum = 3600
 >

Different server, different Authoritative server, *BUT* there is only 
one SOA record in AD:

dn: 
DC=@,DC=samdom.example.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com
objectClass: top
objectClass: dnsNode
instanceType: 4
whenCreated: 20151106115624.0Z
uSNCreated: 3657
showInAdvancedViewOnly: TRUE
name: @
objectGUID: 7ad014c4-c1e9-4cb4-9f0d-96d0272af23d
objectCategory: 
CN=Dns-Node,CN=Schema,CN=Configuration,DC=samdom,DC=example,DC=com
dc: @
whenChanged: 20160226163554.0Z
dnsRecord:     NDR: struct dnsp_DnssrvRpcRecord
         wDataLength              : 0x004f (79)
         wType                    : DNS_TYPE_SOA (6)
         version                  : 0x05 (5)
         rank                     : DNS_RANK_ZONE (240)
         flags                    : 0x0000 (0)
         dwSerial                 : 0x000000b8 (184)
        dwTtlSeconds             : 0x00000e10 (3600)
         dwReserved               : 0x00000000 (0)
         dwTimeStamp              : 0x00378778 (3639160)
         data                     : union dnsRecordData(case 6)
         soa: struct dnsp_soa
             serial                   : 0x000000b9 (185)
             refresh                  : 0x00000384 (900)
             retry                    : 0x00000258 (600)
             expire                   : 0x00015180 (86400)
             minimum                  : 0x00000e10 (3600)
             mname                    : dc1.samdom.example.com
             rname                    : hostmaster.samdom.example.com

dnsRecord:     NDR: struct dnsp_DnssrvRpcRecord
         wDataLength              : 0x001a (26)
         wType                    : DNS_TYPE_NS (2)
         version                  : 0x05 (5)
         rank                     : DNS_RANK_ZONE (240)
         flags                    : 0x0000 (0)
         dwSerial                 : 0x000000b8 (184)
         dwTtlSeconds             : 0x00000384 (900)
         dwReserved               : 0x00000000 (0)
         dwTimeStamp              : 0x00000000 (0)
         data                     : union dnsRecordData(case 2)
         ns                       : dc1.samdom.example.com

dnsRecord:     NDR: struct dnsp_DnssrvRpcRecord
         wDataLength              : 0x001a (26)
         wType                    : DNS_TYPE_NS (2)
         version                  : 0x05 (5)
         rank                     : DNS_RANK_ZONE (240)
         flags                    : 0x0000 (0)
         dwSerial                 : 0x000000b8 (184)
         dwTtlSeconds             : 0x00000384 (900)
         dwReserved               : 0x00000000 (0)
         dwTimeStamp              : 0x00377e1b (3636763)
         data                     : union dnsRecordData(case 2)
         ns                       : dc2.samdom.example.com

dnsRecord:     NDR: struct dnsp_DnssrvRpcRecord
         wDataLength              : 0x0004 (4)
         wType                    : DNS_TYPE_A (1)
         version                  : 0x05 (5)
         rank                     : DNS_RANK_ZONE (240)
         flags                    : 0x0000 (0)
         dwSerial                 : 0x000000b8 (184)
         dwTtlSeconds             : 0x00000384 (900)
         dwReserved               : 0x00000000 (0)
         dwTimeStamp              : 0x00000000 (0)
         data                     : union dnsRecordData(case 1)
         ipv4                     : 192.168.0.5

dnsRecord:     NDR: struct dnsp_DnssrvRpcRecord
         wDataLength              : 0x0004 (4)
         wType                    : DNS_TYPE_A (1)
         version                  : 0x05 (5)
         rank                     : DNS_RANK_ZONE (240)
         flags                    : 0x0000 (0)
         dwSerial                 : 0x000000b8 (184)
         dwTtlSeconds             : 0x00000384 (900)
         dwReserved               : 0x00000000 (0)
         dwTimeStamp              : 0x00377cfa (3636474)
         data                     : union dnsRecordData(case 1)
         ipv4                     : 192.168.0.6

uSNChanged: 117981
distinguishedName: 
DC=@,DC=samdom.example.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com

Does that convince you ???

Rowland

More information about the samba mailing list