[Samba] Recommended DNS configuration on Domain Controllers causes share by IP name to fail

Wed Nov 30 15:41:08 UTC 2016

Hi Rowland, 

I think we mean the same. I know islanding isnt any problem these days. 
See my previous mail. 

> > And this part.
> > DNS Configuration on Domain Controllers.
> > If you are running more than two DCs, you can configure the IPs in
> > crosswise direction. Add: but only after you joined the server,
> > rebooted at least 1-2 times and you checked the dns entries and ad
> > database replication.
> 
> This is where we disagree, 'islanding' seems to have been a problem
> with 2000, later versions shouldn't have this problem, see here:
> 
> https://social.technet.microsoft.com/Forums/windowsserver/en-US/b7bf37a2-
> 6e1a-40a8-8d4b-1c15ee9bc0fa/2k8-best-practice-for-setting-the-dns-server-
> list-on-a-dcdns-server-for-an-interface?forum=winserverNIS

So lets not go there.. as the link above already stats..  

>> So, the answer is .... actually based on who you ask. 
>> Even Microsoft engineers have been discussing this for over 11 years.. 
And 
"The AD/Island scenario was fixed in Win2003, so that's no longer an issue with setting the primary DNS server to itself."

Its just that Samba isnt Windows.. luckely not :-) 

Greetz, 

Louis

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens L.P.H. van Belle
> via samba
> Verzonden: woensdag 30 november 2016 16:19
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Recommended DNS configuration on Domain Controllers
> causes share by IP name to fail
> 
> Hai James,
> 
> ..
> >
> > I think the wiki is correct but see comment below.
> >
> >      I don't believe islanding to be a big concern either but what about
> > the possibility of a "race condition" between DNS and AD? In a Microsoft
> > environment, AD has the possibility of starting first before DNS has
> > started. This of course creates failure in name resolution during boot.
> > Is this a concern using Bind or Samba internal DNS?  If not then I see
> > no issue setting a DC to itself as a primary DNS server.
> >
> > --
> > - James
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
> 
> 
> >AD has the possibility of starting first before DNS has started.
> 
> No, not true,
> Active Directory Domain Services depends on DNS Server ( and others) in
> windows.
> 
> And yes the wiki does have a few errors imo.
> One needed correction are the /etc/hosts file for example :
> 127.0.0.1 localhost any-other.alias
> See also : http://www.ietf.org/rfc/rfc1912.txt
> 
> 
> >Is this a concern using Bind or Samba internal DNS?
> I ask at Oliver ( todays subject : [Samba] Add new DomainController )
> I think this is related with bind. Let wait what he tells us.
> 
> And if its systemd
> (and in my debian jessie system im still missing some startup
> dependecies.)
> Something like :
> After=network.target bind9.service
> Requires=network-online.target
> 
> ...
> The network.target only indicates that the network management stack is up.
> Whether any network interfaces are already configured when it is reached
> is undefined.
> 
> I'll go through the debian bug list for this.
> 
> Setting a DC to itself as a primary DNS server, yes its possible.
> But only client software uses it (resolv.conf).
> Any pc used the DNS itself.
> 
> At a DC join you MUST point to the first DC and only after everything is
> replicated yes you can point back to itself, not that i advice it.
> 
> I've setup as followed.
> All DC's point to the DC1 (with FSMO roles) + DC2 (this order for all
> DC's)
> (and all DC's have in /etc/hosts all the DC hostnames as backup.)
> 
> All members servers and PC's point to the DC2 and DC3
> ( incase you have only 2 DC.s i suggest order DC2 DC1  )
> 
> Never had any resolving problems this way and load is split over the
> servers.
> 
> But this can be setup in multiple ways.
> This is best for me, for you, it can be different.
> 
> 
> Greetz,
> 
> Louis
> 
> 
> 
> 
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba