[Samba] Recommended DNS configuration on Domain Controllers causes share by IP name to fail

L.P.H. van Belle belle at bazuin.nl
Wed Nov 30 16:37:41 UTC 2016 

The hosts correction, here bit more explained. 

>From the link : http://www.ietf.org/rfc/rfc1912.txt

Read : 4.1 Boot file setup
... 
      Translating 127.0.0.1 into "localhost.domain" can cause some
      software to connect back to the loopback interface when it didn't
      want to because "localhost" is not equal to "localhost.domain".

So changing the hosts file order for localhost is asking for problems in the long term. 

> Why ? My feelings on this are, if you use another DC for dns for a DC,
> if the other DC is down, you will get problems, whereas if you use the
> DC for its dns, you only have one problem if the DC goes down.
Maybe i dont really get what your saying here. 
But even if the fist dc is down, it uses the second, or third in nameserver in resolv.conf. 

I just downed 2 out of 3 of my DC's. 
Rebooted my computer, i can still login fine, ssh (kerberized), yes, a slowdown is noticed.  I added :    timeout:1  to resolv.conf to speed up resolving when a dc is down. 
I do my maintainance on my DC's in office hours, nobody notice it. :-) 


Greetz, 

Louis


> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Rowland Penny via
> samba
> Verzonden: woensdag 30 november 2016 17:04
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Recommended DNS configuration on Domain Controllers
> causes share by IP name to fail
> 
> On Wed, 30 Nov 2016 16:18:47 +0100
> "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:
> 
> > Hai James,
> >
> > ..
> > >
> > > I think the wiki is correct but see comment below.
> > >
> > >      I don't believe islanding to be a big concern either but what
> > > about the possibility of a "race condition" between DNS and AD? In
> > > a Microsoft environment, AD has the possibility of starting first
> > > before DNS has started. This of course creates failure in name
> > > resolution during boot. Is this a concern using Bind or Samba
> > > internal DNS?  If not then I see no issue setting a DC to itself as
> > > a primary DNS server.
> > >
> > > --
> > > - James
> > >
> > >
> > > --
> > > To unsubscribe from this list go to the following URL and read the
> > > instructions:  https://lists.samba.org/mailman/options/samba
> >
> >
> > >AD has the possibility of starting first before DNS has started.
> >
> > No, not true,
> > Active Directory Domain Services depends on DNS Server ( and others)
> > in windows.
> >
> > And yes the wiki does have a few errors imo.
> > One needed correction are the /etc/hosts file for example :
> > 127.0.0.1 localhost any-other.alias
> > See also : http://www.ietf.org/rfc/rfc1912.txt
> 
> That doesn't seem to mention /etc/hosts, but 'man hosts' contains this:
> 
> For each host a single line should be present
>        with the following information:
> 
>               IP_address canonical_hostname [aliases...]
> 
> The 'canonical_hostname' would be the FQDN 'localhost.localdomain' and
> 'aliases' would be the short hostname 'localhost'.
> 
> >
> >
> > >Is this a concern using Bind or Samba internal DNS?
> > I ask at Oliver ( todays subject : [Samba] Add new DomainController )
> > I think this is related with bind. Let wait what he tells us.
> >
> > And if its systemd
> > (and in my debian jessie system im still missing some startup
> > dependecies.) Something like :
> > After=network.target bind9.service
> > Requires=network-online.target
> >
> > ...
> > The network.target only indicates that the network management stack
> > is up. Whether any network interfaces are already configured when it
> > is reached is undefined.
> >
> > I'll go through the debian bug list for this.
> >
> > Setting a DC to itself as a primary DNS server, yes its possible.
> > But only client software uses it (resolv.conf).
> > Any pc used the DNS itself.
> >
> > At a DC join you MUST point to the first DC and only after everything
> > is replicated yes you can point back to itself, not that i advice it.
> 
> Why ? My feelings on this are, if you use another DC for dns for a DC,
> if the other DC is down, you will get problems, whereas if you use the
> DC for its dns, you only have one problem if the DC goes down.
> 
> I used to use each DC as its own dns server and never had any
> problems, then the last time this subject was raised, I started to
> use the other DC, but have had minor problems since.
> 
> I think it is a case of doing what you think best ;-)
> 
> Rowland
> 
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list