[Samba] Bind_DLZ and two AD DC

Alex Crow acrow at integrafin.co.uk
Fri Oct 21 18:50:17 UTC 2016 

On 21/10/16 19:26, Bob of Donelson Trophy via samba wrote:

> My first Active Directory setup had two DC's and shortly after getting
> things going the second DC created a hardware failure issue and I just
> continued life with one DC. 
>
> Now, while upgrading I am returning to two DC's. 
>
> In a normal Bind9 "master and slave" setup the master always "feeds" the
> slave. 
>
> With Bind9_DLZ setup (recommended to be used with Samba4) there is no
> "master and slave" setup. This "master and slave" configuration is NOT
> recommended for use in our (Samba4) situations and/or a Bind9_DLZ
> configuration. 
>
> How does Bind9_DLZ "keep up" with each other (in a two AD DC
> environment) when one of the DC's go "off line"? The second DC continues
> to maintain the connections. When the first DC returns, how does it
> "catch up" so to speak? 
>
> Probably been asked many, many times but I am finding conflicting info. 
>
> A brief explanation would be appreciated?

In DLZ Bind loads helper libraries that cause domain records to be
obtained from the AD databases maintained by Samba. If your Samba
replication is working OK then your domain and forest DNS records should
be replicated too.

I'm not sure about timeouts for Samba AD DCs but in theory replication
should just carry on when your old DC comes back,

Maybe add this to the Wiki page about DLZ to make it clear that no
bind-based master/slave is required?

If your first DC failed hard did you make sure it was removed with
"samba-tool domain demote --remove-other-dead-server=<olddcname>?

Cheers

Alex

--
This message is intended only for the addressee and may contain
confidential information. Unless you are that person, you may not
disclose its contents or use it in any way and are requested to delete
the message along with any attachments and notify us immediately.
This email is not intended to, nor should it be taken to, constitute advice.
The information provided is correct to our knowledge & belief and must not
be used as a substitute for obtaining tax, regulatory, investment, legal or
any other appropriate advice.

"Transact" is operated by Integrated Financial Arrangements Ltd.
29 Clement's Lane, London EC4N 7AE. Tel: (020) 7608 4900 Fax: (020) 7608 5300.
(Registered office: as above; Registered in England and Wales under
number: 3727592). Authorised and regulated by the Financial Conduct
Authority (entered on the Financial Services Register; no. 190856).

More information about the samba mailing list