[Samba] Bind_DLZ and two AD DC

Bob of Donelson Trophy bob at donelsontrophy.net
Fri Oct 21 19:00:04 UTC 2016 

On 2016-10-21 13:50, Alex Crow via samba wrote:

> On 21/10/16 19:26, Bob of Donelson Trophy via samba wrote:
> 
>> My first Active Directory setup had two DC's and shortly after getting
>> things going the second DC created a hardware failure issue and I just
>> continued life with one DC. 
>> 
>> Now, while upgrading I am returning to two DC's. 
>> 
>> In a normal Bind9 "master and slave" setup the master always "feeds" the
>> slave. 
>> 
>> With Bind9_DLZ setup (recommended to be used with Samba4) there is no
>> "master and slave" setup. This "master and slave" configuration is NOT
>> recommended for use in our (Samba4) situations and/or a Bind9_DLZ
>> configuration. 
>> 
>> How does Bind9_DLZ "keep up" with each other (in a two AD DC
>> environment) when one of the DC's go "off line"? The second DC continues
>> to maintain the connections. When the first DC returns, how does it
>> "catch up" so to speak? 
>> 
>> Probably been asked many, many times but I am finding conflicting info. 
>> 
>> A brief explanation would be appreciated?
> 
> In DLZ Bind loads helper libraries that cause domain records to be
> obtained from the AD databases maintained by Samba. If your Samba
> replication is working OK then your domain and forest DNS records should
> be replicated too.
> 
> I'm not sure about timeouts for Samba AD DCs but in theory replication
> should just carry on when your old DC comes back,
> 
> Maybe add this to the Wiki page about DLZ to make it clear that no
> bind-based master/slave is required?
> 
> If your first DC failed hard did you make sure it was removed with
> "samba-tool domain demote --remove-other-dead-server=<olddcname>?
> 
> Cheers
> 
> Alex
> 
> --
> This message is intended only for the addressee and may contain
> confidential information. Unless you are that person, you may not
> disclose its contents or use it in any way and are requested to delete
> the message along with any attachments and notify us immediately.
> This email is not intended to, nor should it be taken to, constitute advice.
> The information provided is correct to our knowledge & belief and must not
> be used as a substitute for obtaining tax, regulatory, investment, legal or
> any other appropriate advice.
> 
> "Transact" is operated by Integrated Financial Arrangements Ltd.
> 29 Clement's Lane, London EC4N 7AE. Tel: (020) 7608 4900 Fax: (020) 7608 5300.
> (Registered office: as above; Registered in England and Wales under
> number: 3727592). Authorised and regulated by the Financial Conduct
> Authority (entered on the Financial Services Register; no. 190856).

Thanks for your reply. 

The DC failure I was referencing actually happened two years ago. I just
continued with one DC for the time being. I do not remember what all I
did, back then, to clear out the dead DC2 but, with all the recent
documentation updates on the wiki I have been enjoying reading and in
some case re-reading the wiki info. 

To answer your suggestion, I have already had the pleasure of "demoting"
a dead DC and it went just like the wiki said it would. 

The documentation is very good and getting better all the time!! 

Thanks everybody!

-- 
_______________________________

Bob Wooden of Donelson Trophy

More information about the samba mailing list