[Samba] DC's are unavailable when PDC halted

L.P.H. van Belle belle at bazuin.nl
Wed Nov 8 14:03:41 UTC 2017 

Hai Stefan,

What happens on the DC itself. 
The dns `CLIENT queries` (resolving) goes through /etc/resolv.conf 
And uses these settings. 
for example, ping www.google.nl from the DC commandline.

The PC in the lan use the DC DNS but NOT  /etc/resolv.conf of the DC.
That uses the DNS Server settings, internal samba, used the forward setting in smb.conf
Or bind9_dlz + samba, used the forward setting in bind.


Now you know this. (DC1)
/etc/resolv.conf 
search ADDC.domain.TLD externaldomain.tld
nameserver IP_OF_DC1 and not localhost/127.0.0.1
Nameserver IP_of_your_gateway
Nameserver IP_of_anyother_dns. 

Now adding a second DC.

DC1 changes a bit. 
/etc/resolv.conf 
search ADDC.domain.TLD externaldomain.tld
nameserver IP_OF_DC1
nameserver IP_OF_DC2
Nameserver IP_of_anyother_dns. 

DC2.
/etc/resolv.conf 
search ADDC.domain.TLD externaldomain.tld
nameserver IP_OF_DC2
nameserver IP_OF_DC1
Nameserver IP_of_anyother_dns. 

And set you client PC's DNS to the DC.s 

Results in. 
1) if DC1 is down, DC2 is used.
2) if DC2 is down, DC1 is used.
3) If both DC's are down, the DC still has internet, clients not. 
But without any DC, your network is in serious problem.. 

The DC still has internet due to Nameserver IP_of_anyother_dns. 
And you need that when your in trouble. 


Greetz, 

Louis



> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Stefan G. Weichinger via samba
> Verzonden: woensdag 8 november 2017 14:45
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] DC's are unavailable when PDC halted
> 
> Am 2017-11-08 um 13:12 schrieb Rowland Penny via samba:
> 
> > And most documents get it wrong, The DC is a DNS server and your
> > clients should use it as their nameserver. Your DC should forward
> > anything unknown to the nameserver that is set in the DCs 
> smb.conf if
> > using the internal DNS server, or if in the named conf 
> files if using
> > Bind9
> 
> additional question here as I also prepare to deploy a 2nd DC 
> at one site:
> 
> right now I tell the clients to use these as DNSs (via DHCP):
> 
> samba-DC, DNS on router to internet, one DNS upstream (just in case,
> maybe stupid)
> 
> with additional DCs I assume I would have to list the DCs as well as
> DNSs, to make sure DNS (in terms of AD *and* "normal" DNS) still works
> in case the first DC is unreachable?
> 
> Stefan
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list