[Samba] Multiple DC haven't HA on Windows

Rowland Penny rpenny at samba.org
Wed Sep 27 16:49:32 UTC 2017

On Wed, 27 Sep 2017 18:18:19 +0200
Daniel Carrasco via samba <samba at lists.samba.org> wrote:

> Thanks Rowland.
> 2017-09-27 17:49 GMT+02:00 Rowland Penny via samba
> <samba at lists.samba.org>:
> > On Wed, 27 Sep 2017 17:05:31 +0200
> > Daniel Carrasco via samba <samba at lists.samba.org> wrote:
> >
> > > Hello, thanks for your response.
> > >
> > > I'm using samba_internal as DNS because I don't want to add bind
> > > to only relay the internal DNS.
> >
> > Can you expand on that ?
> >
> If samba_internal can manage the dns names and send the unknown
> requests to outside I don't want to add more damons to the server
> like for example Bind9, then I'm just using the internal dns alone.

OK, I thought you may have been using the other DNS server rather than
the AD DC.

> >
> > Your DC should be authoritative for the AD dns domain and your
> > Domain clients should use the DC for their DNS, anything outside
> > the domain should be forwarded to a DNS server outside the AD
> > domain. This should happen whether you use the 'internal' or
> > 'Bind9' dns server.
> >
> I'm a bit new on Windows Domains. How I can check if the DC is
> authoritative?.
> I know that both servers answers to dns requests and both are
> synchronized (if I edit a DNS entrie on srv1, srv2 receives the
> change), and both sends the outside requests to google dns (dns
> forwarder = If I ask the dns entry for the domain name I
> got both servers addresses (dig domain.com).
> Clients have both servers as DNS servers. SRV2 is the main dns server
> and SRV1 is the secondary server. When main DNS server is down then
> the secondary starts to work (at least internet works).

Don't worry, if your domain clients are using a Samba DC as their dns
server, then the DC is authoritative.

More information about the samba mailing list