[Samba] Order of Dcs resolv.conf
lingpanda101
lingpanda101 at gmail.com
Tue Apr 10 13:45:11 UTC 2018
On 4/10/2018 9:32 AM, Rowland Penny via samba wrote:
> On Tue, 10 Apr 2018 10:13:05 -0300
> Carlos via samba <samba at lists.samba.org> wrote:
>
>> Hi!
>> I have a question about order in dcs is /etc/resolv.conf , my
>> configuration:
>>
>> DC01:
>> /etc/resolv.conf
>>
>> IP DC02
>> IP DC01
>>
>> DC02
>> /etc/resolv.conf
>>
>> IP DC01
>> IP DC02
>>
>> https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory#DNS_Configuration_on_Domain_Controllers
>>
>> ---
>>
>>
>> However this setting causes the error:
>>
>>
>> samba_dnsupdate --verbose --all-names
>>
>> dns_tkey_negotiategss: TKEY is unacceptable
>> Failed nsupdate: 1
>> Failed update of 28 entries
> If the first IP in /etc/resolv.conf isn't the DCs own, samba_dnsupdate
> will connect to the other DC and use its kerberos key and,
> surprise,surprise, it doesn't work. The wiki page was written to
> prevent 'islanding', the only problem with that is, you don't get
> 'islanding' on an AD DC.
>
>> If you change to
>> DC01
>> IP DC01
>> IP DC02
>>
>> DC02
>> IP DC02
>> IP DC01
>>
>> Problem does not exist.
>>
> And there is the proof ;-)
>
>> What would be the correct one?
> The second one, I will amend the wiki page.
>
> Rowland
>
>
>
If I may add. I have only experienced this as a issue when using bind.
The internal DNS doesn't seem to exhibit this issue with the resolv order.
--
--
James
More information about the samba
mailing list