[Samba] SOA record in Samba Internal DNS

Rowland Penny rpenny at samba.org
Wed Aug 1 18:39:08 UTC 2018 

On Thu, 02 Aug 2018 06:25:16 +1200
Andrew Bartlett via samba <samba at lists.samba.org> wrote:

> On Wed, 2018-08-01 at 14:18 -0400, Jeff Dickens via samba wrote:
> > Hi.  I'm running Sernet Samba 4.7 on Ubuntu 16.
> > 
> > I noticed that when my first DC went away, I had problems.  The SOA
> > record for the domain still points at that first DC.
> > 
> > I found, in this entry from 2014 (
> > https://lists.samba.org/archive/samba/2014-August/184301.html) that
> > "Windows AD servers actually 'lie' about the SOA record, and always
> > say that it points to themselves. So in a native microsoft AD
> > network, regardsless of what the SOA actually is in the database, a
> > DC always returns itself as SOA."
> > 
> > So how should this be handled now?  Do I need to manually keep
> > track of which DC I want to reference with the SOA record, or is
> > there a better way ?
> 
> Samba 4.7 has the patch to do overstamp, are you sure the SOA on the
> second DC isn't pointing at itself?
> 
> Thanks,
> 
> Andrew Bartlett
> 

Pardon ??

dc3 pointing to itself:
root at dc3:~# host -t soa samdom.example.com
samdom.example.com has SOA record dc3.samdom.example.com. hostmaster.samdom.example.com. 2329 900 600 86400 3600

dc4 pointing to itself:
root at dc4:~# host -t soa samdom.example.com
samdom.example.com has SOA record dc4.samdom.example.com. hostmaster.samdom.example.com. 2329 900 600 86400 3600

On a Unix client:
rowland at devstation:~$ dig SOA samdom.example.com

; <<>> DiG 9.9.5-9+deb8u15-Debian <<>> SOA samdom.example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47647
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;samdom.example.com.		IN	SOA

;; ANSWER SECTION:
samdom.example.com.	3600	IN	SOA	dc3.samdom.example.com. hostmaster.samdom.example.com. 2329 900 600 86400 3600

;; AUTHORITY SECTION:
samdom.example.com.	900	IN	NS	dc3.samdom.example.com.
samdom.example.com.	900	IN	NS	dc4.samdom.example.com.

;; ADDITIONAL SECTION:
dc3.samdom.example.com.	900	IN	A	192.168.0.7
dc4.samdom.example.com.	900	IN	A	192.168.0.6

;; Query time: 6 msec
;; SERVER: 192.168.0.7#53(192.168.0.7)
;; WHEN: Wed Aug 01 19:27:48 BST 2018
;; MSG SIZE  rcvd: 162

Change nameserver in /etc/resolv.conf

rowland at devstation:~$ dig SOA samdom.example.com

; <<>> DiG 9.9.5-9+deb8u15-Debian <<>> SOA samdom.example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41276
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;samdom.example.com.		IN	SOA

;; ANSWER SECTION:
samdom.example.com.	3600	IN	SOA	dc4.samdom.example.com. hostmaster.samdom.example.com. 2329 900 600 86400 3600

;; AUTHORITY SECTION:
samdom.example.com.	900	IN	NS	dc4.samdom.example.com.
samdom.example.com.	900	IN	NS	dc3.samdom.example.com.

;; ADDITIONAL SECTION:
dc3.samdom.example.com.	900	IN	A	192.168.0.7
dc4.samdom.example.com.	900	IN	A	192.168.0.6

;; Query time: 3 msec
;; SERVER: 192.168.0.6#53(192.168.0.6)
;; WHEN: Wed Aug 01 19:33:35 BST 2018
;; MSG SIZE  rcvd: 162

I think something isn't configured correctly or samba_dnsupdate hasn't
run correctly.

Rowland

More information about the samba mailing list