[Samba] DNS state after upgrading samba
Rowland penny
rpenny at samba.org
Mon Aug 5 07:18:04 UTC 2019
On 05/08/2019 07:48, henri transfert via samba wrote:
> Hello,
>
> I am in the process of upgrading one single DC (internal DNS) to 4.8.12.
>
> I have followed the procedure of adding a new DC, transfert FSMO roles and
> demote the old DC.
> Everything gone right (except at the tranfert FSMO step where I faced the
> problem described here
> https://lists.samba.org/archive/samba/2017-August/210140.html , this bug
> subsists in 4.8.12 , maybe it has been fixed in later release ? At the end
> , I have all roles transfered ok to the new DC).
>
> After the demote step, I followed the wiki
> https://wiki.samba.org/index.php/Demoting_a_Samba_AD_DC#Verifying_the_Demotion
> , and manually deleted all references to the old DC from the DNS manager.
> Nevertheless, I still have some references to the old DC in the Forward
> Lookup Zone:"(same as parent folder) Start Of Authority" and "(same as
> parent folder) Name Server .
> I only have a "Properties" menu for these entries, so I cannot delete these
> manually.
>
> I have the same entries in the _msdcs , and Reverse Lookup Zone.
>
> First question :
> How can I delete these entries to remove any reference to the old DC ?
>
> Second question :
> I have only one SOA entry, and this one refers to the old DC. Is it safe to
> manually modify its properties with the new DC data ? If not how can I
> correct this ?
>
> Thanks in advance for your help.
>
> Henri
There are two schools of thought here, you can do what you have done and
add a new DC to upgrade, but this has its problem, as you have found.
You have to remove all references of the old DC etc. You are also
depleting the ridpool, every time you add a new DC, it gets its own
portion of the ridpool, do this often enough and you will deplete the
ridpool.
The other school of thought is to upgrade in place, doing it this way
means that you do not have to change anything, this is the way I do it,
without problem, of course YMMV ;-)
You should have used 'samba-tool domain demote
--remove-other-dead-server=<The _Old_DC>'
You will probably have to trawl through sam.ldb and find the records
that need to be removed and then try and remove them with samba-tool
and/or ldb-tools.
You will need to add your new DC to the SOA before removing the old DCs
record.
Rowland
More information about the samba
mailing list