[Samba] DNS state after upgrading samba

HB Tranfert hb.transfert at gmail.com
Tue Aug 6 06:20:50 UTC 2019


Hi Rowland, 

I made the correction from the Windows DNS console : 
- replaced the Primary Server in the SOA by the new DC 
- removed the old DC from Name Servers list
- removed any reference to the old DC
- recreated the Reverse Lookup zones 
- fixed the errors with samba-tools dbcheck 

Everything is clean and works as expected now. 

Next step will be to upgrade to 4.10 in place. 

Best regards 

Henri 


> -----Message d'origine-----
> De : samba <samba-bounces at lists.samba.org> De la part de HB Tranfert via samba
> Envoyé : lundi 5 août 2019 16:59
> À : samba at lists.samba.org
> Objet : Re: [Samba] DNS state after upgrading samba
> 
> Thanks for your answer Rowland.
> That's bad news since the new DC is now in production and I can't take the risk
> to break anything.
> 
> Reply inline :
> 
> > -----Message d'origine-----
> > De : samba <samba-bounces at lists.samba.org> De la part de Rowland penny
> > via samba
> > Envoyé : lundi 5 août 2019 11:18
> > À : samba at lists.samba.org
> > Objet : Re: [Samba] DNS state after upgrading samba
> >
> > On 05/08/2019 07:48, henri transfert via samba wrote:
> > > Hello,
> > >
> > > I am in the process of upgrading one single DC (internal DNS) to 4.8.12.
> > >
> > > I have followed the procedure of adding a new DC, transfert FSMO roles
> > > and demote the old DC.
> > > Everything gone right (except at the tranfert FSMO step where I faced
> > > the problem described here
> > > https://lists.samba.org/archive/samba/2017-August/210140.html , this
> > > bug subsists in 4.8.12 , maybe it has been fixed in later release ? At
> > > the end , I have all roles transfered ok to the new DC).
> > >
> > > After the demote step, I followed the wiki
> > > https://wiki.samba.org/index.php/Demoting_a_Samba_AD_DC#Verifying_the_Demotion , and
> >> manually deleted all references to the old DC from the DNS manager.
> > > Nevertheless, I still have some references to the old DC in the
> > > Forward Lookup Zone:"(same as parent folder) Start Of Authority" and
> > > "(same as parent folder) Name Server .
> > > I only have a "Properties" menu for these entries, so I cannot delete
> > > these manually.
> > >
> > > I have the same entries in the _msdcs , and Reverse Lookup Zone.
> > >
> > > First question :
> > > How can I delete these entries to remove any reference to the old DC ?
> > >
> > > Second question :
> > > I have only one SOA entry, and this one refers to the old DC. Is it
> > > safe to manually modify its properties with the new DC data ? If not
> > > how can I correct this ?
> > >
> > > Thanks  in advance for your help.
> > >
> > > Henri
> >
> > There are two schools of thought here, you can do what you have done and
> > add a new DC to upgrade, but this has its problem, as you have found.
> > You have to remove all references of the old DC etc. You are also depleting
> > the ridpool, every time you add a new DC, it gets its own portion of the
> > ridpool, do this often enough and you will deplete the ridpool.
> >
> > The other school of thought is to upgrade in place, doing it this way means
> > that you do not have to change anything, this is the way I do it, without
> > problem, of course YMMV ;-)
> >
> > You should have used 'samba-tool domain demote --remove-other-dead-
> > server=<The _Old_DC>'
> I trusted the demoting procedure on the Wiki . I thought it was ok since my  old DC was online and ok.
> I guess it is too late to do that one now ?
> 
> >
> > You will probably have to trawl through sam.ldb and find the records that
> > need to be removed and then try and remove them with samba-tool and/or
> > ldb-tools.
> > You will need to add your new DC to the SOA before removing the old DCs
> > record.
> I think I will need help for all that.
> As far as I understand , this is the first step : adding the new DC to the SOA .
> Can I do that from the RSAT DNS Console ?
> Is it possible to modify the SOA by replacing the Primary Server to the new DC on the SOA tab,
> and removing the old DC from the list of Name Servers in the Name Servers Tab ?
> 
> Thanks
> 
> Henri
> 
> >
> > Rowland
> >
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
> 
> 
> 
> 
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba




More information about the samba mailing list