[Samba] Samba4 DNS SOA Records

[Rowland penny]

On 27/05/2019 09:12, Julien TEHERY via samba wrote:
> Le 27/05/2019 à 09:50, Rowland penny via samba a écrit :
>> On 27/05/2019 08:28, Julien TEHERY via samba wrote:
>>> Hi
>>>
>>> I have a setup with 2 DC on a main site, et 14 DCs which are located 
>>> on 7 AD sites.
>>> I recently noticed in my DNS zones that my SOA record is associated 
>>> to the last DC that was joined to the domain.
>>> But this DC is located on one of the remote sites.
>>>
>>> Is this behavior normal or would it be better if I updated this 
>>> record via "samba-tool dns update" to point it to one of my 3 main 
>>> DCs ?
>>>
>>>
>> All DC's are authoritative for the dns domain (they are all masters, 
>> it's called multi-master), so they should all be associated with the 
>> SOA record.
>>
>> If I ask each DC in my domain (I have two) for the SOA, I get this:
>>
>> root at dc4:~# host -t soa samdom.example.com
>> samdom.example.com has SOA record dc4.samdom.example.com. 
>> hostmaster.samdom.example.com. 8283 900 600 86400 3600
>>
>> root at dc5:~# host -t soa samdom.example.com
>> samdom.example.com has SOA record dc5.samdom.example.com. 
>> hostmaster.samdom.example.com. 8283 900 600 86400 3600
>>
>> As you can see, each claims to be the master.
>>
>> Rowland
>>
> Correct, I have the same behavior on each DC.
>
> But In ADUC console I saw in DNS zones that the 5th DC (remote site) 
> is declared as SOA and is the only one
I don't use ADUC much and I don't use 'sites' either, so I don't really 
know.
>
> In CLI on my main DC, if I do " samba-tool dns query localhost 
> mydomain.lan @ ALL -U Administrator" I get:
>
>   Name=, Records=33, Children=0
>     SOA: serial=286, refresh=900, retry=600, expire=86400, 
> minttl=3600, ns=dc-5.mydomain.lan., email=hostmaster.mydomain.lan. 
> (flags=600000f0, serial=286, ttl=3600)
>
>
> Does it matter ?

As long as that is a 'cropped' output and you get the same output on all 
DC's, then no, it doesn't matter.

Rowland