[Samba] Samba4 DNS SOA Records
Garming Sam
garming at catalyst.net.nz
Thu May 30 23:19:04 UTC 2019
Hi,
There's a behaviour in Active Directory which clobbers the SOA record.
And so while there is one stored in the database, it isn't what is
returned. I'm not sure if we match exactly what Windows does here, but
what's more important here is the queries over DNS.
Cheers,
Garming
On 27/05/19 8:12 PM, Julien TEHERY via samba wrote:
> Le 27/05/2019 à 09:50, Rowland penny via samba a écrit :
>> On 27/05/2019 08:28, Julien TEHERY via samba wrote:
>>> Hi
>>>
>>> I have a setup with 2 DC on a main site, et 14 DCs which are located
>>> on 7 AD sites.
>>> I recently noticed in my DNS zones that my SOA record is associated
>>> to the last DC that was joined to the domain.
>>> But this DC is located on one of the remote sites.
>>>
>>> Is this behavior normal or would it be better if I updated this
>>> record via "samba-tool dns update" to point it to one of my 3 main
>>> DCs ?
>>>
>>>
>> All DC's are authoritative for the dns domain (they are all masters,
>> it's called multi-master), so they should all be associated with the
>> SOA record.
>>
>> If I ask each DC in my domain (I have two) for the SOA, I get this:
>>
>> root at dc4:~# host -t soa samdom.example.com
>> samdom.example.com has SOA record dc4.samdom.example.com.
>> hostmaster.samdom.example.com. 8283 900 600 86400 3600
>>
>> root at dc5:~# host -t soa samdom.example.com
>> samdom.example.com has SOA record dc5.samdom.example.com.
>> hostmaster.samdom.example.com. 8283 900 600 86400 3600
>>
>> As you can see, each claims to be the master.
>>
>> Rowland
>>
> Correct, I have the same behavior on each DC.
>
> But In ADUC console I saw in DNS zones that the 5th DC (remote site)
> is declared as SOA and is the only one
>
> In CLI on my main DC, if I do " samba-tool dns query localhost
> mydomain.lan @ ALL -U Administrator" I get:
>
> Name=, Records=33, Children=0
> SOA: serial=286, refresh=900, retry=600, expire=86400,
> minttl=3600, ns=dc-5.mydomain.lan., email=hostmaster.mydomain.lan.
> (flags=600000f0, serial=286, ttl=3600)
>
>
> Does it matter ?
>
>
>
More information about the samba
mailing list