[Samba] Failover DC did not work when Main DC failed

L.P.H. van Belle belle at bazuin.nl
Wed Feb 12 12:54:49 UTC 2020 

 

> 
> Hello Louis,
> 
> Thanks for your reply.
> 
> For that dig command I get...
> 
> 
> root at dc3.mydomain.com ~ $ (screen) dig NS $(hostname -d)
> 
> ; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> NS mydomain.com
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63144
> ;; flags: qr aa rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 1, 
> ADDITIONAL: 0
> 
> ;; QUESTION SECTION:
> ;mydomain.com.               IN      NS
> 
> ;; ANSWER SECTION:
> mydomain.com.        900     IN      NS      dc3.mydomain.com.
> mydomain.com.        900     IN      NS      dc4.mydomain.com.
> 
> ;; AUTHORITY SECTION:
> mydomain.com.        3600    IN      SOA     
> dc3.mydomain.com. hostmaster.mydomain.com. 620 900 600 86400 0
> 
> ;; Query time: 0 msec
> ;; SERVER: 192.168.0.218#53(192.168.0.218)
> ;; WHEN: Wed Feb 12 12:18:10 GMT 2020
> ;; MSG SIZE  rcvd: 116
> 
> 
> 
> ...so both records are correct, in both forward and reverse DNS zones!
> 
> 
> root at dc3.mydomain.com ~ $ (screen) host 192.168.0.218
> 218.0.168.192.in-addr.arpa domain name pointer DC3.
> 
> root at dc3.mydomain.com ~ $ (screen) host 192.168.0.219
> 219.0.168.192.in-addr.arpa domain name pointer DC4.
> 
> 
> Is there any point in putting those extra lines in 
> /etc/resolv.conf when I have been told by this mailing list 
> to only put the 1 nameserver entry in it?!

.. Uhh.. This mailing list.. Darn.. Who.. ? ? 
I didnt see it when i read back, but im dislect as hell so.. I might have missed that. 
I think its a mis interpetation then, i did see Rowland saying that what you had was correct. 
( with the 2x nameservers )..  (za 1-2-2020 17:17 ) 

So.. 

> 
> e.g.   my current resolver file...
> 
> root at dc3.mydomain.com ~ $ (screen) cat /etc/resolv.conf
> search mydomain.com
> nameserver 192.168.0.218
> 
> 
> ...should I have THIS instead?

Yes, thats much better. 

Now, the order here of nameserver can influence things also. 
So, order of nameserver "AFTER" a EXTRA AD-DC joined the domain. 
Per example. 

#DC3. 
search yourprimary.dnsdomain.com other.important-domains.tld 
nameserver 192.168.0.218 #DC3  ( new extry after the join of the AD-DC )
nameserver 192.168.0.219 #DC4  ( first entry before and when your domain Joining and AD-DC ) 
options timeout:2
options attempts:3
options rotate

#DC4. 
search yourprimary.dnsdomain.com other.important-domains.tld 
nameserver 192.168.0.219 #DC4
nameserver 192.168.0.218 #DC3 
options timeout:2
options attempts:3
options rotate

Note, test a bit if "option rotate" works for you.
That makes resolving more randomized over the server, usefull but not always. 
Thats up to you. 


Greetz, 

Louis

More information about the samba mailing list