[Samba] Failover DC did not work when Main DC failed

Rowland penny rpenny at samba.org
Wed Feb 12 13:08:44 UTC 2020 

On 12/02/2020 12:54, L.P.H. van Belle via samba wrote:
>   
>
>> Hello Louis,
>>
>> Thanks for your reply.
>>
>> For that dig command I get...
>>
>>
>> root at dc3.mydomain.com ~ $ (screen) dig NS $(hostname -d)
>>
>> ; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> NS mydomain.com
>> ;; global options: +cmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63144
>> ;; flags: qr aa rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 1,
>> ADDITIONAL: 0
>>
>> ;; QUESTION SECTION:
>> ;mydomain.com.               IN      NS
>>
>> ;; ANSWER SECTION:
>> mydomain.com.        900     IN      NS      dc3.mydomain.com.
>> mydomain.com.        900     IN      NS      dc4.mydomain.com.
>>
>> ;; AUTHORITY SECTION:
>> mydomain.com.        3600    IN      SOA
>> dc3.mydomain.com. hostmaster.mydomain.com. 620 900 600 86400 0
>>
>> ;; Query time: 0 msec
>> ;; SERVER: 192.168.0.218#53(192.168.0.218)
>> ;; WHEN: Wed Feb 12 12:18:10 GMT 2020
>> ;; MSG SIZE  rcvd: 116
>>
>>
>>
>> ...so both records are correct, in both forward and reverse DNS zones!
>>
>>
>> root at dc3.mydomain.com ~ $ (screen) host 192.168.0.218
>> 218.0.168.192.in-addr.arpa domain name pointer DC3.
>>
>> root at dc3.mydomain.com ~ $ (screen) host 192.168.0.219
>> 219.0.168.192.in-addr.arpa domain name pointer DC4.
>>
>>
>> Is there any point in putting those extra lines in
>> /etc/resolv.conf when I have been told by this mailing list
>> to only put the 1 nameserver entry in it?!
> .. Uhh.. This mailing list.. Darn.. Who.. ? ?
> I didnt see it when i read back, but im dislect as hell so.. I might have missed that.
> I think its a mis interpetation then, i did see Rowland saying that what you had was correct.
> ( with the 2x nameservers )..  (za 1-2-2020 17:17 )
>
> So..
>
>> e.g.   my current resolver file...
>>
>> root at dc3.mydomain.com ~ $ (screen) cat /etc/resolv.conf
>> search mydomain.com
>> nameserver 192.168.0.218
>>
>>
>> ...should I have THIS instead?
> Yes, thats much better.
>
> Now, the order here of nameserver can influence things also.
> So, order of nameserver "AFTER" a EXTRA AD-DC joined the domain.
> Per example.
>
> #DC3.
> search yourprimary.dnsdomain.com other.important-domains.tld
> nameserver 192.168.0.218 #DC3  ( new extry after the join of the AD-DC )
> nameserver 192.168.0.219 #DC4  ( first entry before and when your domain Joining and AD-DC )
> options timeout:2
> options attempts:3
> options rotate
>
> #DC4.
> search yourprimary.dnsdomain.com other.important-domains.tld
> nameserver 192.168.0.219 #DC4
> nameserver 192.168.0.218 #DC3
> options timeout:2
> options attempts:3
> options rotate
>
> Note, test a bit if "option rotate" works for you.
> That makes resolving more randomized over the server, usefull but not always.
> Thats up to you.
>
>
> Greetz,
>
> Louis
>
>
There are a couple of ways of looking at this on a DC

The first is that a DC must use itself as its nameserver and if 
something goes wrong e.g. Samba has fallen over, then there isn't much 
point having another nameserver, Samba isn't going to use it

The second is, it will not hurt having a second nameserver on a DC, just 
as long you understand that Samba will not use the second nameserver if 
Samba has fallen over, but the computer will.

Rowland

More information about the samba mailing list