[Samba] Failover DC did not work when Main DC failed

Paul Littlefield info at paully.co.uk
Fri Feb 21 10:58:29 UTC 2020

On 18/02/2020 19:58, Kris Lou via samba wrote:
> This might be a problem down the road.  The Samba Internal DNS does NOT
> round-robin -- it will always return your list of DC's in the same order,
> so requests usually go to the first result.  If you have any simple
> ldapclients (PHP clients, for example), it will query in order.  I don't
> know if the ldapclient is smart enough to look at a 2nd DNS response if the
> 1st doesn't respond, but probably not -- further implied by "password
> server = <dc1> <dc2>" and failover/redundancy is handled sequentially.
> Re-reading how Windows' Netlogon Cache and such works, the client should
> query a DNS server for known DC's and then perform an ldap-ping to ALL of
> them before caching the preferred DC.  Which should mean that the order in
> which a DC is listed or returned shouldn't matter, so the Internal DNS
> lacking round-robin shouldn't matter to Windows clients.  But you might as
> well go all the way ...

Hello Kris,

Thanks for this information, hopefully it will help us.

Samba 4 AD DC
QNAP Domain Joined

DNS1 =
DNS2 =
DC1 =
DC2 =

So, normally, a Windows client should do this...

Domain --> DNS1 --> DC1
Files --> DNS1 --> QNAP --> DC1

In the event of server failure (DNS1/DC1 is unavailable) a Windows client should do this...

Domain --> DNS1 = fail
        --> DNS2 --> DC1 = fail
                 --> DC2

Files --> DNS1 = fail
       --> DNS2 --> QNAP --> DC1 = fail
                         --> DC2

...have I got that correct?

Is this what everyone else is doing?!



To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list