[Samba] several dns issues after switching fsmo roles to samba-dc
Alex
samba at abisoft.biz
Mon Jun 1 13:40:18 UTC 2020
Hello,
I've finally decided to switch all FSMO roles from Windows 2008 R2 DC (vm-dc1)
to one of the two Samba 4.12.3 DCs (vm-dc3). Here are several issues I've faced
after that:
1. After connecting DNS Manager to the all DCs, I've found that the SOA record
for my domain and msdcs zones still point to the former PDC - vm-dc1.
Is that OK?
2. So, I've changed the SOA manually on the new PDC (vm-dc3) to point to the new
PDC. This change has been successfully propagated to another Samba DC (vm-dc4),
but the Windows DC still displays itself in the SOA record.
Is that OK?
3. I see the errors in the System log on the former DC (vm-dc1), like:
The dynamic registration of the DNS record '_ldap._tcp.DomainDnsZones.domain.com. 600 IN SRV 0 100 389 vm-dc1.domain.com.' failed on the following DNS server:
DNS server IP address: 172.26.1.83
Returned Response Code (RCODE): 0
Returned Status Code: 9016
...
ADDITIONAL DATA
Error Value: DNS signature failed to verify.
(172.26.1.83 is the new PDC - vm-dc3)
However, samba logs do not show any errors regarding the RR registration:
https://paste.ee/p/WiJsM
Nevertheless, I see this RR in all DCs with "static" in the timestamp field.
Why does this error happen?
4. Running dcdiag shows some errors. Not sure if they're major though, b/c
things seem to be working well.
https://www.dropbox.com/t/EpQLVEkyTihLZOqD
Thanks in advance for any feedback!
--
Best regards,
Alex
More information about the samba
mailing list