[Samba] Dual controllers with bind DLZ - DNS change propagation

[Michal Bruncko]

ok, seems that re-running "samba_upgradedns --dns-backend=BIND9_DLZ" 
helped here...

Reading domain information
DNS accounts already exist
No zone file /var/lib/samba/bind-dns/dns/FOO.BAR.CO.zone
DNS records will be automatically created
DNS partitions already exist
dns-dc2 account already exists
See /var/lib/samba/bind-dns/named.conf for an example configuration 
include file for BIND
and /var/lib/samba/bind-dns/named.txt for further documentation required 
for secure DNS updates
Finished upgrading DNS


now it resolves immediately via both bind daemons....

michal


On 10/30/2020 12:45 PM, Michal Bruncko via samba wrote:
> hello
>
> our AD domain is hosted by two samba AD domain controllers version 4.12.6
> - replication between controllers is fine, no problems.
> - no schema errors.
> - no database errors, all fine.
>
> we use this samba DCs with bind with DLZ backend 
> (bind-9.11.13-6.el8_2.1.x86_64) to manage internal DNS zones. bind/DLZ 
> setup is deployed completely same way on both DC1 and DC2 (mostly 
> followed samba wiki during deployment).
> we manage this DNS using RSAT tools on windows machine.
>
> if I create a RR record ("A" for example) in one of DNS zones (on DC1 
> using RSAT), then I can confirm that this change is almost immediately 
> propagated to DC2 with using both:
> - LDAP editor connected to DC2
> - RSAT DNS manager connected to DC2
>
> this change is immediately reflected by bind on DC1 and I am able to 
> resolve name based on what I've created.
> the problem is with bind on DC2 - it is still returns NXDOMAIN for 
> this change.
> at the end the RR records seems to be resolvable, but it takes some 
> bunch of time (in hours?)...
>
> doing "rndc flush" or "rndc refresh" will not help at all...
>
> do I miss something in this setup? why it is not reflected by bind in 
> same way as on DC1?
>
> thank you
>
> michal
>