[Samba] Make new server the "master"

[Peter Pollock]

To get the question of why new servers, this one I'm using has hardware
whose remaining life is measured in days. The elastic bands and sticky tape
it is held together with won't hold for much longer. I'm using it to build
and test a new environment, but then I need to migrate that onto something
with a little more vitality before bringing it into production (in the next
56 hours).

As for DNS. I ALWAYS had the problem with my Zentyal boxes that if the one
I built first went down, the others didn't know what to do with their
lives. The same is true on these ones I've built today.

DC01 has IP 192.168.4.5
DC02 has IP 192.168.4.6
The gateway is ar 192.168.4.1

If I set /etc/resolv.conf to
nameserver 192.168.4.6
nameserver 192.168.4.1
search internal.kcs

I get no internal or external name resolution. Trying to ping anything
gives me:
ping: google.com: Temporary failure in name resolution

Dig gives me this error:

itadmin at dc02:~$ dig dc01.internal.kcs

; <<>> DiG 9.16.1-Ubuntu <<>> dc01.internal.kcs
;; global options: +cmd
;; connection timed out; no servers could be reached


Digging from DC01 works fine though

itadmin at dc01:/$ dig dc02.internal.kcs

; <<>> DiG 9.16.1-Ubuntu <<>> dc02.internal.kcs
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14095
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 4375a2de0dc15f30010000005f53fc6edecede8d59738b72 (good)
;; QUESTION SECTION:
;dc02.internal.kcs.             IN      A

;; ANSWER SECTION:
dc02.internal.kcs.      900     IN      A       192.168.4.6

;; Query time: 4 msec
;; SERVER: 192.168.4.5#53(192.168.4.5)
;; WHEN: Sat Sep 05 14:00:30 PDT 2020
;; MSG SIZE  rcvd: 90

and all my troubles go away if I change resolv.conf to have nameserver
192.168.4.5 at the top


On Sat, Sep 5, 2020 at 10:26 AM Rowland penny via samba <
samba at lists.samba.org> wrote:

> On 05/09/2020 17:54, Peter Pollock via samba wrote:
> > Please forgive me, I'm not sure what terminology to use here so this
> > question may sound wrong.
> >
> > I have built two servers samba servers with a new domain. They replicate
> > happily and I can seem to do everything I could ever want on them.
> >
> > DC01 holds all the FSMO roles and, as the first one built, acts as the
> > "master" for DNS. Nothing works well on either server if DC01 is not at
> the
> > top of the hosts file.
> Both DC's are dns masters, it is known as multi-master. Each DC should
> use its own ipaddress for its nameserver in /etc/resolv.conf, so
> something is wrong if it doesn't work.
> >
> > But this is in a temporary environment and what I'd like to do is build
> two
> > production servers, connect them to this AD domain, get them working and
> > then have them take over all the FSMO roles and for one of them to become
> > the master for DNS so that I can switch off these two test servers I have
> > built.
> No, you lost me there, you will have two good DC's and you will add
> another two good DC's and then turn off the first two, why ?
> > My question is, what do I have to do to make another server the "master"?
> > is it just transferring the FSMO roles or is there something else (apart
> > from updating the host files on all the live servers)?
>
> There is no concept of a 'master' in AD, all DC's are equal except for
> the FSMO roles and they can be on any DC, in fact, if you had seven
> DC's, you could have an FSMO role on each. You can transfer all the
> roles to any DC, but it wouldn't make it the 'master', because there is
> no master.
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>