[Samba] Make new server the "master"

Peter Milesson miles at atmos.eu
Sun Sep 6 07:30:20 UTC 2020 

Hi Peter,

As Rowland pointed out in a previous post to you "Each DC should use its 
own ipaddress for its nameserver in /etc/resolv.conf", so the gateway IP 
should not be there.

So make /etc/resolv.conf on DC01
nameserver 192.168.4.5
search internal.kcs

and /etc/resolv.conf on DC02
nameserver 192.168.4.6
search internal.kcs

If you use the internal dns backend add the following to your [global] 
section in /etc/samba/smb.conf on both DC01 and DC02

dns forwarder = <public DNS server IP-address>

If you use the bind dns backend make sure that the forwarders option 
contain the IP-address(es) of your public DNS server(s). In that case, 
the dns forwarder parameter must not exist in /etc/samba/smb.conf

Hope it helps

Best regards,

Peter

On 2020-09-05 23:02, Peter Pollock via samba wrote:
> To get the question of why new servers, this one I'm using has hardware
> whose remaining life is measured in days. The elastic bands and sticky tape
> it is held together with won't hold for much longer. I'm using it to build
> and test a new environment, but then I need to migrate that onto something
> with a little more vitality before bringing it into production (in the next
> 56 hours).
>
> As for DNS. I ALWAYS had the problem with my Zentyal boxes that if the one
> I built first went down, the others didn't know what to do with their
> lives. The same is true on these ones I've built today.
>
> DC01 has IP 192.168.4.5
> DC02 has IP 192.168.4.6
> The gateway is ar 192.168.4.1
>
> If I set /etc/resolv.conf to
> nameserver 192.168.4.6
> nameserver 192.168.4.1
> search internal.kcs
>
> I get no internal or external name resolution. Trying to ping anything
> gives me:
> ping: google.com: Temporary failure in name resolution
>
> Dig gives me this error:
>
> itadmin at dc02:~$ dig dc01.internal.kcs
>
> ; <<>> DiG 9.16.1-Ubuntu <<>> dc01.internal.kcs
> ;; global options: +cmd
> ;; connection timed out; no servers could be reached
>
>
> Digging from DC01 works fine though
>
> itadmin at dc01:/$ dig dc02.internal.kcs
>
> ; <<>> DiG 9.16.1-Ubuntu <<>> dc02.internal.kcs
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14095
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ; COOKIE: 4375a2de0dc15f30010000005f53fc6edecede8d59738b72 (good)
> ;; QUESTION SECTION:
> ;dc02.internal.kcs.             IN      A
>
> ;; ANSWER SECTION:
> dc02.internal.kcs.      900     IN      A       192.168.4.6
>
> ;; Query time: 4 msec
> ;; SERVER: 192.168.4.5#53(192.168.4.5)
> ;; WHEN: Sat Sep 05 14:00:30 PDT 2020
> ;; MSG SIZE  rcvd: 90
>
> and all my troubles go away if I change resolv.conf to have nameserver
> 192.168.4.5 at the top
>
>
> On Sat, Sep 5, 2020 at 10:26 AM Rowland penny via samba <
> samba at lists.samba.org> wrote:
>
>> On 05/09/2020 17:54, Peter Pollock via samba wrote:
>>> Please forgive me, I'm not sure what terminology to use here so this
>>> question may sound wrong.
>>>
>>> I have built two servers samba servers with a new domain. They replicate
>>> happily and I can seem to do everything I could ever want on them.
>>>
>>> DC01 holds all the FSMO roles and, as the first one built, acts as the
>>> "master" for DNS. Nothing works well on either server if DC01 is not at
>> the
>>> top of the hosts file.
>> Both DC's are dns masters, it is known as multi-master. Each DC should
>> use its own ipaddress for its nameserver in /etc/resolv.conf, so
>> something is wrong if it doesn't work.
>>> But this is in a temporary environment and what I'd like to do is build
>> two
>>> production servers, connect them to this AD domain, get them working and
>>> then have them take over all the FSMO roles and for one of them to become
>>> the master for DNS so that I can switch off these two test servers I have
>>> built.
>> No, you lost me there, you will have two good DC's and you will add
>> another two good DC's and then turn off the first two, why ?
>>> My question is, what do I have to do to make another server the "master"?
>>> is it just transferring the FSMO roles or is there something else (apart
>>> from updating the host files on all the live servers)?
>> There is no concept of a 'master' in AD, all DC's are equal except for
>> the FSMO roles and they can be on any DC, in fact, if you had seven
>> DC's, you could have an FSMO role on each. You can transfer all the
>> roles to any DC, but it wouldn't make it the 'master', because there is
>> no master.
>>
>> Rowland
>>
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>

More information about the samba mailing list