[Samba] Moving FSMO roles doesnt affect srv records in DNS ?.

Peter Boos peter.boos at quest-innovations.com
Thu Sep 24 14:38:26 UTC 2020 

Thanks Rowland, 
I checked again the DNS service.
Its still not pointing towards the new DC its Thursday now.
While we migrated last Sunday (20-9-2020).
Is it a manual action we should do `samba_dnsupdate`
Or is it something that's triggered by a cron job ?.

I Just want to be be sure its all correctly installed and working.
As i would like to migrate the old server away.
(As the plan was to replace the old server for 2 new servers).



-----Original message-----
> From: Rowland penny <rpenny at samba.org>
> Sent: Wednesday 23rd September 2020 15:26
> To: samba at lists.samba.org
> Subject: Re: [Samba] Moving FSMO roles doesnt affect srv records in DNS ?.
> 
> On 23/09/2020 12:40, Peter Boos via samba wrote:
> > We've added an extra DC for redundancy to the Debian based Active Directory.
> > We updated our older smaba version to the current one, and joined a new
> DC.
> > Then the commands where givven to move all the FSMO roles
> >
> > Which we verified with "samba-tool fsmo show", which showed that all roles
> are on the new DC.
> >
> > However in DNS all underscore srv records of the AD services still point
> to the old server.
> > Not sure how samba handels it, though as the virtual pdc emulator is pointing
> to the old DNS server.
> > The old DC still seams to handle all logon's now.
> > As we verified by cmd command set in win 10 clients (showing logon server
> as the old dc)..
> >   Is this normal behaviour for Samba, are srv records not updated ?.
> > I find it strange and am wondered if our AD is now running as intended.
> >
> > How to verify Samba.
> 
> This is the way it is supposed to work: Every so often, samba_dnsupdate 
> is run on a DC, this uses a file 'dns_update_list'. Any missing files 
> from the list are created. One of the lines from the list is this:
> 
> # The PDC emulator
> ${IF_PDC}SRV _ldap._tcp.pdc._msdcs.${DNSDOMAIN}                    
> ${HOSTNAME} 389
> 
> I think if you check again, you will now have the required SRV record, 
> but you may also have another record for the old pdc_emulator role 
> owner. Whilst it seems there is code to add the _ldap._tcp.pdc record, 
> there doesn't seem to any to remove it from the old role owner.
> 
> You can remove the incorrect record (if you have it) with 'samba-tool 
> dns delete'
> 
> Rowland
> 
> 
> 
> 
>

More information about the samba mailing list