[Samba] Conflict entries in DNS with DHCP and dynamic DNS updates 

Samba Fan sambafan at outlook.de
Fri Feb 19 17:01:34 UTC 2021

I have checked the DHCP configuration. The failover node configuration has a split of 128 because load balancing should also be performed between both servers. It is correct that both servers should not offer an IP address at the same time. This is also not observed in the log. I describe exemplarily, how the procedure is evident from the log:

DHCP server 1 gets a DHCP discover from MAC address "A" and says "load balance to peer dhcp-failover". It does not give any address to the client with MAC address "A" (no DHCPOFFER is sent). However, it still fires the on-commit event and therefore runs the Dynamic DNS script on DHCP server 1.
DHCP server 2 receives a DHCP Discover from MAC address "A" at the same time as DHCP server 1 and then sends a DHCPOFFER to the client with MAC address "A". The on-commit event is triggered and thus also the Dynamic DNS script is executed on DHCP server 2.

The problem in my eyes is not that both servers offer an IP address at the same time - which does not happen - but that the on-commit event is executed on both - which in my eyes is illogical and unnecessary. It should only be executed on the server that sends the DHCPOFFER or offers the IP.

Is it possible to include a query if a load balancing to the other server "failover-peer" was executed and in this case not to start the script?

Greetings, Sambafan

Von: samba <samba-bounces at lists.samba.org> im Auftrag von Rowland penny via samba <samba at lists.samba.org>
Gesendet: Freitag, 19. Februar 2021 10:15
An: samba at lists.samba.org <samba at lists.samba.org>
Betreff: Re: [Samba] Conflict entries in DNS with DHCP and dynamic DNS updates 

On 18/02/2021 18:16, Samba Fan via samba wrote:
> It is about DNS updates through the ISC DHCP server failover cluster in a Samba 4 Active Directory environment. I have implemented this as described in the Samba wiki (https://wiki.samba.org/index.php/Configure_DHCP_to_update_DNS_records_with_BIND9).
> The failover works fine from the outside. However, the script (I use version 0.9.2) is executed on both servers at the same time (event "on commit"). This has the effect that a DNS record is created on both servers at the same time, if it did not already exist. This creates "conflict records" in both the forward and reverse zones, which the DNS then resolves so that one of them appears as hostname\nCNF:UID or ip-address\nCNF:UID in the forward zone or reverse zone, respectively.
> The name resolution in both directions works, because the correct entries are in the DNS. However, the "useless" CNF entries remain. What can I set or check? How can I prevent these CNF entries? I have not found an answer yet.
> These are the operating systems and versions of the software packages involved:
> Server operating system: Ubuntu 16.04.7 LTS
> Samba: Version 4.3.11-Ubuntu
> DNS: BIND 9.10.3-P4-Ubuntu
> DHCP: ISC DHCP Server version 4.3.3
> Operating system of DHCP clients: Windows 10 1909 (DHCP updates by clients are disabled)
> Regards, Sambafan
> P
Check how you have setup the failover, both dhcp servers shouldn't reply.


To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list