[Samba] 2 AD DNS questions

Dale samba at txschroeder.family
Sat Feb 20 19:10:04 UTC 2021


On 2/20/21 12:30 PM, Rowland penny via samba wrote:
> On 20/02/2021 17:40, Dale via samba wrote:
>>
>> After running the commands above, the extra records are now in the 
>> output of the ldbsearch command; however, I see in the output from 
>> dc2 that the mname value is still dc1, unlike the output from your 
>> dc4.  Is this critical or does it need to be changed, too?
>>
>
> That will probably be the DC that was provisioned. If I run an 
> ldbsearch on each DC, I get the same output on each (snipped for 
> brevity):
>
> dc4:
>
> dn: 
> DC=@,DC=samdom.example.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com
> dnsRecord:     NDR: struct dnsp_DnssrvRpcRecord
>         wType                    : DNS_TYPE_SOA (6)
>         soa: struct dnsp_soa
>             mname                    : dc4.samdom.example.com
>
> dc01:
>
> dn: 
> DC=@,DC=samdom.example.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com
> dnsRecord:     NDR: struct dnsp_DnssrvRpcRecord
>         wType                    : DNS_TYPE_SOA (6)
>         soa: struct dnsp_soa
>             mname                    : dc4.samdom.example.com
>
> As you can see, the 'mname' is the same, which isn't surprising, as 
> the output comes from AD.
>
> What matters is, if you run 'host -t soa <dns.domain.tld>' on each DC, 
> is that DC's FQDN amongst the output.
>
> Rowland

Yes, dc1 was the provisioned system.  I can't be certain as to why its 
hostname was entered into the SOA mname record of dc2 nor why dc2 was 
not added as an NS record.  All values were created by the automated 
processes of joining dc2 as a DC.

While waiting on your reply, I poked around in RSAT again, and, unlike 
adding the NS record, I found where I was able to change the mname value 
for dc2.  Once changed, the ldbsearch command fully provided output like 
yours and contained the correct dc in the mname.

So, while I have yet to ascertain if DC failover finally works, it does 
appear that the SOA records of dc2 are now correct.

Thank you for the excellent support, Rowland.

Dale



More information about the samba mailing list