[Samba] Domain member cannot authenticate when first domain controller is down

[Dale]

On 3/5/21 1:24 PM, Rowland penny via samba wrote:
> On 05/03/2021 17:04, Dale via samba wrote:
>> Here you go, Louis.  I noticed a few differences from yours, but it 
>> should be very close to the Samba wiki, from which it is derived.
>>
>> Thanks for the help.
>
>
> You don't actually need these, they are default settings:
>
>     allow-query-cache { "internals"; };
>     recursion yes;
Understood.
>
> I would remove this, I have never used it and it seems to have 
> something to do with master to slave setups. All Samba DC dns servers 
> are masters, there are no slaves.
>
>     masterfile-format text;
Yes, this is a leftover from when this system was an NT4 PDC and was 
also the DNS master for the domain.  Without it, the db.* for the 
forward and reverse zones were gibberish, and the speed increase that 
the (unreadable) default was supposed to produce was negligible for the 
small domains/workgroups.  It probably has no effect now.
>
> I would add these:
>
>     dnssec-enable no;
>     dnssec-lookaside no;
The reason I took those out is because named-checkconf (BIND 9.16.12) 
tells me they are obsolete and should be removed.
>
> Finally, what is in this:
>
>     include "/etc/bind/named.conf.fwd";
In true Debian fashion, I broke the forwarders out of the options file 
and created their own file.  That allows me to create/change forwarders 
once, then copy across the various DNS servers I have at different 
locations, meaning I don't have to type it out multiple times.  It is 
convenient for my needs and something most people would not need or want.

Thanks,
Dale
>
> Rowland