[Samba] Domain member cannot authenticate when first domain controller is down
Dale
samba at txschroeder.family
Fri Mar 5 20:23:37 UTC 2021
On 3/5/21 1:24 PM, Rowland penny via samba wrote:
> On 05/03/2021 17:04, Dale via samba wrote:
>> Here you go, Louis. I noticed a few differences from yours, but it
>> should be very close to the Samba wiki, from which it is derived.
>>
>> Thanks for the help.
>
>
> You don't actually need these, they are default settings:
>
> allow-query-cache { "internals"; };
> recursion yes;
Understood.
>
> I would remove this, I have never used it and it seems to have
> something to do with master to slave setups. All Samba DC dns servers
> are masters, there are no slaves.
>
> masterfile-format text;
Yes, this is a leftover from when this system was an NT4 PDC and was
also the DNS master for the domain. Without it, the db.* for the
forward and reverse zones were gibberish, and the speed increase that
the (unreadable) default was supposed to produce was negligible for the
small domains/workgroups. It probably has no effect now.
>
> I would add these:
>
> dnssec-enable no;
> dnssec-lookaside no;
The reason I took those out is because named-checkconf (BIND 9.16.12)
tells me they are obsolete and should be removed.
>
> Finally, what is in this:
>
> include "/etc/bind/named.conf.fwd";
In true Debian fashion, I broke the forwarders out of the options file
and created their own file. That allows me to create/change forwarders
once, then copy across the various DNS servers I have at different
locations, meaning I don't have to type it out multiple times. It is
convenient for my needs and something most people would not need or want.
Thanks,
Dale
>
> Rowland
More information about the samba
mailing list