[Samba] Replication is broken due to Bind DNS resolution

[Rowland Penny]

On Wed, 2022-06-08 at 06:38 -0400, Zombie Ryushu via samba wrote:
> On 6/8/22 06:28, Rowland Penny via samba wrote:
> > On Wed, 2022-06-08 at 06:15 -0400, Zombie Ryushu via samba wrote:
> > > On 6/8/22 06:10, Rowland Penny via samba wrote:
> > > > On Wed, 2022-06-08 at 05:59 -0400, Zombie Ryushu via samba
> > > > wrote:
> > > > > Samba does not handle DNS, Bind does.
> > > > How many times do I have to tell you, Samba must be
> > > > authoritative
> > > > for
> > > > the DNS domain, if you use Bind9, you must also use BIND_DLZ
> > > > and no
> > > > flatfiles. The domain DNS zones must be in AD.
> > > > 
> > > > Rowland
> > > >    
> > > > 
> > > > 
> > > > 
> > > > 
> > > I know, what I am trying to do, is demote each Domain Controller
> > > one
> > > at
> > > a time. then re-promote it with --dns-backend=Bind_dlz.
> > > 
> > > I have all my bind servers with chroot switched off. but when I
> > > activate
> > > the Bind Dlz AD Zone, Bind crashes saying there are no records in
> > > the
> > > zone. Hence the demotion/promotion thing,.
> > > 
> > I seem to remember that you stated that you initially provisioned
> > with
> > '--dns-backend=NONE', if this is correct, then you do not have the
> > dns
> > records in AD and I am not sure if you can create them now.
> > 
> > Rowland
> > 
> > 
> > 
> That's correct.
> 
> I think that you can with samba_upgradedns to deal with this.
> 

Not sure that will work, this has been suggested for Samba DCs that
were upgraded from Win2k and Windows 2003 servers that used a different
DNS system. This worked for early versions of Samba, but doesn't work
now (multiple bugfixes and more checking). If have the earlier dns
system, you now cannot join new DCs and samba_upgradedns will not fix
this.

But, by all means try it, but I would clone whichever DC you think is
the best, then run the clone in a separate network, forcibly demote the
other DCs (on the clone) and try your fix.

Rowland