[Samba] Testing replication between 4 DCs

Michael Tokarev mjt at tls.msk.ru
Wed Nov 23 19:56:24 UTC 2022

23.11.2022 22:31, Rowland Penny via samba wrote:

> Samba stores dns records in AD and when you join a new DC, at first start (and every 10 minutes after that) a python script is run 'samba_dnsupdate', 
> this adds any missing records found in the file 'dns_update_list'. Because you are using unbound, your records are incomplete, they are very probably 
> in AD, but unbound doesn't read the records in AD. Because unbound doesn't know all the records, it is very probable that this is causing some of your 
> problems.

Rowland, you sipped actual question and returned to speculations.
I don't know why you're doing this.  But I'm okay with this too,
people are different, that's normal.

Too bad you also skipped a question about inter-DC links which - as
you wrote before - should be created by samba. I'll take a look at
the actual code which does that. It smells like you're wrong here
and there wont be all-to-all links created (so each DC is linked to
each other DC) - only a few of them. And this has absolutely nothing
to do with DNS either, it seems like, because when the links gets
created, DNS isn't consulted yet, only when they being actually used.

Constantly running samba_dnsupdate is a wrong solution to a wrong problem.
If your DNS is incapable of storing names in a more or less permanent basis
and needs constant updates (without any changes in actual data) just to
keep records in there, because maybe there's some chance these records will
be lost somewhere, the solution is to fix you DNS so it become reliable,
instead of constantly pushing stuff into a leaking tank. Fix the leak and
there's no need to add more fuel, that's actually very easy.

> I cannot make you use the recommended method, but would urge you to do so. You are not the first to use an external dns server in the way you are and 
> you are not the first to have problems because you do.

I will *never* delegate something as important as DNS to something as
unreliable and buggy as samba, at least not in its current form.
It is exactly backwards.  And once again, no, I'm *not* having a

And still, you never answered to a simple question:  Which DNS
records Samba keeps or updates which can't be managed by any other
nameserver?  Which records needs updating after the server (DC
or member) is set up?  Where these records are hidden, why a dump
of the zone or samba_dnsupdate tool does not show them?

*That* would be real answer, - to describe the actual stuff samba
does which can't be (trivially!) replicated into any nameserver
out there.  You never gave anything remotely resembling an answer
to the *why* question.

Unless there's some real data to show, or the code which does
that, all the rest is just a speculation.



More information about the samba mailing list