[Samba] Replication between Samba DCs (on different sites)?

Lorenzo Milesi lorenzo.milesi at yetopen.com
Wed Feb 8 13:06:16 UTC 2023


> Very probably, if you have three DC's, then they should all be shown by
> your command.
> 
> Does every DC have an /etc/resolv.conf that looks like this:
> 
> search wdc,domain.it
> nameserver THE_DC_IP

Yes

> There is script 'samba_dnsupdate' that should run at Samba startup and
> then every 10 minutes, this uses a file called 'dns_update_list' and
> should create/maintain several dns records for the DC in AD, amongst
> them are the DC's A and NS records.

Below is a verbose run from dc2. What I can spot, is that even if the DC has been moved to the default site, DNS records still refer to the "secondary" one.
Also, the dig command returns dc1 and dc2 as NS for the domain, dc3 is missing. Could this be due to replication not working?
Please tell me how long shall we insist in finding out what's wrong with this server, before attempting demote/join again. Thank you.


IPs: ['172.32.7.6']
Looking for DNS entry A dc2.wdc.domain.it 172.32.7.6 as dc2.wdc.domain.it.
Looking for DNS entry CNAME 39a77331-7665-49bf-8dd4-89e19a1b1709._msdcs.wdc.domain.it dc2.wdc.domain.it as 39a77331-7665-49bf-8dd4-89e19a1b1709._msdcs.wdc.domain.it.
Looking for DNS entry NS wdc.domain.it dc2.wdc.domain.it as wdc.domain.it.
Looking for DNS entry NS _msdcs.wdc.domain.it dc2.wdc.domain.it as _msdcs.wdc.domain.it.
Looking for DNS entry A wdc.domain.it 172.32.7.6 as wdc.domain.it.
Looking for DNS entry SRV _ldap._tcp.wdc.domain.it dc2.wdc.domain.it 389 as _ldap._tcp.wdc.domain.it.
Checking 0 100 389 dc1.wdc.domain.it. against SRV _ldap._tcp.wdc.domain.it dc2.wdc.domain.it 389
Checking 0 100 389 dc2.wdc.domain.it. against SRV _ldap._tcp.wdc.domain.it dc2.wdc.domain.it 389
Looking for DNS entry SRV _ldap._tcp.dc._msdcs.wdc.domain.it dc2.wdc.domain.it 389 as _ldap._tcp.dc._msdcs.wdc.domain.it.
Checking 0 100 389 dc2.wdc.domain.it. against SRV _ldap._tcp.dc._msdcs.wdc.domain.it dc2.wdc.domain.it 389
Looking for DNS entry SRV _ldap._tcp.510a975a-3732-44a1-a254-831b13004c5f.domains._msdcs.wdc.domain.it dc2.wdc.domain.it 389 as _ldap._tcp.510a975a-3732-44a1-a254-831b13004c5f.domains._msdcs.wdc.domain.it.
Checking 0 100 389 dc1.wdc.domain.it. against SRV _ldap._tcp.510a975a-3732-44a1-a254-831b13004c5f.domains._msdcs.wdc.domain.it dc2.wdc.domain.it 389
Checking 0 100 389 dc2.wdc.domain.it. against SRV _ldap._tcp.510a975a-3732-44a1-a254-831b13004c5f.domains._msdcs.wdc.domain.it dc2.wdc.domain.it 389
Looking for DNS entry SRV _kerberos._tcp.wdc.domain.it dc2.wdc.domain.it 88 as _kerberos._tcp.wdc.domain.it.
Checking 0 100 88 dc1.wdc.domain.it. against SRV _kerberos._tcp.wdc.domain.it dc2.wdc.domain.it 88
Checking 0 100 88 dc2.wdc.domain.it. against SRV _kerberos._tcp.wdc.domain.it dc2.wdc.domain.it 88
Looking for DNS entry SRV _kerberos._udp.wdc.domain.it dc2.wdc.domain.it 88 as _kerberos._udp.wdc.domain.it.
Checking 0 100 88 dc1.wdc.domain.it. against SRV _kerberos._udp.wdc.domain.it dc2.wdc.domain.it 88
Checking 0 100 88 dc2.wdc.domain.it. against SRV _kerberos._udp.wdc.domain.it dc2.wdc.domain.it 88
Looking for DNS entry SRV _kerberos._tcp.dc._msdcs.wdc.domain.it dc2.wdc.domain.it 88 as _kerberos._tcp.dc._msdcs.wdc.domain.it.
Checking 0 100 88 dc1.wdc.domain.it. against SRV _kerberos._tcp.dc._msdcs.wdc.domain.it dc2.wdc.domain.it 88
Checking 0 100 88 dc2.wdc.domain.it. against SRV _kerberos._tcp.dc._msdcs.wdc.domain.it dc2.wdc.domain.it 88
Looking for DNS entry SRV _kpasswd._tcp.wdc.domain.it dc2.wdc.domain.it 464 as _kpasswd._tcp.wdc.domain.it.
Checking 0 100 464 dc2.wdc.domain.it. against SRV _kpasswd._tcp.wdc.domain.it dc2.wdc.domain.it 464
Looking for DNS entry SRV _kpasswd._udp.wdc.domain.it dc2.wdc.domain.it 464 as _kpasswd._udp.wdc.domain.it.
Checking 0 100 464 dc2.wdc.domain.it. against SRV _kpasswd._udp.wdc.domain.it dc2.wdc.domain.it 464
Looking for DNS entry SRV _ldap._tcp.Default-First-Site-Name._sites.wdc.domain.it dc2.wdc.domain.it 389 as _ldap._tcp.Default-First-Site-Name._sites.wdc.domain.it.
Checking 0 100 389 dc1.wdc.domain.it. against SRV _ldap._tcp.Default-First-Site-Name._sites.wdc.domain.it dc2.wdc.domain.it 389
Checking 0 100 389 dc2.wdc.domain.it. against SRV _ldap._tcp.Default-First-Site-Name._sites.wdc.domain.it dc2.wdc.domain.it 389
Looking for DNS entry SRV _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.wdc.domain.it dc2.wdc.domain.it 389 as _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.wdc.domain.it.
Checking 0 100 389 dc2.wdc.domain.it. against SRV _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.wdc.domain.it dc2.wdc.domain.it 389
Looking for DNS entry SRV _kerberos._tcp.Default-First-Site-Name._sites.wdc.domain.it dc2.wdc.domain.it 88 as _kerberos._tcp.Default-First-Site-Name._sites.wdc.domain.it.
Checking 0 100 88 dc1.wdc.domain.it. against SRV _kerberos._tcp.Default-First-Site-Name._sites.wdc.domain.it dc2.wdc.domain.it 88
Checking 0 100 88 dc2.wdc.domain.it. against SRV _kerberos._tcp.Default-First-Site-Name._sites.wdc.domain.it dc2.wdc.domain.it 88
Looking for DNS entry SRV _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.wdc.domain.it dc2.wdc.domain.it 88 as _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.wdc.domain.it.
Checking 0 100 88 dc2.wdc.domain.it. against SRV _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.wdc.domain.it dc2.wdc.domain.it 88
Looking for DNS entry A gc._msdcs.wdc.domain.it 172.32.7.6 as gc._msdcs.wdc.domain.it.
Looking for DNS entry SRV _gc._tcp.wdc.domain.it dc2.wdc.domain.it 3268 as _gc._tcp.wdc.domain.it.
Checking 0 100 3268 dc1.wdc.domain.it. against SRV _gc._tcp.wdc.domain.it dc2.wdc.domain.it 3268
Checking 0 100 3268 dc2.wdc.domain.it. against SRV _gc._tcp.wdc.domain.it dc2.wdc.domain.it 3268
Looking for DNS entry SRV _ldap._tcp.gc._msdcs.wdc.domain.it dc2.wdc.domain.it 3268 as _ldap._tcp.gc._msdcs.wdc.domain.it.
Checking 0 100 3268 dc1.wdc.domain.it. against SRV _ldap._tcp.gc._msdcs.wdc.domain.it dc2.wdc.domain.it 3268
Checking 0 100 3268 dc2.wdc.domain.it. against SRV _ldap._tcp.gc._msdcs.wdc.domain.it dc2.wdc.domain.it 3268
Looking for DNS entry SRV _gc._tcp.Default-First-Site-Name._sites.wdc.domain.it dc2.wdc.domain.it 3268 as _gc._tcp.Default-First-Site-Name._sites.wdc.domain.it.
Checking 0 100 3268 dc2.wdc.domain.it. against SRV _gc._tcp.Default-First-Site-Name._sites.wdc.domain.it dc2.wdc.domain.it 3268
Looking for DNS entry SRV _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.wdc.domain.it dc2.wdc.domain.it 3268 as _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.wdc.domain.it.
Checking 0 100 3268 dc2.wdc.domain.it. against SRV _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.wdc.domain.it dc2.wdc.domain.it 3268
Looking for DNS entry A DomainDnsZones.wdc.domain.it 172.32.7.6 as DomainDnsZones.wdc.domain.it.
Looking for DNS entry SRV _ldap._tcp.DomainDnsZones.wdc.domain.it dc2.wdc.domain.it 389 as _ldap._tcp.DomainDnsZones.wdc.domain.it.
Checking 0 100 389 dc1.wdc.domain.it. against SRV _ldap._tcp.DomainDnsZones.wdc.domain.it dc2.wdc.domain.it 389
Checking 0 100 389 dc2.wdc.domain.it. against SRV _ldap._tcp.DomainDnsZones.wdc.domain.it dc2.wdc.domain.it 389
Looking for DNS entry SRV _ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.wdc.domain.it dc2.wdc.domain.it 389 as _ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.wdc.domain.it.
Checking 0 100 389 dc1.wdc.domain.it. against SRV _ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.wdc.domain.it dc2.wdc.domain.it 389
Checking 0 100 389 dc2.wdc.domain.it. against SRV _ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.wdc.domain.it dc2.wdc.domain.it 389
Looking for DNS entry A ForestDnsZones.wdc.domain.it 172.32.7.6 as ForestDnsZones.wdc.domain.it.
Looking for DNS entry SRV _ldap._tcp.ForestDnsZones.wdc.domain.it dc2.wdc.domain.it 389 as _ldap._tcp.ForestDnsZones.wdc.domain.it.
Checking 0 100 389 dc1.wdc.domain.it. against SRV _ldap._tcp.ForestDnsZones.wdc.domain.it dc2.wdc.domain.it 389
Checking 0 100 389 dc2.wdc.domain.it. against SRV _ldap._tcp.ForestDnsZones.wdc.domain.it dc2.wdc.domain.it 389
Looking for DNS entry SRV _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.wdc.domain.it dc2.wdc.domain.it 389 as _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.wdc.domain.it.
Checking 0 100 389 dc2.wdc.domain.it. against SRV _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.wdc.domain.it dc2.wdc.domain.it 389
Looking for DNS entry SRV _ldap._tcp.aruba-datacenter1._sites.wdc.domain.it dc2.wdc.domain.it 389 as _ldap._tcp.aruba-datacenter1._sites.wdc.domain.it.
Checking 0 100 389 dc2.wdc.domain.it. against SRV _ldap._tcp.aruba-datacenter1._sites.wdc.domain.it dc2.wdc.domain.it 389
Looking for DNS entry SRV _ldap._tcp.aruba-datacenter1._sites.dc._msdcs.wdc.domain.it dc2.wdc.domain.it 389 as _ldap._tcp.aruba-datacenter1._sites.dc._msdcs.wdc.domain.it.
Checking 0 100 389 dc2.wdc.domain.it. against SRV _ldap._tcp.aruba-datacenter1._sites.dc._msdcs.wdc.domain.it dc2.wdc.domain.it 389
Looking for DNS entry SRV _kerberos._tcp.aruba-datacenter1._sites.wdc.domain.it dc2.wdc.domain.it 88 as _kerberos._tcp.aruba-datacenter1._sites.wdc.domain.it.
Checking 0 100 88 dc2.wdc.domain.it. against SRV _kerberos._tcp.aruba-datacenter1._sites.wdc.domain.it dc2.wdc.domain.it 88
Looking for DNS entry SRV _kerberos._tcp.aruba-datacenter1._sites.dc._msdcs.wdc.domain.it dc2.wdc.domain.it 88 as _kerberos._tcp.aruba-datacenter1._sites.dc._msdcs.wdc.domain.it.
Checking 0 100 88 dc2.wdc.domain.it. against SRV _kerberos._tcp.aruba-datacenter1._sites.dc._msdcs.wdc.domain.it dc2.wdc.domain.it 88
Looking for DNS entry SRV _gc._tcp.aruba-datacenter1._sites.wdc.domain.it dc2.wdc.domain.it 3268 as _gc._tcp.aruba-datacenter1._sites.wdc.domain.it.
Checking 0 100 3268 dc2.wdc.domain.it. against SRV _gc._tcp.aruba-datacenter1._sites.wdc.domain.it dc2.wdc.domain.it 3268
Looking for DNS entry SRV _ldap._tcp.aruba-datacenter1._sites.gc._msdcs.wdc.domain.it dc2.wdc.domain.it 3268 as _ldap._tcp.aruba-datacenter1._sites.gc._msdcs.wdc.domain.it.
Checking 0 100 3268 dc2.wdc.domain.it. against SRV _ldap._tcp.aruba-datacenter1._sites.gc._msdcs.wdc.domain.it dc2.wdc.domain.it 3268
Looking for DNS entry SRV _ldap._tcp.aruba-datacenter1._sites.DomainDnsZones.wdc.domain.it dc2.wdc.domain.it 389 as _ldap._tcp.aruba-datacenter1._sites.DomainDnsZones.wdc.domain.it.
Checking 0 100 389 dc2.wdc.domain.it. against SRV _ldap._tcp.aruba-datacenter1._sites.DomainDnsZones.wdc.domain.it dc2.wdc.domain.it 389
Looking for DNS entry SRV _ldap._tcp.aruba-datacenter1._sites.ForestDnsZones.wdc.domain.it dc2.wdc.domain.it 389 as _ldap._tcp.aruba-datacenter1._sites.ForestDnsZones.wdc.domain.it.
Checking 0 100 389 dc2.wdc.domain.it. against SRV _ldap._tcp.aruba-datacenter1._sites.ForestDnsZones.wdc.domain.it dc2.wdc.domain.it 389
No DNS updates needed

-- 
Lorenzo Milesi - lorenzo.milesi at yetopen.com 
CTO @ YetOpen Srl

Corso Martiri della Liberazione 114 - 23900 Lecco - ITALY - | 4801 Glenwood Avenue - Suite 200 - Raleigh, NC 27612 - USA -
Tel +39 0341 220 205 - info.it at yetopen.com  | Phone +1 919-817-8106 - info.us at yetopen.com

Think green - Non stampare questa e-mail se non necessario / Don't print this email unless necessary

-------- D.Lgs. 196/2003 e GDPR 679/2016 --------
Tutte le informazioni contenute in questo messaggio sono riservate ed a uso esclusivo del destinatario.
Tutte le informazioni ivi contenute, compresi eventuali allegati, sono da ritenere confidenziali e riservate secondo i termini
del vigente D.Lgs. 196/2003 in materia di privacy e del Regolamento europeo 679/2016 - GDPR - e quindi ne e' proibita l'utilizzazione ulteriore non autorizzata.
Nel caso in cui questo messaggio Le fosse pervenuto per errore, La invitiamo ad eliminarlo senza copiarlo, stamparlo, a non inoltrarlo a terzi e ad avvertirci non appena possibile.
Grazie.

Confidentiality notice: this email message including any attachment is for the sole use of the intended recipient and may contain confidential and privileged information;
pursuant to Legislative Decree 196/2003 and the European General Data Protection Regulation 679/2016 - GDPR - any unauthorized review, use, disclosure or distribution
is prohibited. If you are not the intended recepient please delete this message without copying, printing or forwarding it to others, and alert us as soon as possible.
Thank you.




More information about the samba mailing list