[Samba] AXFR transfer: SRV for DC missing
Markus Gschwendt
office+samba at gschwendt.at
Mon Oct 27 20:08:39 UTC 2025
Thanks for the fast answers, Rowland and Peter!
On Mon, 2025-10-27 at 18:02 +0000, Rowland Penny via samba wrote:
> On Mon, 27 Oct 2025 17:56:38 +0100
> "Ing. Markus Gschwendt via samba" <samba at lists.samba.org> wrote:
>
> > ...
> > Everything is on the latest packages of debian bookworm (Samba,
> > Bind,...)
>
> I would have used Trixie, bookworm isn't likely to get any further
> Samba updates.
This is the intention. But if I'm informed right, there is no support
for NT-style domains in the Samba version in Trixie or Bookworm
Backports. So we did the migration prior to the Debian upgrade.
As we have the problem with AXFR transfers only at one of 2 sites I'd
like to fix this before we do any further upgrades.
(A short try to upgrade to Trixie did not start samba - I had no time
to investigate)
...
> > dig SRV _ldap._tcp.dc._msdcs.example.internal @192.168.0.XXX
>
> There must be a reason why you have sanitised that 192.168.0 IP,
> but it
> beats me, it isn't routable outside your network.
It's just the IP of the Samba AD DC server. Private IP subnet.
The domain name is changed to example.internal.
> ...
> > * Inside samba ldb the record is present.
> > * Bind seems it can deliver the SRV record.
> > * But it is not delivered in a zone transfer via AXFR.
> >
> > As you can see from the output, the axfr transfer itself does work
> > and
> > the allow-settings are correct.
> >
> > Why is the record in AXFR missing or how can I get it into AXFR?
> > Can anybody help on this?
>
> It is very easy to get DNS onto another server, add another DC, you
> should have more than one DC anyway.
There is no issue with a secondary DC.
We need to get the whole zone information to another Bind9 server via
AXFR.
This NS server receives the zone from the Samba AD DC but it is missing
a few records.
Markus
More information about the samba
mailing list