[Samba] AXFR transfer: SRV for DC missing
Steven Monai
stevemoca at gmail.com
Tue Oct 28 01:20:30 UTC 2025
On 2025-10-27 9:56 a.m., Ing. Markus Gschwendt via samba wrote:
> Hi!
Hello Markus,
> We just did an upgrade from Samba NT-style domain to AD.
> Most things are working fine. Just the AXFR transfer to a secondary
> nameserver is missing some records.
[snip]
> A DNS lookup for the SRV record on the AD does return the record
> correctly:
>
> dig SRV _ldap._tcp.dc._msdcs.example.internal @192.168.0.XXX
...> _ldap._tcp.dc._msdcs.example.internal. 3600 IN SRV 0 100 389
> ad1.example.internal.
[snip]
> if I manually ask for the whole zone via AXFR the record is missing:
>
> dig axfr example.internal @192.168.0.XXX |grep SRV
I believe you have made an incorrect assumption. There is not just one
zone, but two:
example.internal AND _msdcs.example.internal
Even though the latter is a subdomain of the former, the latter is a
separate zone, and its contents are NOT transferred when you request
AXFR on example.internal. Zone transfers are not recursive.
Try this test instead:
dig @192.168.0.XXX _msdcs.example.internal AXFR | grep -i srv
I think you will find your "missing" records are there.
I hope this helps,
-S.M.
More information about the samba
mailing list