Sites and DNS

Kev Latimer klatimer at tolent.co.uk
Tue Mar 27 01:31:16 MDT 2012 

Thanks for your replies Andrew/Amitay.

On 26/03/2012 23:40, Amitay Isaacs wrote:
> Hi Kev,
>
> On Tue, Mar 27, 2012 at 2:40 AM, Kev Latimer<klatimer at tolent.co.uk>  wrote:
>> Afternoon all,
>>
>> This has had me rattling my head all day trying to figure out my best
>> approach.
>>
>> I'm wanting to stick a DC in each of our physical offices, as they're all
>> either side of WAN links.  I've set up and provisioned many tests over the
>> last 8 or so weeks (mainly to try any permutation I could think of to find
>> my "sweet spot") and once I had my initial DC provisioned I created another
>> 5 - one extra in the initial site and one in each office.  Logically, I
>> created 4 new sites in "AD sites and services" MMC and renamed the
>> Default-First-Site-Name to reflect the geographic region of the original
>> site.
> I have not tested what happens when you rename the default site. Samba
> daemon runs a samba_dnsupdate script periodically to update DNS
> records for DC. This should update the names with correct site name.
> Do you see any names in AD DNS with the new site name?
I don't, unfortunately.  If I rename the default site, it appears fine 
in the Sites and Services MMC, same as if I add a new site.  I create a 
subnet for each of these and link against my site, again, shows fine in 
MMC.  Unfortunately, No change in DNS, still only shows 
Default-First-Site-Name in all the _sites containers (in 
_sites.MyDomainName.com, _sites.DomainDnsZones.MyDomainName.com, 
_sites.ForestDnsZones.MyDomainName.com, 
_sites.dc._msdcs.MyDomainName.com and _sites.gc._msdcs.MyDomainName.com).

I manually ran samba_dnsupdate, initially prior to making any changes 
just to see what correct output should be - it returned nothing so I 
assume that's correct behaviour when no errors.  After renaming the 
first site and creating a new site (probably should have only done one 
or the other!) I get:

dns_request_getresponse: FORMERR
dns_request_getresponse: FORMERR
dns_request_getresponse: FORMERR
dns_request_getresponse: FORMERR
dns_request_getresponse: FORMERR
dns_request_getresponse: FORMERR
Failed update of 6 entries

How can I best debug this for you?  I'll try and get some better output 
but if there's a specific thing I can do to get the most relevant 
debugging, just let me know.

>> First deployment had DRS issues, one of the DC's would repeatedly give out
>> errors no matter how many times I brought them back in sync but my
>> subsequent attempts seem to be quite happy.  Sites were shown properly in
>> the MMC and aside from not trying a client at a remote site, I was happy
>> that the implementation looked okay.
>>
>> It's been a couple of weeks since I did that last test with sites as I've
>> been looking at DNS implementation - all with clean provisions and always
>> latest git, first using bind9_dlz, then flatfile, then internal this morning
>> (using Amitay's dns-wip git branch)  and now back to dlz.  While going
>> through both the DLZ and Internal structures through the DNS MMC, it seems
>> to me that while the sites are showing up correctly in AD, this isn't
>> reflected in DNS.  I've been reading through MS's docs on DNS in AD to make
>> sure I'm reading it all right (I think I am) but I figure that if I add a
>> new site, I should see it as
>> _ldap._tcp.NameOfMySite._sites.MyActualDomainName.com
> You don't need to use my dns-wip branch anymore. All the dns changes
> in my branch are in samba master tree.
Ah, my bad.  I think I spotted earlier on the list you were prompting 
people to use dns-wip so I assumed that was where the most functional 
internal server was.  I'm glad, as I understand I can switch between the 
two directory-based DNS implementations while testing rather than 
building and provisioning a new one each time
>> I've tried asking it to resolve through "host" on a shell to see if it's a
>> trick of the MMC but it seems no matter what I do with regards to changing
>> the Default-First-Site-Name or adding new sites, DNS just doesn't change.
>>
>> Can anyone tell me if I've been staring at this for so long I'm going a bit
>> mad or if this isn't supported yet?  I'm sure I read it was, but I do wonder
>> if it's something that's supported as far as directory objects but not
>> within directory-based DNS (dlz _or_ internal)?
> Whether you use BIND9_DLZ or SAMBA_INTERNAL backend, you'll see the
> same DNS records. Since the DNS records are updated when you
> provision, via samba_dnsupdate script and via directory replication.
> (If you have windows DC, then it will try to update the names via
> secure dynamic dns update.) For samba only DCs, the way to get all
> sites to work is by ensuring that all sites are replicating. That will
> replicate the DNS information.
No Windows DC's in here at all, it's all samba.  Replication seemed to 
be fine prior to spotting the issue with site names in DNS so I figure 
we're best making sure AD DNS looks fine before worrying about whether 
it makes it to the other DC's :-)
>
> Please note that DNS in this kind of multi-site set up is not really
> tested. So if you notice something is not working, probably it needs
> to be fixed. And you're not going mad. :) If you can pinpoint specific
> problems, I can help to sort them out.
I had begun to lean towards the idea of "handcrafting" a BIND9 zone file 
(as my sites and DC's are unlikely to change in the near future) and 
ditching a directory-based DNS server but if I can help get this working 
for everyone else then please just let me know what I can do.
>
> Amitay.

Thanks again Amitay.

Cheers,

Kev
-- 
Kev

More information about the samba-technical mailing list