After investigating my DC demotion problem, it looks like the issues are in DNS.
Apparently Windows DNS updates propagate correctly to Samba, but the other way
it does not work. So the Samba DNS has the complete DC situation, but Windows
only knows about itself (in the SRV records, the A record for the domain, etc).
Of course I can fix it manually in Windows if needed.
As I also have another problem with DNS (the clients cannot update their name in
DNS,
all the time I get named[1598]: client 172.29.32.1#53548: update
'example.nl/IN' denied
and like many others I found using Google I have not been able to fix it), I am
considering switching from BIND backend to internal DNS.
However, I need BIND locally on the machine. So I think I could configure BIND
to
listen only on 127.0.0.1, have SAMBA DNS listen on the server LAN address, and
configure it to forward to 127.0.0.1.
That way I can have the Samba DNS for handling the AD DNS, and BIND for all
software running on the server. I think I could even configure BIND to forward
the
AD domain name to the LAN address and have it picked up by Samba.
But of course I like to keep "interfaces = lo eth0" (eth1 is internet
on this machine).
The question is: will this work? What socket address(es) will Samba listen on
when
starting its DNS server? The "interfaces" specified in smb.conf? Or
is there a
separate configuration possibility for this? Will it be listening on 0.0.0.0?
Will
it fatally abort when it tries to listen on 127.0.0.1 and finds BIND already
using that
address? or will it just go on and listen only on the eth0 address?
Many questions... but I hesitate to just switch and see what happens.
Rob