samba - May 2017 - Samba 4.6.3 DNS replication with Windows 2008 R2 DC

Hi there,

I currently have 9 x Samba 4.6.3 Domain Controllers happily replicating and
working nicely. We use BIND_DLZ DNS.

I have been tasked with adding a Windows 2008 R2 DC to this group which I
have done following this guide:

https://wiki.samba.org/index.php/Joining_a_Windows_Server_2008_/_2008_R2_DC_to_a_Samba_AD

All appears to have gone well and replication is working according to
"samba-tool drs showrepl", however my zones are not appearing in the
DNS
Manager on the new Windows DC, although the Windows DC appears to be acting
as a DNS server ok as it can resolve all addresses that exist on the other
Samba4 DC's.

The only Forward lookup zone that is appearing on the Windows DC is _
msdcs.domain.com, all others are not visible however they are resolving.
Obviously, this means I can't create/delete entries on the Windows DC.

Has anyone encountered this before? Any ideas?

Thanks,
Chris.


-- 
ACS (Alavoine Computer Services Ltd)
Chris Alavoine
mob +44 (0)7724 710 730
www.alavoinecs.co.uk
http://twitter.com/#!/alavoinecs
http://www.linkedin.com/pub/chris-alavoine/39/606/192

On Thu, May 11, 2017 at 6:22 AM, Chris Alavoine via samba <
samba at lists.samba.org> wrote:
> Hi there,
>
> I currently have 9 x Samba 4.6.3 Domain Controllers happily replicating and
> working nicely. We use BIND_DLZ DNS.
>
> I have been tasked with adding a Windows 2008 R2 DC to this group which I
> have done following this guide:
>
> https://wiki.samba.org/index.php/Joining_a_Windows_Server_
> 2008_/_2008_R2_DC_to_a_Samba_AD
>
> All appears to have gone well and replication is working according to
> "samba-tool drs showrepl", however my zones are not appearing in
the DNS
> Manager on the new Windows DC, although the Windows DC appears to be acting
> as a DNS server ok as it can resolve all addresses that exist on the other
> Samba4 DC's.
>
> The only Forward lookup zone that is appearing on the Windows DC is _
> msdcs.domain.com, all others are not visible however they are resolving.
> Obviously, this means I can't create/delete entries on the Windows DC.
>
> Has anyone encountered this before? Any ideas?
>
> Thanks,
> Chris.
>
>
I've seen this before on a Windows 2008 R2 DC, without Samba involved. When
I saw it it exhibited similar behavior to what you described only when
accessing DNS Manager from that DC, if accessed from RSAT everything showed
up.

Hi Trevor,

Unfortunately I am seeing this behaviour when viewed from anywhere.

However, if I run a "host something.domain.com windowsdc" I get a
valid
response, even though the domain.com zone is not listed.

c:)

On 12 May 2017 at 16:48, Trevor <monovalent at gmail.com> wrote:
>
> On Thu, May 11, 2017 at 6:22 AM, Chris Alavoine via samba <
> samba at lists.samba.org> wrote:
>
>> Hi there,
>>
>> I currently have 9 x Samba 4.6.3 Domain Controllers happily replicating
>> and
>> working nicely. We use BIND_DLZ DNS.
>>
>> I have been tasked with adding a Windows 2008 R2 DC to this group which
I
>> have done following this guide:
>>
>> https://wiki.samba.org/index.php/Joining_a_Windows_Server_20
>> 08_/_2008_R2_DC_to_a_Samba_AD
>>
>> All appears to have gone well and replication is working according to
>> "samba-tool drs showrepl", however my zones are not appearing
in the DNS
>> Manager on the new Windows DC, although the Windows DC appears to be
>> acting
>> as a DNS server ok as it can resolve all addresses that exist on the
other
>> Samba4 DC's.
>>
>> The only Forward lookup zone that is appearing on the Windows DC is _
>> msdcs.domain.com, all others are not visible however they are
resolving.
>> Obviously, this means I can't create/delete entries on the Windows
DC.
>>
>> Has anyone encountered this before? Any ideas?
>>
>> Thanks,
>> Chris.
>>
>>
>
> I've seen this before on a Windows 2008 R2 DC, without Samba involved.
> When I saw it it exhibited similar behavior to what you described only when
> accessing DNS Manager from that DC, if accessed from RSAT everything showed
> up.
>


-- 
ACS (Alavoine Computer Services Ltd)
Chris Alavoine
mob +44 (0)7724 710 730
www.alavoinecs.co.uk
http://twitter.com/#!/alavoinecs
http://www.linkedin.com/pub/chris-alavoine/39/606/192