On 6/6/2018 10:02 AM, Rowland Penny via samba wrote:> On Wed, 6 Jun 2018 15:40:48 +0200 > Ole Traupe via samba <samba at lists.samba.org> wrote: > >> >> On 06.06.2018 14:44, lingpanda101 wrote: >>>> ** SNIP ** >>>> >>>> Actually, the DCs (resolv.conf) were pointing to each other >>>> initially, and I think that was at least one root of the evil. I >>>> think this advice in the Samba wiki actually is rather bad (and >>>> unnecessary with Samba, as has been pointed out, before?). >>> Using Bind I find it's necessary to point the DC to itself. I had >>> no issues pointing to another DC with the internal DNS. The Wiki >>> actually mentions best practice for a multi DC environment as it >>> relates to a Windows setup. I do think it's unnecessary with Samba >>> however. > Just where does it say this ? > I will fix itHi Rowland, I'm referencing here under ' DNS Configuration on Domain Controller' https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory#DNS_Configuration_on_Domain_Controllers "The following is a best practice for DNS configuration on domain controllers (DC): Set the local IP of a DC as secondary or tertiary|nameserver|entry in its|/etc/resolv.conf|file and use a different Active Directory (AD) DNS server IP from the forest as primary name server" It's saying to point to each other as primary. Which is best practice to avoid a island issue. I don't think it's really an issue with Samba though.> Basically all you need is what is on the DC page: > > Configuring the DNS Resolver > > Domain members in an AD use DNS to locate services, such as LDAP and Kerberos. For that, they need to use a DNS server that is able to resolve the AD DNS zone. > > On your DC, set the AD DNS domain in the domain and the IP of your DC in the nameserver parameter of the /etc/resolv.conf file. For example: > > domain samdom.example.com > nameserver 10.99.0.1 > > ** SNIP ** > Rowland > > >-JAMES
On Wed, 6 Jun 2018 10:25:43 -0400 lingpanda101 <lingpanda101 at gmail.com> wrote:> On 6/6/2018 10:02 AM, Rowland Penny via samba wrote: > > On Wed, 6 Jun 2018 15:40:48 +0200 > > Ole Traupe via samba <samba at lists.samba.org> wrote: > > > >> > >> On 06.06.2018 14:44, lingpanda101 wrote: > >>>> ** SNIP ** > >>>> > >>>> Actually, the DCs (resolv.conf) were pointing to each other > >>>> initially, and I think that was at least one root of the evil. I > >>>> think this advice in the Samba wiki actually is rather bad (and > >>>> unnecessary with Samba, as has been pointed out, before?). > >>> Using Bind I find it's necessary to point the DC to itself. I had > >>> no issues pointing to another DC with the internal DNS. The Wiki > >>> actually mentions best practice for a multi DC environment as it > >>> relates to a Windows setup. I do think it's unnecessary with Samba > >>> however. > > Just where does it say this ? > > I will fix it > Hi Rowland, > > I'm referencing here under ' DNS Configuration on Domain > Controller' > > https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory#DNS_Configuration_on_Domain_Controllers > > "The following is a best practice for DNS configuration on domain > controllers (DC): > Set the local IP of a DC as secondary or tertiary|nameserver|entry in > its|/etc/resolv.conf|file and use a different Active Directory (AD) > DNS server IP from the forest as primary name server" > > It's saying to point to each other as primary. Which is best practice > to avoid a island issue. I don't think it's really an issue with > Samba though. >It doesn't say that any more ;-) This is from my DCs root at dc4:~# cat /etc/resolv.conf search samdom.example.com nameserver 192.168.0.6 root at dc4:~# hostname -i 192.168.0.6 root at dc3:~# cat /etc/resolv.conf search samdom.example.com nameserver 192.168.0.7 root at dc3:~# hostname -i 192.168.0.7 And everything works!> > > > domain samdom.example.com > > nameserver 10.99.0.1Er no, 'domain' should be 'search' Rowland
On 6/6/2018 10:48 AM, Rowland Penny via samba wrote:> On Wed, 6 Jun 2018 10:25:43 -0400 > lingpanda101 <lingpanda101 at gmail.com> wrote: > >> On 6/6/2018 10:02 AM, Rowland Penny via samba wrote: >>> On Wed, 6 Jun 2018 15:40:48 +0200 >>> Ole Traupe via samba <samba at lists.samba.org> wrote: >>> >>>> On 06.06.2018 14:44, lingpanda101 wrote: >>>>>> ** SNIP ** >>>>>> >>>>>> Actually, the DCs (resolv.conf) were pointing to each other >>>>>> initially, and I think that was at least one root of the evil. I >>>>>> think this advice in the Samba wiki actually is rather bad (and >>>>>> unnecessary with Samba, as has been pointed out, before?). >>>>> Using Bind I find it's necessary to point the DC to itself. I had >>>>> no issues pointing to another DC with the internal DNS. The Wiki >>>>> actually mentions best practice for a multi DC environment as it >>>>> relates to a Windows setup. I do think it's unnecessary with Samba >>>>> however. >>> Just where does it say this ? >>> I will fix it >> Hi Rowland, >> >> I'm referencing here under ' DNS Configuration on Domain >> Controller' >> >> https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory#DNS_Configuration_on_Domain_Controllers >> >> "The following is a best practice for DNS configuration on domain >> controllers (DC): >> Set the local IP of a DC as secondary or tertiary|nameserver|entry in >> its|/etc/resolv.conf|file and use a different Active Directory (AD) >> DNS server IP from the forest as primary name server" >> >> It's saying to point to each other as primary. Which is best practice >> to avoid a island issue. I don't think it's really an issue with >> Samba though. >> > It doesn't say that any more ;-) > > This is from my DCs > > root at dc4:~# cat /etc/resolv.conf > search samdom.example.com > nameserver 192.168.0.6 > root at dc4:~# hostname -i > 192.168.0.6 > > root at dc3:~# cat /etc/resolv.conf > search samdom.example.com > nameserver 192.168.0.7 > root at dc3:~# hostname -i > 192.168.0.7 > > And everything works! > >>> domain samdom.example.com >>> nameserver 10.99.0.1 > Er no, 'domain' should be 'search' > > Rowland >Looks good to me. Easy to understand! Your setup is exactly how I run today in a multi DC environment. -- -JAMES
On 06.06.2018 16:48, Rowland Penny via samba wrote:> It doesn't say that any more ;-) > > This is from my DCs > > root at dc4:~# cat /etc/resolv.conf > search samdom.example.com > nameserver 192.168.0.6 > root at dc4:~# hostname -i > 192.168.0.6 > > root at dc3:~# cat /etc/resolv.conf > search samdom.example.com > nameserver 192.168.0.7 > root at dc3:~# hostname -i > 192.168.0.7 > > And everything works! >I see, so even in a multi-DC environment, there is only one nameserver entry, and it points to the local host.