On 12/02/2020 12:54, L.P.H. van Belle via samba wrote:> > >> Hello Louis, >> >> Thanks for your reply. >> >> For that dig command I get... >> >> >> root at dc3.mydomain.com ~ $ (screen) dig NS $(hostname -d) >> >> ; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> NS mydomain.com >> ;; global options: +cmd >> ;; Got answer: >> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63144 >> ;; flags: qr aa rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 1, >> ADDITIONAL: 0 >> >> ;; QUESTION SECTION: >> ;mydomain.com. IN NS >> >> ;; ANSWER SECTION: >> mydomain.com. 900 IN NS dc3.mydomain.com. >> mydomain.com. 900 IN NS dc4.mydomain.com. >> >> ;; AUTHORITY SECTION: >> mydomain.com. 3600 IN SOA >> dc3.mydomain.com. hostmaster.mydomain.com. 620 900 600 86400 0 >> >> ;; Query time: 0 msec >> ;; SERVER: 192.168.0.218#53(192.168.0.218) >> ;; WHEN: Wed Feb 12 12:18:10 GMT 2020 >> ;; MSG SIZE rcvd: 116 >> >> >> >> ...so both records are correct, in both forward and reverse DNS zones! >> >> >> root at dc3.mydomain.com ~ $ (screen) host 192.168.0.218 >> 218.0.168.192.in-addr.arpa domain name pointer DC3. >> >> root at dc3.mydomain.com ~ $ (screen) host 192.168.0.219 >> 219.0.168.192.in-addr.arpa domain name pointer DC4. >> >> >> Is there any point in putting those extra lines in >> /etc/resolv.conf when I have been told by this mailing list >> to only put the 1 nameserver entry in it?! > .. Uhh.. This mailing list.. Darn.. Who.. ? ? > I didnt see it when i read back, but im dislect as hell so.. I might have missed that. > I think its a mis interpetation then, i did see Rowland saying that what you had was correct. > ( with the 2x nameservers ).. (za 1-2-2020 17:17 ) > > So.. > >> e.g. my current resolver file... >> >> root at dc3.mydomain.com ~ $ (screen) cat /etc/resolv.conf >> search mydomain.com >> nameserver 192.168.0.218 >> >> >> ...should I have THIS instead? > Yes, thats much better. > > Now, the order here of nameserver can influence things also. > So, order of nameserver "AFTER" a EXTRA AD-DC joined the domain. > Per example. > > #DC3. > search yourprimary.dnsdomain.com other.important-domains.tld > nameserver 192.168.0.218 #DC3 ( new extry after the join of the AD-DC ) > nameserver 192.168.0.219 #DC4 ( first entry before and when your domain Joining and AD-DC ) > options timeout:2 > options attempts:3 > options rotate > > #DC4. > search yourprimary.dnsdomain.com other.important-domains.tld > nameserver 192.168.0.219 #DC4 > nameserver 192.168.0.218 #DC3 > options timeout:2 > options attempts:3 > options rotate > > Note, test a bit if "option rotate" works for you. > That makes resolving more randomized over the server, usefull but not always. > Thats up to you. > > > Greetz, > > Louis > >There are a couple of ways of looking at this on a DC The first is that a DC must use itself as its nameserver and if something goes wrong e.g. Samba has fallen over, then there isn't much point having another nameserver, Samba isn't going to use it The second is, it will not hurt having a second nameserver on a DC, just as long you understand that Samba will not use the second nameserver if Samba has fallen over, but the computer will. Rowland
Paul Littlefield
2020-Feb-13 13:11 UTC
[Samba] Failover DC did not work when Main DC failed
On 12/02/2020 13:08, Rowland penny via samba wrote:> The first is that a DC must use itself as its nameserver and if something goes wrong e.g. Samba has fallen over, then there isn't much point having another nameserver, Samba isn't going to use it > > The second is, it will not hurt having a second nameserver on a DC, just as long you understand that Samba will not use the second nameserver if Samba has fallen over, but the computer will.Hello Rowland, Thanks for your reply. Interesting points. So, in a normal situation... * WINDOWS CLIENT --> DNS --> DC3 --> YES * WINDOWS CLIENT --> DOMAIN LOGON --> DC3 --> YES * WINDOWS CLIENT --> FILES --> QNAP --> DC3 --> YES ...happy days. Then, the Proxmox VM backup at 3am has a funny turn and DC3 does not start (which is exactly what happened). So, in our failover situation, this is happening... * WINDOWS CLIENT --> DNS --> DC3 --> NO --> DC4 --> YES * WINDOWS CLIENT --> DOMAIN LOGON --> DC3 --> NO --> DC4 --> NO * WINDOWS CLIENT --> FILES --> QNAP --> DC3 --> NO --> DC4 --> NO ...unhappy days. The 2 DCs appear to be in sync, replicating, copying the SysVol, and both answering various types of query. I am going in to the office this Sunday to test this until I find a solution. Any extra neat Linux or Windows commands to run and test (over and above the Wiki pages) would be appreciated. Any other tips or suggestions (other than what's been suggested already!) is appreciated. I have opened a support ticket with QNAP and have dived under the hood of their smb.conf to see what's not working. Fingers crossed for Sunday. Thanks, :-) Paully
On 13/02/2020 13:11, Paul Littlefield wrote:> On 12/02/2020 13:08, Rowland penny via samba wrote: >> The first is that a DC must use itself as its nameserver and if >> something goes wrong e.g. Samba has fallen over, then there isn't >> much point having another nameserver, Samba isn't going to use it >> >> The second is, it will not hurt having a second nameserver on a DC, >> just as long you understand that Samba will not use the second >> nameserver if Samba has fallen over, but the computer will. > > > Hello Rowland, > > Thanks for your reply. > > Interesting points. > > So, in a normal situation... > > * WINDOWS CLIENT --> DNS --> DC3 --> YES > * WINDOWS CLIENT --> DOMAIN LOGON --> DC3 --> YES > * WINDOWS CLIENT --> FILES --> QNAP --> DC3 --> YES > > ...happy days. > > Then, the Proxmox VM backup at 3am has a funny turn and DC3 does not > start (which is exactly what happened). > > So, in our failover situation, this is happening... > > * WINDOWS CLIENT --> DNS --> DC3 --> NO --> DC4 --> YES > * WINDOWS CLIENT --> DOMAIN LOGON --> DC3 --> NO --> DC4 --> NO > * WINDOWS CLIENT --> FILES --> QNAP --> DC3 --> NO --> DC4 --> NO > > ...unhappy days. > > The 2 DCs appear to be in sync, replicating, copying the SysVol, and > both answering various types of query. > > I am going in to the office this Sunday to test this until I find a > solution. > > Any extra neat Linux or Windows commands to run and test (over and > above the Wiki pages) would be appreciated. > > Any other tips or suggestions (other than what's been suggested > already!) is appreciated. > > I have opened a support ticket with QNAP and have dived under the hood > of their smb.conf to see what's not working. > > Fingers crossed for Sunday. > > Thanks, > > :-) > > PaullyClients are different, they can and should use all DCs as nameservers and the failover should happen on the client, if one DC isn't available, try another. The various ways have already been mentioned, but are all your DCs listed as nameservers (NS) in the SOA's for the forward and reverse zones ? Rowland