samba - Aug 2021 - Removing DC's IP from the @ IN A DNS entries

Hi

I'm running a Samba4 domain (AD style) with the internal DNS backend.
Most things are working great but I have an issue : the DC's IP (I have two
of them) are automaticaly added as @ IN A entries
I want to set it to another host (mainly for web access which should point on my
reverse proxy). I can add other @ IN A entry, but if I remove the ones
corresponding to the DC, they are automatically added back a few minutes later.
How can I avoid that ? AFAIK, DC are not required to be listed in the @ IN A
entry

How can I handle this, and prevent the DC's IP to be added back ?

@ IN A 10.118.5.10? ?# This is the entry I've added, which should be the
only one
@ IN A 10.113.3.11? ?# This is the IP of the 1st DC, which is added back if
removed
@ IN A 10.113.3.12? ?# This is the IP of the 2nd DC, which is added back if
removed

Regards,
Daniel






?-- 

5 Avenue Georges Bataille, 60330 Le Plessis Belleville? T?l.?: 0?359 360?000

Horaires?: lundi au vendredi 9h-12h et 13h30-17h00

?

Pour toute demande technique merci d??crire ??technique at iptek.fr

?

On Fri, 2021-08-06 at 16:18 +0000, Daniel Berteaud via samba
wrote:
> Hi
> 
> I'm running a Samba4 domain (AD style) with the internal DNS backend.
> Most things are working great but I have an issue : the DC's IP (I
> have two of them) are automaticaly added as @ IN A entries
> I want to set it to another host (mainly for web access which should
> point on my reverse proxy). I can add other @ IN A entry, but if I
> remove the ones corresponding to the DC, they are automatically added
> back a few minutes later. How can I avoid that ? AFAIK, DC are not
> required to be listed in the @ IN A entry
> 
> How can I handle this, and prevent the DC's IP to be added back ?
> 
> @ IN A 10.118.5.10   # This is the entry I've added, which should be
> the only one
> @ IN A 10.113.3.11   # This is the IP of the 1st DC, which is added
> back if removed
> @ IN A 10.113.3.12   # This is the IP of the 2nd DC, which is added
> back if removed
> 
When you say the '@', you are referring to the SOA record aren't you
?
If so, they should be there, all AD DC's are domain masters, it is what
is described as multi-master.

However, if you have two network devices in a DC, you need to stop
Samba using one of them. You can do this with a couple of smb.conf
parameters:

interfaces
bind interfaces only

See 'man smb.conf' for how to use them.

Rowland

On 8/6/21 12:18 PM, Daniel Berteaud via samba wrote:
> Hi
> 
> I'm running a Samba4 domain (AD style) with the internal DNS backend.
> Most things are working great but I have an issue : the DC's IP (I have
two of them) are automaticaly added as @ IN A entries
> I want to set it to another host (mainly for web access which should point
on my reverse proxy). I can add other @ IN A entry, but if I remove the ones
corresponding to the DC, they are automatically added back a few minutes later.
How can I avoid that ? AFAIK, DC are not required to be listed in the @ IN A
entry
I am not sure that isn't required, because A/AAAA records on 
ad.example.com (being that your AD domain) should be resolvable or 
things like \\ad.example.com\resource (Windows) or 
smb://ad.example.com/resource (*nix) would not work, being resource some 
Distributed File System link to another server or servers
> 
> How can I handle this, and prevent the DC's IP to be added back ?
> 
> @ IN A 10.118.5.10? ?# This is the entry I've added, which should be
the only one
> @ IN A 10.113.3.11? ?# This is the IP of the 1st DC, which is added back if
removed
> @ IN A 10.113.3.12? ?# This is the IP of the 2nd DC, which is added back if
removed
> 
> Regards,
> Daniel
> 
> 
> 
> 
> 
> 
>  ?--
> 
> 5 Avenue Georges Bataille, 60330 Le Plessis Belleville? T?l.?: 0?359
360?000
> 
> Horaires?: lundi au vendredi 9h-12h et 13h30-17h00
> 
>   
> 
> Pour toute demande technique merci d??crire ??technique at iptek.fr
> 
>   
> 
> 
> 
>