samba - Jan 2015 - Changing DC from external to internal DNS

I set up two AD DC with external bind and it used to work for a while. 
Following a Bind9 upgrade named complained about missing SOA and NS 
records in the DLZ zones and could not be started anymore.

Monday, due to a misinterpretation of some queries, I restarted Bind on 
the hitherto working system and I got the same error messages. No 
nothing changed - no changes in configuration, no updates.

I made a slave DNS master and activated its backup of the AD zone, so 
the infrastructure is currently working.

Since I asked about that issue before on this list and received no 
answer, I assume it is unknown. Whatever I tried to analyze the ldb, I I 
couldn't find anything suspicious.

However, my idea now is to reduce complexity. Use the internal DNS for 
the AD zone and keep the slave Bind to serve requests from the network.

My questions:

1) Can the internal DNS of Samba4 work as a master DNS, or are features 
missing, e.g. zone transfer, which are expected by the slave?

2) As it seems the steps for falling back to internal DNS are: demote 
one AD DC, configure a new one with internal DNS, join it as new DC. 
Then do the same with the other DC. Is there a simpler method or 
anything more to consider? Did someone do that before?

Thanks for your help,
  - lars.

Hello Lars,
>
> I set up two AD DC with external bind and it used to work for a while. 
> Following a Bind9 upgrade named complained about missing SOA and NS 
> records in the DLZ zones and could not be started anymore.
> 
> Monday, due to a misinterpretation of some queries, I restarted Bind on 
> the hitherto working system and I got the same error messages. No 
> nothing changed - no changes in configuration, no updates.
> 
> I made a slave DNS master and activated its backup of the AD zone, so 
> the infrastructure is currently working.
> 
> Since I asked about that issue before on this list and received no 
> answer, I assume it is unknown. Whatever I tried to analyze the ldb, I I 
> couldn't find anything suspicious.
> 
> However, my idea now is to reduce complexity. Use the internal DNS for 
> the AD zone and keep the slave Bind to serve requests from the network.
> 
have & see equal issues here like you but on "VPN based slave
networks" ..

I have now 5 vpns and only 2 of them have an local  AD, the rest are slave
bind9.

Seen BUGS had been filled , as some forest entrys for forward 
and reverse not correctly created by samba tool while using bind9 dlz.
> My questions:
> 
> 1) Can the internal DNS of Samba4 work as a master DNS, or are features 
> missing, e.g. zone transfer, which are expected by the slave?
> 
uppon samba4 internal dns docu >- don?t support axfr fully.

see
https://wiki.samba.org/index.php/DNS_Administration#Known.2Fissues_missing_features
and
https://wiki.samba.org/index.php/Samba_Internal_DNS#Limitations_.2F_Known_issues
> 2) As it seems the steps for falling back to internal DNS are: demote 
> one AD DC, configure a new one with internal DNS, join it as new DC. 
> Then do the same with the other DC. Is there a simpler method or 
> anything more to consider? Did someone do that before?
> 
you can simply switch to internal dns using samba-tool dns upgrade internal.
But then lack?s soome required modern dns feagers .

looks like  that the docu for "samba-tool dns upgrade internal."
 that had been dropted of the dns managment wiki page.. ?!?

@Marc ? review it please...

> Thanks for your help,
>   - lars.
>structions:  https://lists.samba.org/mailman/options/samba
> 
regards Horst

On 28/01/15 18:56, support at remsnet.de wrote:
> Hello Lars,
>
>> I set up two AD DC with external bind and it used to work for a while.
>> Following a Bind9 upgrade named complained about missing SOA and NS
>> records in the DLZ zones and could not be started anymore.
>>
>> Monday, due to a misinterpretation of some queries, I restarted Bind on
>> the hitherto working system and I got the same error messages. No
>> nothing changed - no changes in configuration, no updates.
>>
>> I made a slave DNS master and activated its backup of the AD zone, so
>> the infrastructure is currently working.
>>
>> Since I asked about that issue before on this list and received no
>> answer, I assume it is unknown. Whatever I tried to analyze the ldb, I
I
>> couldn't find anything suspicious.
>>
>> However, my idea now is to reduce complexity. Use the internal DNS for
>> the AD zone and keep the slave Bind to serve requests from the network.
>>
> have & see equal issues here like you but on "VPN based slave
networks" ..
>
> I have now 5 vpns and only 2 of them have an local  AD, the rest are slave
bind9.
>
> Seen BUGS had been filled , as some forest entrys for forward
> and reverse not correctly created by samba tool while using bind9 dlz.
>
>> My questions:
>>
>> 1) Can the internal DNS of Samba4 work as a master DNS, or are features
>> missing, e.g. zone transfer, which are expected by the slave?
>>
> uppon samba4 internal dns docu >- don?t support axfr fully.
>
> see
https://wiki.samba.org/index.php/DNS_Administration#Known.2Fissues_missing_features
> and
https://wiki.samba.org/index.php/Samba_Internal_DNS#Limitations_.2F_Known_issues
>
>> 2) As it seems the steps for falling back to internal DNS are: demote
>> one AD DC, configure a new one with internal DNS, join it as new DC.
>> Then do the same with the other DC. Is there a simpler method or
>> anything more to consider? Did someone do that before?
>>
> you can simply switch to internal dns using samba-tool dns upgrade
internal.
> But then lack?s soome required modern dns feagers .
>
> looks like  that the docu for "samba-tool dns upgrade internal."
>   that had been dropted of the dns managment wiki page.. ?!?
>
> @Marc ? review it please...
>
>
>
Hi, there is another page for that: 
https://wiki.samba.org/index.php/Changing_the_DNS_backend

Rowland

Am 28.01.2015 um 19:56 schrieb support at remsnet.de:
> you can simply switch to internal dns using samba-tool dns upgrade
internal.
> But then lack?s soome required modern dns feagers .
> 
> looks like  that the docu for "samba-tool dns upgrade internal."
>  that had been dropted of the dns managment wiki page.. ?!?
> 
> @Marc ? review it please...
Haven't followed this thread. Just saw my name. :-)
Which documentation you're looking for?
https://wiki.samba.org/index.php/Changing_the_DNS_backend


Regards,
Marc