samba - Mar 2015 - reslov.conf on two DC's

a nice example about dns islanding. 

http://retrohack.com/a-word-or-two-about-dns-islanding/


and with only 2 dc's 
setup the resolv.confs like : 

DC01
Primary DNS   10.1.1.2
Secondary DNS 127.0.0.1

DC02
Primary DNS   10.1.1.1
Secondary DNS 127.0.0.1

http://technet.microsoft.com/en-us/library/ff807362%28v=ws.10%29.aspx
says:  
If the loopback IP address is the first entry in the list of DNS servers,
 Active Directory might be unable to find its replication partners. 
but this is manly MS DNS based, since there was a bug in the MS DNS server,
concerning islanding..


Louis
>-----Oorspronkelijk bericht-----
>Van: rowlandpenny at googlemail.com 
>[mailto:samba-bounces at lists.samba.org] Namens Rowland Penny
>Verzonden: woensdag 11 maart 2015 22:03
>Aan: samba at lists.samba.org
>Onderwerp: Re: [Samba] reslov.conf on two DC's
>
>On 11/03/15 20:07, Marc Muehlfeld wrote:
>> Hello Rowland,
>>
>> Am 11.03.2015 um 19:52 schrieb Rowland Penny:
>>> I tried that, pointing each DC to the other and my DNS 
>resolving slowed
>>> to a crawl, hung for short periods and generally became 
>unresponsive. I
>>> just have:
>>>
>>> search <dns domain>
>>> nameserver 127.0.0.1
>>
>> The only problem that can appear is DNS islanding.
>>
>> Do you use the the internal DNS or BIND?
>> Where did DNS responding slowed down? On the DCs? Or DNS in general?
>>
>> Regards,
>> Marc
>
>I use bind9 (I think that there are too many problems with the 
>internal 
>server to make it usable)
>
>When I set
>
>search example.com
>nameserver <the other DC>
>
>on both the DCs, DNS became virtually unusable everywhere, I tried 
>various other permutations, but the only one that works for me 
>(YMMV) on 
>the DCs is
>
>search example.com
>nameserver 127.0.0.1
>
>Rowland
>
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba
>
>

So in my ears it makes sense to add this to the wiki for joining a domain as a
DC. I will add it soon.

Am 12. M?rz 2015 11:00:21 MEZ, schrieb "L.P.H. van Belle" <belle at
bazuin.nl>:
>
>a nice example about dns islanding. 
>
>http://retrohack.com/a-word-or-two-about-dns-islanding/
>
>
>and with only 2 dc's 
>setup the resolv.confs like : 
>
>DC01
>Primary DNS   10.1.1.2
>Secondary DNS 127.0.0.1
>
>DC02
>Primary DNS   10.1.1.1
>Secondary DNS 127.0.0.1
>
>http://technet.microsoft.com/en-us/library/ff807362%28v=ws.10%29.aspx
>says:  
>If the loopback IP address is the first entry in the list of DNS
>servers,
> Active Directory might be unable to find its replication partners. 
>but this is manly MS DNS based, since there was a bug in the MS DNS
>server, concerning islanding..
>
>
>Louis
>
>>-----Oorspronkelijk bericht-----
>>Van: rowlandpenny at googlemail.com 
>>[mailto:samba-bounces at lists.samba.org] Namens Rowland Penny
>>Verzonden: woensdag 11 maart 2015 22:03
>>Aan: samba at lists.samba.org
>>Onderwerp: Re: [Samba] reslov.conf on two DC's
>>
>>On 11/03/15 20:07, Marc Muehlfeld wrote:
>>> Hello Rowland,
>>>
>>> Am 11.03.2015 um 19:52 schrieb Rowland Penny:
>>>> I tried that, pointing each DC to the other and my DNS 
>>resolving slowed
>>>> to a crawl, hung for short periods and generally became 
>>unresponsive. I
>>>> just have:
>>>>
>>>> search <dns domain>
>>>> nameserver 127.0.0.1
>>>
>>> The only problem that can appear is DNS islanding.
>>>
>>> Do you use the the internal DNS or BIND?
>>> Where did DNS responding slowed down? On the DCs? Or DNS in
general?
>>>
>>> Regards,
>>> Marc
>>
>>I use bind9 (I think that there are too many problems with the 
>>internal 
>>server to make it usable)
>>
>>When I set
>>
>>search example.com
>>nameserver <the other DC>
>>
>>on both the DCs, DNS became virtually unusable everywhere, I tried 
>>various other permutations, but the only one that works for me 
>>(YMMV) on 
>>the DCs is
>>
>>search example.com
>>nameserver 127.0.0.1
>>
>>Rowland
>>
>>-- 
>>To unsubscribe from this list go to the following URL and read the
>>instructions:  https://lists.samba.org/mailman/options/samba
>>
>>
>
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba

As a general user, I am going to adopt this as basic practice from now
on. And yes, please keep the wiki current. 

(From all the reading I have done, this "criss-cross" makes sense in a
two DC environment. For three or more DC's, then "circular." Being
a
novice, I asked the experts here for their thoughts. Thanks.) 

---

-------------------------

Bob Wooden of Donelson Trophy

615.885.2846 (main)
www.donelsontrophy.com [3]

"Everyone deserves an award!!"

On 2015-03-12 07:47, Tim wrote: 
> So in my ears it makes sense to add this to the wiki for joining a domain
as a DC. I will add it soon.
> 
> Am 12. M?rz 2015 11:00:21 MEZ, schrieb "L.P.H. van Belle"
<belle at bazuin.nl>:
> a nice example about dns islanding.
http://retrohack.com/a-word-or-two-about-dns-islanding/ [1] and with only 2
dc's setup the resolv.confs like : DC01 Primary DNS 10.1.1.2 Secondary DNS
127.0.0.1 DC02 Primary DNS 10.1.1.1 Secondary DNS 127.0.0.1
http://technet.microsoft.com/en-us/library/ff807362%28v=ws.10%29.aspx [2] says:
If the loopback IP address is the first entry in the list of DNS servers, Active
Directory might be unable to find its replication partners. but this is manly MS
DNS based, since there was a bug in the MS DNS server, concerning islanding..
Louis -----Oorspronkelijk bericht----- Van: rowlandpenny at googlemail.com
[mailto:samba-bounces at lists.samba.org] Namens Rowland Penny Verzonden:
woensdag 11 maart 2015 22:03 Aan: samba at lists.samba.org Onderwerp: Re:
[Samba] reslov.conf on two DC's On 11/03/15 20:07, Marc Muehlfeld wrote:
Hello Rowland, Am 11.03.2015 um 19:52 schrieb Rowland Penny: I tried that,
pointing each DC to the other and my DNS
 resolving slowed 
>> to a crawl, hung for short periods and generally became
 unresponsive. I 
>> just have: search <dns domain> nameserver 127.0.0.1
> The only problem that can appear is DNS islanding. Do you use the the
internal DNS or BIND? Where did DNS responding slowed down? On the DCs? Or DNS
in general? Regards, Marc
 I use bind9 (I think that there are too many problems with the internal
server to make it usable) When I set search example.com nameserver <the
other DC> on both the DCs, DNS became virtually unusable everywhere, I
tried various other permutations, but the only one that works for me
(YMMV) on the DCs is search example.com nameserver 127.0.0.1 Rowland --
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba [4] -- To
unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba [4] 

Links:
------
[1] http://retrohack.com/a-word-or-two-about-dns-islanding/
[2]
http://technet.microsoft.com/en-us/library/ff807362%28v=ws.10%29.aspx
[3] http://www.donelsontrophy.com
[4] https://lists.samba.org/mailman/options/samba

It would be nice to know what IPs the DCs have.

BTW: I updated the wiki:
https://wiki.samba.org/index.php/Join_a_domain_as_a_DC#Follow-Up_on_.2Fetc.2Fresolv.conf

Am 12. M?rz 2015 14:30:34 MEZ, schrieb James <lingpanda101 at
gmail.com>:
>I have six. Three sites across wan links
>
>DC01
>nameserver 172.16.232.39
>nameserver 172.16.232.29
>
>DC02
>nameserver 172.16.232.29
>nameserver 172.16.232.39
>
>DC03
>nameserver 172.16.22.39
>nameserver 172.16.22.29
>
>DC04
>nameserver 172.16.22.29
>nameserver 172.16.22.39
>
>DC05
>nameserver 172.16.23.39
>nameserver 172.16.23.29
>
>DC06
>nameserver 172.16.23.29
>nameserver 172.16.23.39
>
>
>
>On 3/12/2015 9:04 AM, Tim wrote:
>> How many DCs do you have? Or do you mean your interface's IP
address?
>>
>> Am 12. M?rz 2015 13:59:57 MEZ, schrieb James
><lingpanda101 at gmail.com>:
>>
>>     I have my DC's secondary DNS with a explicit IP other than
>loopback. Any
>>     reason to choose loopback over it's actual IP?
>>
>>
>>     On 3/12/2015 8:47 AM, Tim wrote:
>>
>>         So in my ears it makes sense to add this to the wiki for
>>         joining a domain as a DC. I will add it soon. Am 12. M?rz
>2015
>>         11:00:21 MEZ, schrieb "L.P.H. van Belle" <belle at
bazuin.nl>:
>>
>>             a nice example about dns islanding.
>>             http://retrohack.com/a-word-or-two-about-dns-islanding/
>>             and with only 2 dc's setup the resolv.confs like : DC01
>>             Primary DNS 10.1.1.2 <http://10.1.1.2> Secondary DNS
>>             127.0.0.1 <http://127.0.0.1> DC02 Primary DNS
10.1.1.1
>>             <http://10.1.1.1> Secondary DNS 127.0.0.1
>>             <http://127.0.0.1>
>>            
>http://technet.microsoft.com/en-us/library/ff807362%28v=ws.10%29.aspx
>>             says: If the loopback IP address is the first entry in
>the
>>             list of DNS servers, Active Directory might be unable to
>>             find its replication partners. but this is manly MS DNS
>>             based, since there was a bug in the MS DNS server,
>>             concerning islanding.. Louis
>>
>>                 -----Oorspronkelijk bericht----- Van:
>>                 rowlandpenny at googlemail.com
>>                 [mailto:samba-bounces at lists.samba.org] Namens
Rowland
>>                 Penny Verzonden: woensdag 11 maart 2015 22:03 Aan:
>>                 samba at lists.samba.org Onderwerp: Re: [Samba]
>>                 reslov.conf on two DC's On 11/03/15 20:07, Marc
>>                 Muehlfeld wrote:
>>
>>                     Hello Rowland, Am 11.03.2015 um 19:52 schrieb
>>                     Rowland Penny:
>>
>>                         I tried that, pointing each DC to the other
>>                         and my DNS 
>>
>>                 resolving slowed
>>
>>                         to a crawl, hung for short periods and
>>                         generally became 
>>
>>                 unresponsive. I
>>
>>                         just have: search <dns domain> nameserver
>>                         127.0.0.1 <http://127.0.0.1> 
>>
>>                     The only problem that can appear is DNS
>islanding.
>>                     Do you use the the internal DNS or BIND? Where
>did
>>                     DNS responding slowed down? On the DCs? Or DNS in
>>                     general? Regards, Marc 
>>
>>                 I use bind9 (I think that there are too many problems
>>                 with the internal server to make it usable) When I
>set
>>                 search example.com <http://example.com>
nameserver
>>                 <the other DC> on both the DCs, DNS became
virtually
>>                 unusable everywhere, I tried various other
>>                 permutations, but the only one that works for me
>>                 (YMMV) on the DCs is search example.com
>>                 <http://example.com> nameserver 127.0.0.1
>>                 <http://127.0.0.1> Rowland -- To unsubscribe from
>this
>>                 list go to the following URL and read the
>>                 instructions:
>>                 https://lists.samba.org/mailman/options/samba
>>
>>             -- To unsubscribe from this list go to the following URL
>>             and read the instructions:
>>             https://lists.samba.org/mailman/options/samba 
>>
>
>-- 
>-James