On 29/02/16 11:51, Reindl Harald wrote:>
>
> Am 29.02.2016 um 12:29 schrieb Rowland penny:
>> On 29/02/16 10:45, Reindl Harald wrote:
>>>
>>>
>>> Am 29.02.2016 um 11:28 schrieb Rowland penny:
>>>> On 29/02/16 09:42, Reindl Harald wrote:
>>>>>
>>>>>
>>>>> Am 29.02.2016 um 10:10 schrieb Rowland penny:
>>>>>> Everything you say is valid except for when it comes to
AD dns.
>>>>>> When you want data from a zone, you start with the SOA
record,
>>>>>> you ask
>>>>>> 'who holds the records for this zone?', it
replies with the
>>>>>> nameserver
>>>>>> that holds the zone records. OK so far ?
>>>>>>
>>>>>> Only problem is that with AD, *every* DC that runs a
dns server
>>>>>> holds
>>>>>> the zone records. Now if you have only one NS record in
the SOA
>>>>>> (or if
>>>>>> only one NS record is returned, like the internal dns
server does),
>>>>>> then
>>>>>> only one DC will be asked for the zone records, if this
DC is down,
>>>>>> you
>>>>>> don't have a nameserver to ask!
>>>>>
>>>>> than its a bug in the internal dns server only return one
NS record
>>>>
>>>> Totally agree
>>>>
>>>>>
>>>>>> Every windows DC that runs a dns server is
authoritative for the dns
>>>>>> domain and has a SOA record. The only way I have found
of doing this
>>>>>> with a Samba DC, is to use Bind9 and add the second DCs
NS record
>>>>>> to the
>>>>>> SOA, this SOA is stored in AD
>>>>>
>>>>> how would a SOA record look like with two NS records?
>>>>>
>>>>
>>>> There was a thread dealing with this in December, see here for
what I
>>>> posted then:
>>>>
>>>> https://lists.samba.org/archive/samba/2015-December/196367.html
>>>
>>> i just want to see how a "dig SOA example.lan." would
look like to
>>> contain two nameservers, that below form the thread is as always a
SOA
>>> containing one origin
>>>
>>> example.lan
>>> origin = testdc1.example.lan
>>> mail addr = hostmaster.example.lan
>>> serial = 3
>>> refresh = 900
>>> retry = 600
>>> expire = 86400
>>> minimum = 3600
>>
>> OK, your wish is my command :-)
>
> as i say all the time - the SOA record has only one nameserver
>
> ;; ANSWER SECTION:
> samdom.example.com. 3600 IN SOA dc2.samdom.example.com.
> hostmaster.samdom.example.com. 185 900 600 86400 3600
>
> that's the SOA and nothing else :-)
>
> > ;; AUTHORITY SECTION:
> > samdom.example.com. 900 IN NS dc1.samdom.example.com.
> > samdom.example.com. 900 IN NS dc2.samdom.example.com.
>
> these are NS records
>
>> root at dc1:~# dig SOA samdom.example.com
>>
>> ; <<>> DiG 9.9.5-9+deb8u2-Debian <<>> SOA
samdom.example.com
>> ;; global options: +cmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54539
>> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3
>>
>> ;; OPT PSEUDOSECTION:
>> ; EDNS: version: 0, flags:; udp: 4096
>> ;; QUESTION SECTION:
>> ;samdom.example.com. IN SOA
>>
>> ;; ANSWER SECTION:
>> samdom.example.com. 3600 IN SOA dc2.samdom.example.com.
>> hostmaster.samdom.example.com. 185 900 600 86400 3600
>>
>> ;; AUTHORITY SECTION:
>> samdom.example.com. 900 IN NS dc1.samdom.example.com.
>> samdom.example.com. 900 IN NS dc2.samdom.example.com.
>>
>> ;; ADDITIONAL SECTION:
>> dc1.samdom.example.com. 900 IN A 192.168.0.5
>> dc2.samdom.example.com. 900 IN A 192.168.0.6
>>
>> ;; Query time: 8 msec
>> ;; SERVER: 192.168.0.6#53(192.168.0.6)
>> ;; WHEN: Mon Feb 29 11:28:10 GMT 2016
>> ;; MSG SIZE rcvd: 162
>
>
>
OK, same command run on the second DC:
root at dc2:~# dig SOA samdom.example.com
; <<>> DiG 9.9.5-9+deb8u2-Debian <<>> SOA
samdom.example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24665
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;samdom.example.com. IN SOA
;; ANSWER SECTION:
samdom.example.com. 3600 IN SOA dc1.samdom.example.com.
hostmaster.samdom.example.com. 185 900 600 86400 3600
;; AUTHORITY SECTION:
samdom.example.com. 900 IN NS dc2.samdom.example.com.
samdom.example.com. 900 IN NS dc1.samdom.example.com.
;; ADDITIONAL SECTION:
dc1.samdom.example.com. 900 IN A 192.168.0.5
dc2.samdom.example.com. 900 IN A 192.168.0.6
;; Query time: 2 msec
;; SERVER: 192.168.0.5#53(192.168.0.5)
;; WHEN: Mon Feb 29 12:01:23 GMT 2016
;; MSG SIZE rcvd: 162
Rowland