I have just joined a second DC to my Samba based AD, with Bind9_DLZ providing the DNS on DC2 (samba internal on DC1). I notice that the AD zone has not acquired an NS entry pointing to DC2. I presume that ideally such an entry should exist? I have tried to add something, but I cannot work out how to use samba-tool to add an RR for the root of a zone. If I miss the name argument out, or if I use and '@', it complains and reminds me of the correct usage. # samba-tool dns add dc1 ad.mydomain.com @ NS dc2.ad.mydomain.com -UAdministrator Usage: samba-tool dns add <server> <zone> <name> <A|AAAA|PTR|CNAME|NS|MX|SRV|TXT> <data> If an NS record should exist, how best should I add it? Chris
On Tue, 18 Oct 2016 10:39:46 +0100 Chris Hastie via samba <samba at lists.samba.org> wrote:> I have just joined a second DC to my Samba based AD, with Bind9_DLZ > providing the DNS on DC2 (samba internal on DC1). I notice that the > AD zone has not acquired an NS entry pointing to DC2. I presume that > ideally such an entry should exist? > > I have tried to add something, but I cannot work out how to use > samba-tool to add an RR for the root of a zone. If I miss the name > argument out, or if I use and '@', it complains and reminds me of the > correct usage. > > # samba-tool dns add dc1 ad.mydomain.com @ NS dc2.ad.mydomain.com > -UAdministrator > Usage: samba-tool dns add <server> <zone> <name> > <A|AAAA|PTR|CNAME|NS|MX|SRV|TXT> <data> > > If an NS record should exist, how best should I add it? > > Chris >Yes it should exist and it should be added for you when Samba is started (on later versions) by samba_dnsupdate. Perhaps you should check this: https://wiki.samba.org/index.php/Verifying_and_Creating_a_DC_DNS_Record The samba-tool format is this: samba-tool dns add dc1 ad.mydomain.com dc2 A <ip of dc2> -Uadministrator samba-tool dns add dc1 ad.mydomain.com @ NS dc2.ad.mydomain.com -UAdministrator samba-tool dns add dc1 _msdcs.ad.mydomain.com @ NS dc2.ad.mydomain.com -UAdministrator Rowland
Anyway NS records are used when DNS server speak to DNS server, not by clients. So AD would work just fine without them. NS are used when a client ask something the configured resolver can't resolve by himself and when the resolver is not configured to forward request to relevant DNS server. IE: client search for toto.org and its resolver does not know anything about that zone. Resolver will ask ORG root servers for one of them send it NS for toto.org. It should be possible to have such behaviour on a LAN but I don't expect someone able to deploy such a configuration would ask about so knwon non-issue. 2016-10-18 12:30 GMT+02:00 Rowland Penny via samba <samba at lists.samba.org>:> On Tue, 18 Oct 2016 10:39:46 +0100 > Chris Hastie via samba <samba at lists.samba.org> wrote: > > > I have just joined a second DC to my Samba based AD, with Bind9_DLZ > > providing the DNS on DC2 (samba internal on DC1). I notice that the > > AD zone has not acquired an NS entry pointing to DC2. I presume that > > ideally such an entry should exist? > > > > I have tried to add something, but I cannot work out how to use > > samba-tool to add an RR for the root of a zone. If I miss the name > > argument out, or if I use and '@', it complains and reminds me of the > > correct usage. > > > > # samba-tool dns add dc1 ad.mydomain.com @ NS dc2.ad.mydomain.com > > -UAdministrator > > Usage: samba-tool dns add <server> <zone> <name> > > <A|AAAA|PTR|CNAME|NS|MX|SRV|TXT> <data> > > > > If an NS record should exist, how best should I add it? > > > > Chris > > > > Yes it should exist and it should be added for you when Samba is > started (on later versions) by samba_dnsupdate. > > Perhaps you should check this: > > https://wiki.samba.org/index.php/Verifying_and_Creating_a_DC_DNS_Record > > The samba-tool format is this: > > samba-tool dns add dc1 ad.mydomain.com dc2 A <ip of dc2> -Uadministrator > > samba-tool dns add dc1 ad.mydomain.com @ NS dc2.ad.mydomain.com > -UAdministrator > > samba-tool dns add dc1 _msdcs.ad.mydomain.com @ NS dc2.ad.mydomain.com > -UAdministrator > > Rowland > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Hi Rowland, Am 18.10.2016 um 12:30 schrieb Rowland Penny via samba:> Yes it should exist and it should be added for you when Samba is > started (on later versions) by samba_dnsupdate.have you tried recently if the records are added when samba_dnsupdate runs? The BZ is still open: https://bugzilla.samba.org/show_bug.cgi?id=10928#c4 And according to my last comment, it still failed last February. Regards, Marc