samba - Oct 2017 - Secondary Nameserver not working

I've configured a secondary slave nameserver based on what I consider rather
expert advice, but
it's not working as expected. I'm trying to determine if I've done
something wrong with basic
configuration or if there are AD/DC nuances afoot.

The main nameserver is the domain Active Directory/Domain Controller running
Samba 4.4.16 on
Slackware64 14.2. This has been running for a few years w/o problem. It's
domain IP is
192.168.0.2.

I've attempted to configure a DNS slave on another Linux Slackware64 14.2
system, IP 192.168.0.3.
This host is on the domain LAN, but is not a domain member.

When bind is running on the slave, the zone files are updated as expected. Both
Windows and
Linux domain members show both 192.168.0.2 and 192.168.0.3 as nameservers.
However, when
192.168.0.2 goes offline, the domain members can no longer access the Internet.
That condition
persists until 192.168.0.2 comes back on line. So, the slave DNS server is not
working correctly.

In 192.168.0.2 has "allow-transfer { 192.168.0.3; };" set in
named.conf options, and in zone and
reverse zone files.

Below is the named.conf on the slave. Am I doing something wrong AD/DC-wise?

options {
        directory "/var/named";

        forwarders {            // These are the ISP provided name servers
           209.18.47.61;
           209.18.47.62;
        };

        allow-query { any; };
        allow-recursion {192.168.0.0/24;};
};

logging{
  channel marks_log {
    syslog local7;
    severity info;
  };
  category default {
    marks_log;
  };
};

zone "hprs.local" IN {
        type slave;
        masters { 192.168.0.2; };
        file "/var/named/db.hprs.local";
};

zone "0.168.192.in-addr.arpa" IN {
    type slave;
    masters { 192.168.0.2; };
    file "/var/named/db.192.168.0";
};

On Tue, 31 Oct 2017 02:51:00 -0400
Mark Foley via samba <samba at lists.samba.org> wrote:
> I've configured a secondary slave nameserver based on what I consider
> rather expert advice, but it's not working as expected. I'm trying
to
> determine if I've done something wrong with basic configuration or if
> there are AD/DC nuances afoot.
> 
> The main nameserver is the domain Active Directory/Domain Controller
> running Samba 4.4.16 on Slackware64 14.2. This has been running for a
> few years w/o problem. It's domain IP is 192.168.0.2.
> 
> I've attempted to configure a DNS slave on another Linux Slackware64
> 14.2 system, IP 192.168.0.3. This host is on the domain LAN, but is
> not a domain member.
> 
> When bind is running on the slave, the zone files are updated as
> expected. Both Windows and Linux domain members show both 192.168.0.2
> and 192.168.0.3 as nameservers. However, when 192.168.0.2 goes
> offline, the domain members can no longer access the Internet. That
> condition persists until 192.168.0.2 comes back on line. So, the
> slave DNS server is not working correctly.
> 
> In 192.168.0.2 has "allow-transfer { 192.168.0.3; };" set in
> named.conf options, and in zone and reverse zone files.
> 
> Below is the named.conf on the slave. Am I doing something wrong
> AD/DC-wise?
> 
> options {
>         directory "/var/named";
> 
>         forwarders {            // These are the ISP provided name
> servers 209.18.47.61;
>            209.18.47.62;
>         };
> 
>         allow-query { any; };
>         allow-recursion {192.168.0.0/24;};
> };
> 
> logging{
>   channel marks_log {
>     syslog local7;
>     severity info;
>   };
>   category default {
>     marks_log;
>   };
> };
> 
> zone "hprs.local" IN {
>         type slave;
>         masters { 192.168.0.2; };
>         file "/var/named/db.hprs.local";
> };
> 
> zone "0.168.192.in-addr.arpa" IN {
>     type slave;
>     masters { 192.168.0.2; };
>     file "/var/named/db.192.168.0";
> };
> 
> 
Yes, you are doing two things incorrectly ;-)

One) you have put the zones into the named.conf files, you just turned
off bind_dlz.

Two) you don't run Bind as a slave, all AD DC dns servers have to
be authoritative. Just set the Bind dns server up as you did the first.

Rowland