Mandi! Rowland Penny via samba In chel di` si favelave...> If the first IP in /etc/resolv.conf isn't the DCs own, samba_dnsupdate > will connect to the other DC and use its kerberos key and, > surprise,surprise, it doesn't work. The wiki page was written to > prevent 'islanding', the only problem with that is, you don't get > 'islanding' on an AD DC....what do you mean with 'islanding'? Apart the join phase, why not put localhost (eg 127.0.0.1) as first DNS in DC? Thanks. -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/ Polo FVG - Via della Bontà , 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797 Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA! http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000 (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
On Tue, 10 Apr 2018 16:08:41 +0200 Marco Gaiarin via samba <samba at lists.samba.org> wrote:> Mandi! Rowland Penny via samba > In chel di` si favelave... > > > If the first IP in /etc/resolv.conf isn't the DCs own, > > samba_dnsupdate will connect to the other DC and use its kerberos > > key and, surprise,surprise, it doesn't work. The wiki page was > > written to prevent 'islanding', the only problem with that is, you > > don't get 'islanding' on an AD DC. > > ...what do you mean with 'islanding'? > > Apart the join phase, why not put localhost (eg 127.0.0.1) as first > DNS in DC? >Try reading this: http://www.itgeared.com/articles/1046-dns-client-settings-for-active/ 'islanding' can occur when a DC cannot replicate dns records to another DC and the records then get out of sync. Rowland
Mandi! Rowland Penny via samba In chel di` si favelave...> Try reading this: > http://www.itgeared.com/articles/1046-dns-client-settings-for-active/I try to summarize. ''To be a DC'', servers have to add/update some DNS record. If you have a single DC, there's no choice. ;-) If you have more than a DC, you have to pay attention to have as DNS not the DC itself only, because you can lead to 'islanding', eg the DC modify the DNS record on itself only, propagation of data is broken an diverge more and more. Still i've not clear if 'localhost' can be the first DNS in a DC. Looking at the above link, they say: A combination of the two strategies is recommended. Domain Controllers should be configured to point to themselves and an alternate DNS server if possible. so seems to me that adding 'localhost' as a first choice is a good choice. Or not?! Thanks. -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/ Polo FVG - Via della Bontà , 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797 Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA! http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000 (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)