Le 27/05/2019 à 09:50, Rowland penny via samba a écrit :> On 27/05/2019 08:28, Julien TEHERY via samba wrote: >> Hi >> >> I have a setup with 2 DC on a main site, et 14 DCs which are located >> on 7 AD sites. >> I recently noticed in my DNS zones that my SOA record is associated >> to the last DC that was joined to the domain. >> But this DC is located on one of the remote sites. >> >> Is this behavior normal or would it be better if I updated this >> record via "samba-tool dns update" to point it to one of my 3 main DCs ? >> >> > All DC's are authoritative for the dns domain (they are all masters, > it's called multi-master), so they should all be associated with the > SOA record. > > If I ask each DC in my domain (I have two) for the SOA, I get this: > > root at dc4:~# host -t soa samdom.example.com > samdom.example.com has SOA record dc4.samdom.example.com. > hostmaster.samdom.example.com. 8283 900 600 86400 3600 > > root at dc5:~# host -t soa samdom.example.com > samdom.example.com has SOA record dc5.samdom.example.com. > hostmaster.samdom.example.com. 8283 900 600 86400 3600 > > As you can see, each claims to be the master. > > Rowland >Correct, I have the same behavior on each DC. But In ADUC console I saw in DNS zones that the 5th DC (remote site) is declared as SOA and is the only one In CLI on my main DC, if I do " samba-tool dns query localhost mydomain.lan @ ALL -U Administrator" I get: Name=, Records=33, Children=0 SOA: serial=286, refresh=900, retry=600, expire=86400, minttl=3600, ns=dc-5.mydomain.lan., email=hostmaster.mydomain.lan. (flags=600000f0, serial=286, ttl=3600) Does it matter ?
On 27/05/2019 09:12, Julien TEHERY via samba wrote:> Le 27/05/2019 à 09:50, Rowland penny via samba a écrit : >> On 27/05/2019 08:28, Julien TEHERY via samba wrote: >>> Hi >>> >>> I have a setup with 2 DC on a main site, et 14 DCs which are located >>> on 7 AD sites. >>> I recently noticed in my DNS zones that my SOA record is associated >>> to the last DC that was joined to the domain. >>> But this DC is located on one of the remote sites. >>> >>> Is this behavior normal or would it be better if I updated this >>> record via "samba-tool dns update" to point it to one of my 3 main >>> DCs ? >>> >>> >> All DC's are authoritative for the dns domain (they are all masters, >> it's called multi-master), so they should all be associated with the >> SOA record. >> >> If I ask each DC in my domain (I have two) for the SOA, I get this: >> >> root at dc4:~# host -t soa samdom.example.com >> samdom.example.com has SOA record dc4.samdom.example.com. >> hostmaster.samdom.example.com. 8283 900 600 86400 3600 >> >> root at dc5:~# host -t soa samdom.example.com >> samdom.example.com has SOA record dc5.samdom.example.com. >> hostmaster.samdom.example.com. 8283 900 600 86400 3600 >> >> As you can see, each claims to be the master. >> >> Rowland >> > Correct, I have the same behavior on each DC. > > But In ADUC console I saw in DNS zones that the 5th DC (remote site) > is declared as SOA and is the only oneI don't use ADUC much and I don't use 'sites' either, so I don't really know.> > In CLI on my main DC, if I do " samba-tool dns query localhost > mydomain.lan @ ALL -U Administrator" I get: > > Name=, Records=33, Children=0 > SOA: serial=286, refresh=900, retry=600, expire=86400, > minttl=3600, ns=dc-5.mydomain.lan., email=hostmaster.mydomain.lan. > (flags=600000f0, serial=286, ttl=3600) > > > Does it matter ?As long as that is a 'cropped' output and you get the same output on all DC's, then no, it doesn't matter. Rowland
Le 27/05/2019 à 10:34, Rowland penny via samba a écrit :> On 27/05/2019 09:12, Julien TEHERY via samba wrote: >> Le 27/05/2019 à 09:50, Rowland penny via samba a écrit : >>> On 27/05/2019 08:28, Julien TEHERY via samba wrote: >>>> Hi >>>> >>>> I have a setup with 2 DC on a main site, et 14 DCs which are >>>> located on 7 AD sites. >>>> I recently noticed in my DNS zones that my SOA record is associated >>>> to the last DC that was joined to the domain. >>>> But this DC is located on one of the remote sites. >>>> >>>> Is this behavior normal or would it be better if I updated this >>>> record via "samba-tool dns update" to point it to one of my 3 main >>>> DCs ? >>>> >>>> >>> All DC's are authoritative for the dns domain (they are all masters, >>> it's called multi-master), so they should all be associated with the >>> SOA record. >>> >>> If I ask each DC in my domain (I have two) for the SOA, I get this: >>> >>> root at dc4:~# host -t soa samdom.example.com >>> samdom.example.com has SOA record dc4.samdom.example.com. >>> hostmaster.samdom.example.com. 8283 900 600 86400 3600 >>> >>> root at dc5:~# host -t soa samdom.example.com >>> samdom.example.com has SOA record dc5.samdom.example.com. >>> hostmaster.samdom.example.com. 8283 900 600 86400 3600 >>> >>> As you can see, each claims to be the master. >>> >>> Rowland >>> >> Correct, I have the same behavior on each DC. >> >> But In ADUC console I saw in DNS zones that the 5th DC (remote site) >> is declared as SOA and is the only one > I don't use ADUC much and I don't use 'sites' either, so I don't > really know. >> >> In CLI on my main DC, if I do " samba-tool dns query localhost >> mydomain.lan @ ALL -U Administrator" I get: >> >> Name=, Records=33, Children=0 >> SOA: serial=286, refresh=900, retry=600, expire=86400, >> minttl=3600, ns=dc-5.mydomain.lan., email=hostmaster.mydomain.lan. >> (flags=600000f0, serial=286, ttl=3600) >> >> >> Does it matter ? > > As long as that is a 'cropped' output and you get the same output on > all DC's, then no, it doesn't matter. > > Rowland > >Ok, well yes they all answer the same result. Thanks for your explanations :)
Hi, There's a behaviour in Active Directory which clobbers the SOA record. And so while there is one stored in the database, it isn't what is returned. I'm not sure if we match exactly what Windows does here, but what's more important here is the queries over DNS. Cheers, Garming On 27/05/19 8:12 PM, Julien TEHERY via samba wrote:> Le 27/05/2019 à 09:50, Rowland penny via samba a écrit : >> On 27/05/2019 08:28, Julien TEHERY via samba wrote: >>> Hi >>> >>> I have a setup with 2 DC on a main site, et 14 DCs which are located >>> on 7 AD sites. >>> I recently noticed in my DNS zones that my SOA record is associated >>> to the last DC that was joined to the domain. >>> But this DC is located on one of the remote sites. >>> >>> Is this behavior normal or would it be better if I updated this >>> record via "samba-tool dns update" to point it to one of my 3 main >>> DCs ? >>> >>> >> All DC's are authoritative for the dns domain (they are all masters, >> it's called multi-master), so they should all be associated with the >> SOA record. >> >> If I ask each DC in my domain (I have two) for the SOA, I get this: >> >> root at dc4:~# host -t soa samdom.example.com >> samdom.example.com has SOA record dc4.samdom.example.com. >> hostmaster.samdom.example.com. 8283 900 600 86400 3600 >> >> root at dc5:~# host -t soa samdom.example.com >> samdom.example.com has SOA record dc5.samdom.example.com. >> hostmaster.samdom.example.com. 8283 900 600 86400 3600 >> >> As you can see, each claims to be the master. >> >> Rowland >> > Correct, I have the same behavior on each DC. > > But In ADUC console I saw in DNS zones that the 5th DC (remote site) > is declared as SOA and is the only one > > In CLI on my main DC, if I do " samba-tool dns query localhost > mydomain.lan @ ALL -U Administrator" I get: > > Name=, Records=33, Children=0 > SOA: serial=286, refresh=900, retry=600, expire=86400, > minttl=3600, ns=dc-5.mydomain.lan., email=hostmaster.mydomain.lan. > (flags=600000f0, serial=286, ttl=3600) > > > Does it matter ? > > >