On 13/02/2020 13:11, Paul Littlefield wrote:> On 12/02/2020 13:08, Rowland penny via samba wrote: >> The first is that a DC must use itself as its nameserver and if >> something goes wrong e.g. Samba has fallen over, then there isn't >> much point having another nameserver, Samba isn't going to use it >> >> The second is, it will not hurt having a second nameserver on a DC, >> just as long you understand that Samba will not use the second >> nameserver if Samba has fallen over, but the computer will. > > > Hello Rowland, > > Thanks for your reply. > > Interesting points. > > So, in a normal situation... > > * WINDOWS CLIENT --> DNS --> DC3 --> YES > * WINDOWS CLIENT --> DOMAIN LOGON --> DC3 --> YES > * WINDOWS CLIENT --> FILES --> QNAP --> DC3 --> YES > > ...happy days. > > Then, the Proxmox VM backup at 3am has a funny turn and DC3 does not > start (which is exactly what happened). > > So, in our failover situation, this is happening... > > * WINDOWS CLIENT --> DNS --> DC3 --> NO --> DC4 --> YES > * WINDOWS CLIENT --> DOMAIN LOGON --> DC3 --> NO --> DC4 --> NO > * WINDOWS CLIENT --> FILES --> QNAP --> DC3 --> NO --> DC4 --> NO > > ...unhappy days. > > The 2 DCs appear to be in sync, replicating, copying the SysVol, and > both answering various types of query. > > I am going in to the office this Sunday to test this until I find a > solution. > > Any extra neat Linux or Windows commands to run and test (over and > above the Wiki pages) would be appreciated. > > Any other tips or suggestions (other than what's been suggested > already!) is appreciated. > > I have opened a support ticket with QNAP and have dived under the hood > of their smb.conf to see what's not working. > > Fingers crossed for Sunday. > > Thanks, > > :-) > > PaullyClients are different, they can and should use all DCs as nameservers and the failover should happen on the client, if one DC isn't available, try another. The various ways have already been mentioned, but are all your DCs listed as nameservers (NS) in the SOA's for the forward and reverse zones ? Rowland
Paul Littlefield
2020-Feb-13 16:28 UTC
[Samba] Failover DC did not work when Main DC failed
On 13/02/2020 15:17, Rowland penny via samba wrote:> The various ways have already been mentioned, but are all your DCs listed as nameservers (NS) in the SOA's for the forward and reverse zones ?I think so... root at dc3.mydomain.com ~ $ (screen) samba-tool dns query dc3 mydomain.com @ ALL Name=, Records=5, Children=0 SOA: serial=620, refresh=900, retry=600, expire=86400, minttl=0, ns=dc3.mydomain.com., email=hostmaster.mydomain.com. (flags=600000f0, serial=620, ttl=3600) NS: dc3.mydomain.com. (flags=600000f0, serial=110, ttl=900) NS: dc4.mydomain.com. (flags=600000f0, serial=110, ttl=900) A: 192.168.0.218 (flags=600000f0, serial=110, ttl=900) A: 192.168.0.219 (flags=600000f0, serial=110, ttl=900) root at dc3.mydomain.com ~ $ (screen) samba-tool dns query dc3 0.168.192.in-addr.arpa @ ALL Name=, Records=3, Children=0 SOA: serial=73, refresh=900, retry=600, expire=86400, minttl=3600, ns=dc3.mydomain.com., email=hostmaster.mydomain.com. (flags=600000f0, serial=73, ttl=3600) NS: dc3.mydomain.com. (flags=600000f0, serial=56, ttl=900) NS: dc4.mydomain.com. (flags=600000f0, serial=58, ttl=900) ...do those look fine? Paully
On 13/02/2020 16:28, Paul Littlefield wrote:> On 13/02/2020 15:17, Rowland penny via samba wrote: >> The various ways have already been mentioned, but are all your DCs >> listed as nameservers (NS) in the SOA's for the forward and reverse >> zones ? > > > I think so... > > > root at dc3.mydomain.com ~ $ (screen) samba-tool dns query dc3 > mydomain.com @ ALL > ? Name=, Records=5, Children=0 > ??? SOA: serial=620, refresh=900, retry=600, expire=86400, minttl=0, > ns=dc3.mydomain.com., email=hostmaster.mydomain.com. (flags=600000f0, > serial=620, ttl=3600) > ??? NS: dc3.mydomain.com. (flags=600000f0, serial=110, ttl=900) > ??? NS: dc4.mydomain.com. (flags=600000f0, serial=110, ttl=900) > ??? A: 192.168.0.218 (flags=600000f0, serial=110, ttl=900) > ??? A: 192.168.0.219 (flags=600000f0, serial=110, ttl=900) > > > root at dc3.mydomain.com ~ $ (screen) samba-tool dns query dc3 > 0.168.192.in-addr.arpa @ ALL > ? Name=, Records=3, Children=0 > ??? SOA: serial=73, refresh=900, retry=600, expire=86400, minttl=3600, > ns=dc3.mydomain.com., email=hostmaster.mydomain.com. (flags=600000f0, > serial=73, ttl=3600) > ??? NS: dc3.mydomain.com. (flags=600000f0, serial=56, ttl=900) > ??? NS: dc4.mydomain.com. (flags=600000f0, serial=58, ttl=900) > > > ...do those look fine? > > PaullyI am not a dns expert, but shouldn't the reverse zone SOA have A records like the forward zone ? Rowland