Michal Bruncko
2020-Oct-30 11:45 UTC
[Samba] Dual controllers with bind DLZ - DNS change propagation
hello
our AD domain is hosted by two samba AD domain controllers version 4.12.6
- replication between controllers is fine, no problems.
- no schema errors.
- no database errors, all fine.
we use this samba DCs with bind with DLZ backend
(bind-9.11.13-6.el8_2.1.x86_64) to manage internal DNS zones. bind/DLZ
setup is deployed completely same way on both DC1 and DC2 (mostly
followed samba wiki during deployment).
we manage this DNS using RSAT tools on windows machine.
if I create a RR record ("A" for example) in one of DNS zones (on DC1
using RSAT), then I can confirm that this change is almost immediately
propagated to DC2 with using both:
- LDAP editor connected to DC2
- RSAT DNS manager connected to DC2
this change is immediately reflected by bind on DC1 and I am able to
resolve name based on what I've created.
the problem is with bind on DC2 - it is still returns NXDOMAIN for this
change.
at the end the RR records seems to be resolvable, but it takes some
bunch of time (in hours?)...
doing "rndc flush" or "rndc refresh" will not help at all...
do I miss something in this setup? why it is not reflected by bind in
same way as on DC1?
thank you
michal
Michal Bruncko
2020-Oct-30 14:20 UTC
[Samba] Dual controllers with bind DLZ - DNS change propagation
ok, seems that re-running "samba_upgradedns --dns-backend=BIND9_DLZ" helped here... Reading domain information DNS accounts already exist No zone file /var/lib/samba/bind-dns/dns/FOO.BAR.CO.zone DNS records will be automatically created DNS partitions already exist dns-dc2 account already exists See /var/lib/samba/bind-dns/named.conf for an example configuration include file for BIND and /var/lib/samba/bind-dns/named.txt for further documentation required for secure DNS updates Finished upgrading DNS now it resolves immediately via both bind daemons.... michal On 10/30/2020 12:45 PM, Michal Bruncko via samba wrote:> hello > > our AD domain is hosted by two samba AD domain controllers version 4.12.6 > - replication between controllers is fine, no problems. > - no schema errors. > - no database errors, all fine. > > we use this samba DCs with bind with DLZ backend > (bind-9.11.13-6.el8_2.1.x86_64) to manage internal DNS zones. bind/DLZ > setup is deployed completely same way on both DC1 and DC2 (mostly > followed samba wiki during deployment). > we manage this DNS using RSAT tools on windows machine. > > if I create a RR record ("A" for example) in one of DNS zones (on DC1 > using RSAT), then I can confirm that this change is almost immediately > propagated to DC2 with using both: > - LDAP editor connected to DC2 > - RSAT DNS manager connected to DC2 > > this change is immediately reflected by bind on DC1 and I am able to > resolve name based on what I've created. > the problem is with bind on DC2 - it is still returns NXDOMAIN for > this change. > at the end the RR records seems to be resolvable, but it takes some > bunch of time (in hours?)... > > doing "rndc flush" or "rndc refresh" will not help at all... > > do I miss something in this setup? why it is not reflected by bind in > same way as on DC1? > > thank you > > michal >