On Thu, 2021-12-02 at 10:27 +0100, Nikita Druba via samba
wrote:> 02.12.2021 9:43, Rowland Penny via samba ?????:
> > How did you manage to join a new DC to a presumably stopped domain
> > ?
> There is talk about offline demoning old DC. All other was online.
> > Does your 'secondary' bind9 server forward the AD dns domain
> > requests
> > to a Samba AD DC ?
> No. Secondary bind reply from syncronized zones.
> > You shouldn't be using rndc.
> I enabled this service only for debug works now.
> > I wouldn't recommend using a separate Bind9 server, unless it
> > forwards
> > all AD dns to an AD DC.
> What is the different if they are fully synced?
All AD DC's are authoritative for the AD dns domain and have control
over the dns records in AD. All methods of running a secondary dns
server (except for a forwarding server) has caused problems in the
past.
Rowland