Rowland Penny
2022-Jun-08 10:28 UTC
[Samba] Replication is broken due to Bind DNS resolution
On Wed, 2022-06-08 at 06:15 -0400, Zombie Ryushu via samba wrote:> On 6/8/22 06:10, Rowland Penny via samba wrote: > > On Wed, 2022-06-08 at 05:59 -0400, Zombie Ryushu via samba wrote: > > > Samba does not handle DNS, Bind does. > > How many times do I have to tell you, Samba must be authoritative > > for > > the DNS domain, if you use Bind9, you must also use BIND_DLZ and no > > flatfiles. The domain DNS zones must be in AD. > > > > Rowland > > > > > > > > > > > I know, what I am trying to do, is demote each Domain Controller one > at > a time. then re-promote it with --dns-backend=Bind_dlz. > > I have all my bind servers with chroot switched off. but when I > activate > the Bind Dlz AD Zone, Bind crashes saying there are no records in > the > zone. Hence the demotion/promotion thing,. >I seem to remember that you stated that you initially provisioned with '--dns-backend=NONE', if this is correct, then you do not have the dns records in AD and I am not sure if you can create them now. Rowland
Zombie Ryushu
2022-Jun-08 10:38 UTC
[Samba] Replication is broken due to Bind DNS resolution
On 6/8/22 06:28, Rowland Penny via samba wrote:> On Wed, 2022-06-08 at 06:15 -0400, Zombie Ryushu via samba wrote: >> On 6/8/22 06:10, Rowland Penny via samba wrote: >>> On Wed, 2022-06-08 at 05:59 -0400, Zombie Ryushu via samba wrote: >>>> Samba does not handle DNS, Bind does. >>> How many times do I have to tell you, Samba must be authoritative >>> for >>> the DNS domain, if you use Bind9, you must also use BIND_DLZ and no >>> flatfiles. The domain DNS zones must be in AD. >>> >>> Rowland >>> >>> >>> >>> >>> >> I know, what I am trying to do, is demote each Domain Controller one >> at >> a time. then re-promote it with --dns-backend=Bind_dlz. >> >> I have all my bind servers with chroot switched off. but when I >> activate >> the Bind Dlz AD Zone, Bind crashes saying there are no records in >> the >> zone. Hence the demotion/promotion thing,. >> > I seem to remember that you stated that you initially provisioned with > '--dns-backend=NONE', if this is correct, then you do not have the dns > records in AD and I am not sure if you can create them now. > > Rowland > > >That's correct. I think that you can with samba_upgradedns to deal with this.