samba - Jan 2024 - Cleanup after demoting an offline DC

Hi,

I demoted an outdated and offline DC following to: 
https://wiki.samba.org/index.php/Demoting_a_Samba_AD_DC

Everthing appears to work well but there is still one, perhaps minor, 
question regarding to the dns SOA-record:

The zone _msdcs.samdom.example.com still lists the demoted server in the 
SOA record.

Is it ok to manually change it to fsmo holder dc or an other dc?


Thanks in advance

Thorsten

On Fri, 5 Jan 2024 11:41:45 +0100
Thorsten Marquardt via samba <samba at lists.samba.org> wrote:
> Hi,
> 
> I demoted an outdated and offline DC following to: 
> https://wiki.samba.org/index.php/Demoting_a_Samba_AD_DC
> 
> Everthing appears to work well but there is still one, perhaps minor, 
> question regarding to the dns SOA-record:
> 
> The zone _msdcs.samdom.example.com still lists the demoted server in
> the SOA record.
> 
> Is it ok to manually change it to fsmo holder dc or an other dc?
You may not have to, AD dns is multi-master, which means that every DC
is the SOA. It all depends on which DC is the first nameserver in
/etc/resolv.conf

For instance on a Linux client with 192.168.1.2 (rpidc1) as the first
nameserver, I get this:

host -t SOA _msdcs.samdom.example.com
_msdcs.samdom.example.com has SOA record rpidc1.samdom.example.com.
hostmaster.samdom.example.com. 114 900 600 86400 3600

Whilst on a DC (that is using itself as its first nameserver), I get
this:

host -t SOA _msdcs.samdom.example.com
_msdcs.samdom.example.com has SOA record tmpdc1.samdom.example.com.
hostmaster.samdom.example.com. 114 900 600 86400 3600

If your old demoted DC is still in the SOA record, you probably only
need to delete it.

Rowland