search for: ip_dc2

.../04/22 13:50:42.498516,? 0] ../lib/util/util_runcmd.c:324(samba_runcmd_io_handler) ? running : samba_dnsupdate --verbose ? update failed: NOTAUTH Failed nsupdate: 2 Failed update of 26 entries ? my resolv.conf was set as followed on DC2 ? search internal.domain.tld. nameserver ip_DC1 nameserver ip_DC2 ? After changing this to.. first itself again..? ? search internal.domain.tld. nameserver ip_DC2 nameserver ip_DC1 ? rerun : samba_dnsupdate --verbose --all-names and im getting now..?? 0 errors..? .. ? as test change back to search internal.domain.tld. nameserver ip_DC1 nameserver ip_DC2 ? up...

Hai Marco, Yes, best is to use the "localhost" dns setup as caching/forwarder only. All you need is for the forwarding is : zone "your.dnsdomain.tld" { type forward; forwarders { IP_DC1; IP_DC2; }; }; zone "168.192.in-addr.arpa" { type forward; forwarders { IP_DC1; IP_DC2; }; }; If you think its still to slow, remove > options attempts:2 Or set > options attempts:1 Greetz, Louis > -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounce...

...so on how you setup your resolving. But still, nothing wrong in using glue records. There are more ways to Rome then one.. ;-) > > > While, if i set forward zone like: > > > zone "your.dnsdomain.tld" { > > type forward; > > forwarders { IP_DC1; IP_DC2; }; > > }; > > i can limit access to, eg, the local site NS/DC and not use the round > robin algorithm. Also effectively, if i set as above, local bind *TRY* the listed > forwarders and then fallback to normal resolution, while if i set > instead: > > zone "your.d...

...; /etc/netplan/00-installer-config.yaml > > Does it show the information you expect ? Yes, it is most probley missing the DNS entries.. nameserver: addresses: [8.8.8.8, 1.1.1.1, 8.8.4.4 ] netplan try And if ok, netplan apply But, samba needed here. nameserver: addresses: [ip_DC1, IP_DC2, IP_DC3 ] > > It didn't on one DC in a two DC domain I created, it only > showed google as the nameserver. Its a known bug with netplan. > > From my (limited) understanding, you are supposed to edit > /etc/systemd/resolved.conf , add the required data and then run &gt...

...Belle: > >> For the member servers, to reduce timeouts etc when one DC is down. > >> > >> Change your resolv.conf to : > >> domain internal.domain.tld > >> search internal.domain.tld > >> > >> nameserver IP_DC1 > >> nameserver IP_DC2 > >> > >> options timeout:2 > >> options attempts:2 > >> options rotate > >> options edns0 > >> > >> see man resolv.conf for the options explained. > >> > >> Ow.. and .. > >> > >> domain and search ar...

For the member servers, to reduce timeouts etc when one DC is down. Change your resolv.conf to : domain internal.domain.tld search internal.domain.tld nameserver IP_DC1 nameserver IP_DC2 options timeout:2 options attempts:2 options rotate options edns0 see man resolv.conf for the options explained. Ow.. and .. domain and search are NOT exclusive anymore in Debian Jessie and up. At least, i didnt find it anymore. Greetz, Louis > -----Oorspronkelijk bericht----- >...

...hing dns server. And add forwarding zones and point the first nameserver in resolv.conf to localhost. Something like this, you need bind9 for this example. // // Lan zones point to AD-DC DNS. // zone "ad-zone.dnsdomain.tld" { type forward; forward only; forwarders { IP_DC1; IP_DC2; }; }; // change the XXX to your reverse ip range zone "XXX.XXX.in-addr.arpa" { type forward; forward only; forwarders { IP_DC1; IP_DC2; }; }; Ps. If you using Debian Buster or bind 9.11+ You might need more changes. If thats that case mail again. Greetz, Louis &g...

...don't use DHCP. Within my subnet, I get exactly the same as Rowland reported below. Ole Am 07.01.2016 um 10:28 schrieb L.P.H. van Belle: > Yes, thats exacly what ole must test. > > And optionaly the result of : > dig A internal.domain.tld @IP_DC1 > dig A internal.domain.tld @IP_DC2 > > Greetz, > > Louis > > >> -----Oorspronkelijk bericht----- >> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Rowland penny >> Verzonden: donderdag 7 januari 2016 10:20 >> Aan: samba at lists.samba.org >> Onderwerp: Re: [Samba] Authenti...

I need to implement split horizon DNS, as I have just one external IP address (dynamic.lindenberg.one in external DNS) but multiple internal ones. External requests are distributed by port or using sniproxy (in particular 443), and all externally visible names are in a distinct zone then my domain, but with an additional indirection: names like backup.lindenberg.one resolve to CNAME

...DC? And you have 4.. For every DC and per site, you have 2 sites correct? I suggest, per site, 2 DC of the same site, 1 DC of the remote as backup. Look at this, explanation is below it. The DC1 with fsmo. /etc/resolv.conf ( by example ) domain ad.tao.at nameserver IP_DC1_WITH_FSMO nameserver IP_DC2 nameserver IP_DC3_S2 DC2. /etc/resolv.conf ( by example ) domain ad.tao.at nameserver IP_DC1_WITH_FSMO nameserver IP_DC2 nameserver IP_DC4_S2 # Before reboot and after reboot and wait time and db replication check. #nameserver IP_DC2 #nameserver IP_DC1_WITH_FSMO #nameserver IP_DC4_S2 # one exa...

Ok, some more resolving things to fix.   On both DC's few things to edit. In resolv.conf, the order is important here and dont point to nameserver 127.0.0.1 for the DC's.   DC1. file: /etc/resolv.conf  search example.corp nameserver IP_DC1 nameserver IP_DC2 nameserver 8.8.4.4 /etc/hosts IP_DC1 hostname.internal.example.com hostname IP_DC2 hostname.internal.example.com hostname      DC2 file: /etc/resolv.conf  search example.corp nameserver IP_DC2 nameserver IP_DC1 nameserver 8.8.4.4 /etc/hosts IP_DC2 hostname.internal.example.com hostname IP_DC...

...tly the same as Rowland reported below. > > Ole > > > Am 07.01.2016 um 10:28 schrieb L.P.H. van Belle: > > Yes, thats exacly what ole must test. > > > > And optionaly the result of : > > dig A internal.domain.tld @IP_DC1 > > dig A internal.domain.tld @IP_DC2 > > > > Greetz, > > > > Louis > > > > > >> -----Oorspronkelijk bericht----- > >> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Rowland penny > >> Verzonden: donderdag 7 januari 2016 10:20 > >> Aan: samba at lists....

Yes, thats exacly what ole must test. And optionaly the result of : dig A internal.domain.tld @IP_DC1 dig A internal.domain.tld @IP_DC2 Greetz, Louis > -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Rowland penny > Verzonden: donderdag 7 januari 2016 10:20 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] Authentication to Secondary Domain Controller > in...

...ing bind and/or samba does not fix my SOA problem.   I also noticed.  ( commands done on DC1 ) dig SOA internal.domain.tld  @localhost   gives the DC1 back for the SOA dig SOA internal.domain.tld  gives the DC2  back for the SOA   and good to know, in resolv.conf i have order nameserver ip_dc2 nameserver ip_dc1   so which what am i missing.       Gr.   Louis        

See below, basicly what now happend is. This one line : > 127.0.1.1 gaia.rompen.local gaia <<<< CHANGE THIS Is what is your problem. Read throught the settings, you need a few changes. Its mostly good. After the changes, reboot the AD-DC. Then after its rebooted and after the changes for the member, reboot that also. Then is should be ok. Greetz, Louis >

...itial credentials" Ole Am 05.01.2016 um 13:41 schrieb L.P.H. van Belle: > For the member servers, to reduce timeouts etc when one DC is down. > > Change your resolv.conf to : > domain internal.domain.tld > search internal.domain.tld > > nameserver IP_DC1 > nameserver IP_DC2 > > options timeout:2 > options attempts:2 > options rotate > options edns0 > > see man resolv.conf for the options explained. > > Ow.. and .. > > domain and search are NOT exclusive anymore in Debian Jessie and up. > At least, i didnt find it anymore. > >...

...all DCs. > Doing that your clients can have only one DNS configured: the one with > Bind forwarding to DCs. > This bind zone config: > ------------------ > zone "samba.domain.tld" IN { > type forward; > forward only; > forwarders { > IP_DC1; > IP_DC2; > IP_DC3; > }; > }; > ------------------- > > I hope you will finally be able to have failover working Ole. > > > > 2015-12-22 11:44 GMT+01:00 Ole Traupe <ole.traupe at tu-berlin.de > <mailto:ole.traupe at tu-berlin.de>>: > > > >...

>>> >>> Can I suggest that you do what I did, create your own small test >>> domain in VMs using Bind9 >> >> Yes, that is a good idea. However, from what I had read before, much >> of it on the Samba wiki, I was expecting Samba4 to just work with >> multiple DCs. I still wonder why no one ever seems to have tested or >> questioned that

...For the member servers, to reduce timeouts etc when one DC is down. >>>> >>>> Change your resolv.conf to : >>>> domain internal.domain.tld >>>> search internal.domain.tld >>>> >>>> nameserver IP_DC1 >>>> nameserver IP_DC2 >>>> >>>> options timeout:2 >>>> options attempts:2 >>>> options rotate >>>> options edns0 >>>> >>>> see man resolv.conf for the options explained. >>>> >>>> Ow.. and .. >>>> >...

...o all DCs. > Doing that your clients can have only one DNS configured: the one with > Bind forwarding to DCs. > This bind zone config: > ------------------ > zone "samba.domain.tld" IN { > type forward; > forward only; > forwarders { > IP_DC1; > IP_DC2; > IP_DC3; > }; > }; > ------------------- > > I hope you will finally be able to have failover working Ole. > > > > > 2015-12-22 11:44 GMT+01:00 Ole Traupe <ole.traupe at tu-berlin.de>: > >> >> >>>>> Can I suggest that you...