Re: [Samba] DNS and DC replication clarification

On Tue, 07 Mar 2017 07:05:25 +1300
Andrew Bartlett <abartlet@xxxxxxxxx> wrote:

> This can have some other impacts, if a DNS run hasn't happened by the
> time we first start up.  I've got some patches to force the first DNS
> entries to be created during the domain join.  I hope that will help a
> lot here, but this remains a problematic area.

I think this will help a lot, the new DC's DNS records not being
created during the join is undoubtedly a big problem.

> There is also an issue with a patch that went in to 4.5 to help us
> with resolv_wrapper that make the real-world use more fragile,
> because it requires that the DC we point to first already have the NS
> records (and our local IP won't have those yet).

The problem at the moment (as far as I see it) is that when
samba_dnsupdate is first run on the new DC, it uses the kerberos info
for the first DC and so doesn't work.
> Using it the other way around (remote first, then local) seems to
> avoid some of that.
> I'm really sorry we have got this far in to Samba as an AD DC without
> this stuff 'just working', and I hope to have improved patches in
> master soon.

There are quite a few things that need sorting, but as they say 'Rome
wasn't built in a day' ;-)


