[Samba] Problem joining a Win2008R2 DC


this is now my second attempt to join a Windows Server 2008R2 DC to a
samba AD domain. I had to forcibly remove the first 2k8 DC from the
domain after I messed it up completely in the first try. I followed
"Demoting an Offline Domain Controller" from the wiki here.

This time joining fails right during running dcpromo. I get the error
that it could not replicate "cn=Configuration,dc=domain,dc=com" because
"The DSA operation is unable to proceed because of a DNS lookup
failure". I have set the first DNS on the 2k8 machine to its own
external address (not and the second to the samba DC.

Either there is still something left over from the first attempt - I
have chosen a different name for the 2k8 DC, just to be sure. Or
something else is wrong.

I am using Debian 9 with the packaged samba 4.5.11.

Can you give me some hints where to look?


