Web lists-archives.com

Re: [Samba] Order of Dcs resolv.conf




On 4/10/2018 9:32 AM, Rowland Penny via samba wrote:
On Tue, 10 Apr 2018 10:13:05 -0300
Carlos via samba <samba@xxxxxxxxxxxxxxx> wrote:

Hi!
I have a question about order in dcs is /etc/resolv.conf , my
configuration:

DC01:
/etc/resolv.conf

IP DC02
IP DC01

DC02
/etc/resolv.conf

IP DC01
IP DC02

https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory#DNS_Configuration_on_Domain_Controllers

---


However this setting causes the error:


samba_dnsupdate --verbose --all-names

dns_tkey_negotiategss: TKEY is unacceptable
Failed nsupdate: 1
Failed update of 28 entries
If the first IP in /etc/resolv.conf isn't the DCs own, samba_dnsupdate
will connect to the other DC and use its kerberos key and,
surprise,surprise, it doesn't work. The wiki page was written to
prevent 'islanding', the only problem with that is, you don't get
'islanding' on an AD DC.

If you change to
DC01
IP DC01
IP DC02

DC02
IP DC02
IP DC01

Problem does not exist.

And there is the proof ;-)

What would be the correct one?
The second one, I will amend the wiki page.

Rowland

If I may add. I have only experienced this as a issue when using bind. The internal DNS doesn't seem to exhibit this issue with the resolv order.

--
--
James


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba