[Samba] IP aliases of DCs to prevent DNS timeouts
- Date: Fri, 27 Apr 2018 12:07:23 -0400 (EDT)
- From: "Vincent S. Cojot via samba" <samba@xxxxxxxxxxxxxxx>
- Subject: [Samba] IP aliases of DCs to prevent DNS timeouts
In my environment, I have a total of 4 DCs (Samba 4.7.6) running in VMs.
Their uptime schedule goes like this:
dc00 : usually 100% unless there's a failure.
dc01 : same as above
dc02 : a few days per week.
dc03 : a few days per month.
This has the consequence that a DNS A lookup on the AD domain shows 4 IPs,
2 of which are usually not up.
Because I don't have shared storage in this setup and since all of the
VM's hosting the DC's are orchestrated externally, I decided to come up
with the following sequence:
- When any of dc01, dc02 or dc03 goes down, relocate its IP on dc00 so
that the IP address answers DNS on behalf of the dc that's down.
- When the VM comes back up, remove the IP alias from dc00 and let the VM
On a normal given day, when dc02 and dc03 are both down, this is what it
looks like on dc00:
# ip -4 -o a|cut -c-60
1: lo inet 127.0.0.1/8 scope host lo\ valid_lft for
4: bond0 inet 10.0.131.248/22 brd 10.0.131.255 scope glob # < dc00's main IP.
4: bond0 inet 10.0.131.250/22 scope global secondary bond # < dc02's main IP.
4: bond0 inet 10.0.131.251/22 scope global secondary bond # < dc03's main IP.
While this appears to work fine and solves the DNS issue of hanging on DNS
requests, I'm wondering if this might be causing problems in the future or
induce issues that I wouldn't be having if I only had two DC's instead.
I think DRS replication would probably be impacted but since it
negociates a p-to-p channel with its peer(s) I don't think it would cause
Also, one thing to note is that this forced me to move from the
SAMBA_INTERNAL DNS backend to BIND9_DLZ so that bind would be able to
answer DNS queries on IP aliases. (otherwise nslookup complained that I
asked 10.0.131.251 but it was a different IP that answered).
Any guidance welcomed. :)
To unsubscribe from this list go to the following URL and read the