Re: [Samba] Recurrent DNS issues after DC loss
- Date: Wed, 6 Jun 2018 15:02:11 +0100
- From: Rowland Penny via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] Recurrent DNS issues after DC loss
On Wed, 6 Jun 2018 15:40:48 +0200
Ole Traupe via samba <samba@xxxxxxxxxxxxxxx> wrote:
> On 06.06.2018 14:44, lingpanda101 wrote:
> >> ** SNIP **
> >> Actually, the DCs (resolv.conf) were pointing to each other
> >> initially, and I think that was at least one root of the evil. I
> >> think this advice in the Samba wiki actually is rather bad (and
> >> unnecessary with Samba, as has been pointed out, before?).
> > Using Bind I find it's necessary to point the DC to itself. I had
> > no issues pointing to another DC with the internal DNS. The Wiki
> > actually mentions best practice for a multi DC environment as it
> > relates to a Windows setup. I do think it's unnecessary with Samba
> > however.
Just where does it say this ?
I will fix it
Basically all you need is what is on the DC page:
Configuring the DNS Resolver
Domain members in an AD use DNS to locate services, such as LDAP and Kerberos. For that, they need to use a DNS server that is able to resolve the AD DNS zone.
On your DC, set the AD DNS domain in the domain and the IP of your DC in the nameserver parameter of the /etc/resolv.conf file. For example:
> I seem to remember having read here on the list, that it is no good
> idea to mix samba versions in a domain. If there is sound advice to
> do it anyways, I would be up for trying it. However, as I have
> written above, I messed up the uid/gid ranges. To my understanding,
> later versions of Samba (like 4.5) _require_ the ranges to comply to
> the defaults as denoted by the wiki.
There is nothing to stop you using different versions on DCs and you
can do the same with Unix domain members, unless you are using the 'ad'
backend and are NOT using Domain Users as the users Unix primary group.
It is however, best practise to use the same major version, just to get
similar capabilities on all machines.
> I will do that. I am using RSAT. Would I eradicate the complete site
> associated with the dead DC? Or which containers/objects in
If the DC was the only one at a site and you have no other computers at
that site, then yes you can delete the site.
To unsubscribe from this list go to the following URL and read the