Web lists-archives.com

Re: [Samba] Internal DNS migrate to Bind9_DLZ




On Wed, 31 Oct 2018 23:34:38 +0200
Eben Victor <eben.victor@xxxxxxxxx> wrote:

> Hi Rowland,
> 
> I didn't build samba, I'm running the sernet packages,
> # rpm -qa | grep sernet
> sernet-samba-libsmbclient0-4.8.6-16.el7.x86_64
> sernet-samba-ad-4.8.6-16.el7.x86_64
> sernet-samba-libs-4.8.6-16.el7.x86_64
> sernet-samba-client-4.8.6-16.el7.x86_64
> sernet-samba-winbind-4.8.6-16.el7.x86_64
> sernet-samba-common-4.8.6-16.el7.x86_64
> sernet-samba-4.8.6-16.el7.x86_64
> 
> I don't mind having to remove and rebuild bind, but...
> Excuse my ignorance, but what I don't understand is that I have a
> test DC with random zones/data and migrating from INTERNAL DNS to
> BIND9 wasn't an issue. The only difference between the two
> environments is that my test site has 1 DC and my prod is 7 DC's.
> My test environment is working 100% as is, same packages as prod.
> 

OK, I do not use RHEL or Centos, I use Devuan and Bind9 on that OS
isn't built with '--disable-isc-spnego', this combined with what it says
here:

https://wiki.samba.org/index.php/Using_BIND_DLZ_backend_with_secured_/_signed_DNS_updates#RHEL_.2F_CENTOS_.2F_FC_.2B_clones_-_ReBuild_Distributed_ISC_Bind_RPM

Led me to believe this is your problem. However, you say it works on
one DC, but not with multiple DC's.

You have mentioned that you demoted DC's, removed all data for the
deleted DC from AD and then rejoined it again with a newer version of
Samba using the same DC name etc.

I wonder if this could be your problem ? 
When you delete an object in AD, it does not get deleted, it gets
'tombstoned'.
I would have given the new DC's a different name e.g. if the old DC was
called DC01, the new one would be called DC02.

The other thing I can think of is, how is resolv.conf setup ?
Do the DC's point to themselves as DNS server, or to another DC ?
If the latter, could your problem just be that you are trying to use
the DC's kerberos ticket on the other DC ?

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba