Web lists-archives.com

Re: [Samba] Internal DNS migrate to Bind9_DLZ




I've been been trying to investigate this for sometime now, hence I came to
the experts :)

I have rejoined all my DC's with new names, see below.
;; ANSWER SECTION:
<domain>.corp.    3600    IN    NS    psad101zatcrh.<domain>.corp. -> New
rebuild, new hostname, RHEL6 to RHEL7 upgrade
<domain>.corp.    3600    IN    NS    prdc001zafsrh.<domain>.corp. -> New
rebuild, new hostname, RHEL6 to RHEL7 upgrade
<domain>.corp.    3600    IN    NS    prdc003zacprh.<domain>.corp. -> New
rebuild, new hostname, RHEL6 to RHEL7 upgrade
<domain>.corp.    3600    IN    NS    zatprdc001.<domain>.corp. -> Old
demoted DC, old hostname, cannot be found in AD
<domain>.corp.    3600    IN    NS    prdc002zacprh.<domain>.corp. -> New
rebuild, new hostname, RHEL6 to RHEL7 upgrade
<domain>.corp.    3600    IN    NS    psad102zadprh.<domain>.corp. -> New
rebuild, new hostname, RHEL6 to RHEL7 upgrade
<domain>.corp.    3600    IN    NS    prdc001zatcrh.<domain>.corp. -> New
rebuild, new hostname, RHEL6 to RHEL7 upgrade
<domain>.corp.    3600    IN    NS    prdc001zacprh.<domain>.corp. -> New
rebuild, new hostname, RHEL6 to RHEL7 upgrade

Here is the "/etc/resolv.conf"
I have tried different changes in the /etc/resolv.conf as well
$ cat /etc/resolv.conf
# Generated by NetworkManager
search <domain>.corp <domain2>.corp <domain3>.corp <domain4>.net <domain5>.
co.za <domain6>.co.za
nameserver <IP of DC 2>
nameserver <IP of DC 1>
nameserver <IP of DC 3>
# NOTE: the libc resolver may not support more than 3 nameservers.
# The nameservers listed below may not be recognized.
nameserver <IP of DC 4>
nameserver <IP of DC 5>
nameserver <IP of DC 6>


On Thu, Nov 1, 2018 at 12:15 AM Rowland Penny via samba <
samba@xxxxxxxxxxxxxxx> wrote:

> On Wed, 31 Oct 2018 23:34:38 +0200
> Eben Victor <eben.victor@xxxxxxxxx> wrote:
>
> > Hi Rowland,
> >
> > I didn't build samba, I'm running the sernet packages,
> > # rpm -qa | grep sernet
> > sernet-samba-libsmbclient0-4.8.6-16.el7.x86_64
> > sernet-samba-ad-4.8.6-16.el7.x86_64
> > sernet-samba-libs-4.8.6-16.el7.x86_64
> > sernet-samba-client-4.8.6-16.el7.x86_64
> > sernet-samba-winbind-4.8.6-16.el7.x86_64
> > sernet-samba-common-4.8.6-16.el7.x86_64
> > sernet-samba-4.8.6-16.el7.x86_64
> >
> > I don't mind having to remove and rebuild bind, but...
> > Excuse my ignorance, but what I don't understand is that I have a
> > test DC with random zones/data and migrating from INTERNAL DNS to
> > BIND9 wasn't an issue. The only difference between the two
> > environments is that my test site has 1 DC and my prod is 7 DC's.
> > My test environment is working 100% as is, same packages as prod.
> >
>
> OK, I do not use RHEL or Centos, I use Devuan and Bind9 on that OS
> isn't built with '--disable-isc-spnego', this combined with what it says
> here:
>
>
> https://wiki.samba.org/index.php/Using_BIND_DLZ_backend_with_secured_/_signed_DNS_updates#RHEL_.2F_CENTOS_.2F_FC_.2B_clones_-_ReBuild_Distributed_ISC_Bind_RPM
>
> Led me to believe this is your problem. However, you say it works on
> one DC, but not with multiple DC's.
>
> You have mentioned that you demoted DC's, removed all data for the
> deleted DC from AD and then rejoined it again with a newer version of
> Samba using the same DC name etc.
>
> I wonder if this could be your problem ?
> When you delete an object in AD, it does not get deleted, it gets
> 'tombstoned'.
> I would have given the new DC's a different name e.g. if the old DC was
> called DC01, the new one would be called DC02.
>
> The other thing I can think of is, how is resolv.conf setup ?
> Do the DC's point to themselves as DNS server, or to another DC ?
> If the latter, could your problem just be that you are trying to use
> the DC's kerberos ticket on the other DC ?
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


-- 
Eben Victor
Cell:  +27 82 759 5266
Email: eben.victor@xxxxxxxxx
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba