Re: [Samba] DNS replication and BDCs
Hi Marc, comments below. On 6/20/2013 5:26 PM, Marc Muehlfeld wrote: Hello David, Am 20.06.2013 19:55, schrieb David González Herrera - [DGHVoIP]: I would like youi to point me or tell me how do I create a fail-over or high availability system so that when one of the DCs is down the other takes over Auth tasks and obviously DNS. I've thought a solution would be to make a slave BIND DNS on another slaver and replicate the Samba Zone and add aappropriate NS and A records to the main zone so that clients can query another DNS for the zone and not fail as I faced yesterday. This is a production environment scenario and I have many servers authenticating users against the samba server so if this fails everything else does. When you join a second DC to the AD (http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC), then the DNS part is also automatically replicated. Alright I have done that on the second DC but using internal, I get this if I dig the zone. root@bdc:~# dig @10.10.10.20 AXFR example.local ; DiG 9.9.2-P2 @10.10.10.20 AXFR example.local ; (1 server found) ;; global options: +cmd ; Transfer failed. root@bdc:~# dig @10.10.10.5 AXFR example.local ; DiG 9.9.2-P2 @10.10.10.5 AXFR example.local ; (1 server found) ;; global options: +cmd example.local. 3600IN SOA samba.example.local. hostmaster.example.local. 65 900 600 86400 0 example.local. 900 IN NS samba.example.local. example.local. 900 IN A 10.10.10.5 example.local. 900 IN A 21x.xxx.xxx.xxx example.local. 900 IN A 10.10.10.20 example.local. 900 IN A 10.10.10.15 example.local. 900 IN A 192.168.5.5 bdc.example.local. 900 IN A 10.10.10.20 bdc.example.local. 900 IN A 192.168.5.5 w2k8.example.local.1200IN A 10.10.10.15 samba.example.local. 900 IN A 10.10.10.5 samba.example.local. 900 IN A 21x.xxx.xxx.xxx DGHPC.example.local. 1200IN 2002:505:5bd::505:5bd DGHPC.example.local. 1200IN A 192.168.5.211 DGHPC.example.local. 1200IN A 5.5.5.189 _msdcs.example.local. 900 IN NS samba.example.local. _gc._tcp.example.local. 900IN SRV 0 100 3268 samba.example.local. _gc._tcp.example.local. 900IN SRV 0 100 3268 W2K8.example.local. _gc._tcp.example.local. 900IN SRV 0 100 3268 bdc.example.local. _ldap._tcp.example.local. 900 IN SRV 0 100 389 samba.example.local. _ldap._tcp.example.local. 900 IN SRV 0 100 389 W2K8.example.local. _ldap._tcp.example.local. 900 IN SRV 0 100 389 bdc.example.local. _kpasswd._udp.example.local. 900 INSRV 0 100 464 samba.example.local. _kpasswd._udp.example.local. 900 INSRV 0 100 464 W2K8.example.local. _kpasswd._udp.example.local. 900 INSRV 0 100 464 bdc.example.local. _kpasswd._tcp.example.local. 900 INSRV 0 100 464 samba.example.local. _kpasswd._tcp.example.local. 900 INSRV 0 100 464 W2K8.example.local. _kpasswd._tcp.example.local. 900 INSRV 0 100 464 bdc.example.local. _kerberos._udp.example.local. 900 IN SRV 0 100 88 samba.example.local. _kerberos._udp.example.local. 900 IN SRV 0 100 88 W2K8.example.local. _kerberos._udp.example.local. 900 IN SRV 0 100 88 bdc.example.local. _kerberos._tcp.example.local. 900 IN SRV 0 100 88 samba.example.local. _kerberos._tcp.example.local. 900 IN SRV 0 100 88 W2K8.example.local. _kerberos._tcp.example.local. 900 IN SRV 0 100 88 bdc.example.local. ForestDnsZones.example.local. 900 IN A 10.10.10.5 DomainDnsZones.example.local. 900 IN A 10.10.10.5 _ldap._tcp.ForestDnsZones.example.local. 900 IN SRV 0 100 389 samba.example.local. _ldap._tcp.DomainDnsZones.example.local. 900 IN SRV 0 100 389 samba.example.local. _gc._tcp.Default-First-Site-Name._sites.example.local. 900 IN SRV 0 100 3268 samba.example.local. _gc._tcp.Default-First-Site-Name._sites.example.local. 900 IN SRV 0 100 3268 W2K8.example.local. _gc._tcp.Default-First-Site-Name._sites.example.local. 900 IN SRV 0 100 3268 bdc.example.local. _ldap._tcp.Default-First-Site-Name._sites.example.local. 900 IN SRV 0 100 389 samba.example.local. _ldap._tcp.Default-First-Site-Name._sites.example.local. 900 IN SRV 0 100 389 W2K8.example.local. _ldap._tcp.Default-First-Site-Name._sites.example.local. 900 IN SRV 0 100 389 bdc.example.local. _kerberos._tcp.Default-First-Site-Name._sites.example.local. 900 IN SRV 0 100 88 samba.example.local. _kerberos._tcp.Default-First-Site-Name._sites.example.local. 900 IN SRV 0 100 88 W2K8.example.local. _kerberos._tcp.Default-First-Site-Name._sites.example.local. 900 IN SRV 0 100 88 bdc.example.local. _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.example.local. 900 INSRV 0 100 389
Re: [Samba] DNS replication and BDCs
Hello David, Am 21.06.2013 23:42, schrieb David González Herrera - [DGHVoIP]: root@bdc:~# dig @10.10.10.20 AXFR example.local . example.local. 900 IN A 10.10.10.5 example.local. 900 IN A 21x.xxx.xxx.xxx example.local. 900 IN A 10.10.10.20 example.local. 900 IN A 10.10.10.15 example.local. 900 IN A 192.168.5.5 . . Now I'd like to remove the public IP 21x.xxx.xxx.xxx from the zone I use: samba-tool dns delete samba.example.local example.local samba.example.local NS 21x.xxx.xxx.xxx -U Administrator samba-tool dns delete samba.example.local example.local samba.example.local A 21x.xxx.xxx.xxx -U Administrator They all succeed, but I keep seeing that when I dig the zone as you can see on the previous dig. I guess Samba is listening on the public IP as well? # netstat -taunp | grep samba | grep 21x.xxx.xxx.xxx If it does, then bind samba just to the interfaces, it should listen (this would also save you firewall rules, to prevent access on the other interfaces, when it won't listen there). bind interfaces only = yes interfaces = lo eth0 (set interfaces to all devices, Sambas services should listen on + localhost) Then restart Samba. Then you only have to configure your clients, to use the second machine as DNS server, too. This is what concerns me the most, as I'm connecting services as Postfix/Dovecot,OpenVPN I was using the IP of the PDC 10.10.10.5. Can I use example.local on my LDAP/AD clients configuration?. And will it be like round robin-dns, if one server doesn't respond will the pther take over?. Normally the most services work fine with hostnames instead of IPs. It makes you more flexible (round robin), but then the service depents on DNS, too. Regards, Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] DNS replication and BDCs
Hello David, Am 20.06.2013 19:55, schrieb David González Herrera - [DGHVoIP]: I would like youi to point me or tell me how do I create a fail-over or high availability system so that when one of the DCs is down the other takes over Auth tasks and obviously DNS. I've thought a solution would be to make a slave BIND DNS on another slaver and replicate the Samba Zone and add aappropriate NS and A records to the main zone so that clients can query another DNS for the zone and not fail as I faced yesterday. This is a production environment scenario and I have many servers authenticating users against the samba server so if this fails everything else does. When you join a second DC to the AD (http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC), then the DNS part is also automatically replicated. As you already have a second DC, please check, if Samba (or BIND) is listening on port 53 to answer DNS queries. # netstat -taunp | grep :53 Then you only have to configure your clients, to use the second machine as DNS server, too. There's nothing special you have to do here. You can use BIND or the internal DNS on the other DCs. It don't need to be the same than on your first one. Regards, Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba