Problem: School Replica DNS Records Corrupted After IP Address Changes

Knowledge Base Community
, , , ,
1

Problem

In the context of school specific sambahome, the school replica servers in this domain have a DNS alias record named “schulserver”, which is configured to resolve to the local server’s IP address.

On one school replica, the IP address has been changed twice over time. On this server, the “schulserver” alias no longer resolved to the local address, but instead pointed to the Primary Server.

Investigation

To analyze the issue, the following script was executed:

/usr/share/univention-samba4/scripts/check_essential_samba4_dns_records.sh

The script reported multiple DNS inconsistencies and missing records:

gc._msdcs.domain.de has address 10.0.1.1
gc._msdcs.domain.de has address 10.0.1.2
_gc._tcp.domain.de has SRV record 0 100 3268 master.domain.de.
_ldap._tcp.gc._msdcs.domain.de has SRV record 0 100 3268 master.domain.de.
_ldap._tcp.domain.de has SRV record 0 100 389 master.domain.de.
_ldap._tcp.dc._msdcs.domain.de has SRV record 0 100 389 master.domain.de.
_ldap._tcp.pdc._msdcs.domain.de has SRV record 0 100 389 master.domain.de.
Host _ldap._tcp.34d99162-18a3-4f04-b9e9-f02cdeb09f1e.domains._msdcs.domain.de not found: 3(NXDOMAIN)
_kerberos._tcp.dc._msdcs.domain.de has SRV record 0 100 88 master.domain.de.
_kerberos._tcp.domain.de has SRV record 0 100 88 master.domain.de.
_kerberos._udp.domain.de has SRV record 0 100 88 master.domain.de.
_kpasswd._tcp.domain.de has SRV record 0 100 464 master.domain.de.
_kpasswd._udp.domain.de has SRV record 0 100 464 master.domain.de.
Located DC 'replica04' in site 'replica04'
e4c443a4-20a3-4901-81bc-46cac629dc55._msdcs.domain.de is an alias for replica04.domain.de.
## Records for site replica04:
Host _ldap._tcp.replica04._sites.domain.de not found: 3(NXDOMAIN)
Host _ldap._tcp.replica04._sites.dc._msdcs.domain.de not found: 3(NXDOMAIN)
Host _kerberos._tcp.replica04._sites.domain.de not found: 3(NXDOMAIN)
Host _kerberos._tcp.replica04._sites.dc._msdcs.domain.de not found: 3(NXDOMAIN)
## Optional GC Records for site replica04:
Host _gc._tcp.replica04._sites.domain.de not found: 3(NXDOMAIN)
Host _ldap._tcp.replica04._sites.gc._msdcs.domain.de not found: 3(NXDOMAIN)
_kerberos.domain.de descriptive text "domain.DE"

The output indicated that the replica’s DNS registration was incomplete and that several essential Samba/Active Directory DNS records were either missing or no longer valid.

Solution

Instead of manually correcting all affected DNS records, the issue was resolved by performing a re-join of the school replica server.

After the re-join process completed successfully, all required DNS records were recreated automatically and the DNS health check no longer reported any issues. The “schulserver” alias record once again resolved correctly to the local replica server.