[SOLVED] Join script fails because first nameserver does not resolve the UCS master

jolentes · May 9, 2018, 9:42am

Hello,
I have a UCS PDC and BDC on the same subnet.

I an separate subnet I have a UCS slave server. I had to install it on the same subnet first and move it afterwards. Otherwise I could not get the domain join work during installation. After the move I could login to the UCS Web Console. Fine.

Now I wanted to provide a file share from that UCS slave and therefor installed univention-samba4 from the command-line. But the join scripts could not execute. They failed because the nameserver does not resolve the hostname of my master. So I added a second nameserver that does.
# ucr set nameserver2=my-master.local.domain

Still not working. Only if I switch nameserver1 and nameserver2 values in UCR it can resolve.

Is that a bug? Or did I do something wrong?

BR,
Jörn

troeder · May 9, 2018, 1:53pm

That’s intended. All members of a domain must be able to resolve and contact the DC master and all DC backups. Each DC backup and DC slave should have at least

nameserver1=<own IP>
nameserver2=<IP of master or backup>

jolentes · May 9, 2018, 2:36pm

Hello @troeder,
yes, that is clear. I had the following setup.

nameserver1=<IP of internet gateway>
nameserver2=<IP of master>

It looked like the join script gave up after the first nameserver.
When I switched the order it worked.

nameserver1=<IP of master>
nameserver2=<IP of internet gateway>

troeder · May 9, 2018, 2:45pm

Not true: DC slaves need only one DC master or DC backup.

dns/forwarder1 dns/forwarder2 and dns/forwarder3 are for resolving external domains.
nameserver1-3 is for the domains own nameservers only.

It should be:

nameserver1=<own IP>
nameserver2=<IP of master>
dns/forwarder1=<IP of internet gateway>

nameserver2+3 dns/forwarder2+3 should be unset, if not required.