[Samba] Issues with bind9 dlz
Rowland Penny
rpenny at samba.org
Sat May 4 14:58:23 UTC 2019
On Sun, 5 May 2019 00:11:40 +1000
Rob Thoman via samba <samba at lists.samba.org> wrote:
> Hi,
>
> We migrated the domain to AD on a ubuntu 18.04 box with samba 4.7.6.
> The DNS backend is DLZ
>
> We are seeing DNS issues as per below
>
> When using dnsupdate we get the following error. The server can
> resolve the hostname(itself)
>
> added interface eth0 ip=192.168.117.10 bcast=192.168.117.255
> netmask=255.255.255.0
> IPs: ['192.168.117.10']
> need cache add: A server5.intdom.group 192.168.117.10
> Looking for DNS entry A server5.intdom.group 192.168.117.10 as
> server5.intdom.group.
> Traceback (most recent call last):
> File "/usr/sbin/samba_dnsupdate", line 827, in <module>
> elif not check_dns_name(d):
> File "/usr/sbin/samba_dnsupdate", line 317, in check_dns_name
> raise Exception("Timeout while waiting to contact a working DNS
> server while looking for %s as %s" % (d, normalised_na$
> Exception: Timeout while waiting to contact a working DNS server while
> looking for A server5.intdom.group 192.168.117.10 $
> ;; connection timed out; no servers could be reached
> ;; connection timed out; no servers could be reached
> ;; connection timed out; no servers could be reached
>
> service bind9 status
>
> May 04 13:50:40 server5-new named[2079]: sizing zone task pool based
> on 5 zones
Why '5' zones ?
> May 04 13:50:40 server5-new named[2079]: Loading 'AD DNS Zone' using
> driver dlopen
> May 04 13:50:40 server5-new named[2079]: dlz_dlopen failed to open
> library '/usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9$
Does /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_11.so exist and if
so, who owns it and what are the permissions ?
> May 04 13:50:40 server5-new named[2079]: dlz_dlopen of 'AD DNS Zone'
> failed May 04 13:50:40 server5-new named[2079]: SDLZ driver failed to
> load. May 04 13:50:40 server5-new named[2079]: DLZ driver failed to
> load. May 04 13:50:40 server5-new named[2079]: loading configuration:
> failure May 04 13:50:40 server5-new named[2079]: exiting (due to
> fatal error) May 04 13:50:40 server5-new systemd[1]: bind9.service:
> Main process exited, code=exited, status=1/FAILURE
> May 04 13:50:40 server5-new systemd[1]: bind9.service: Failed with
> result 'exit-code'.
>
> /etc/bind/name.conf has the following
>
> include "/etc/bind/named.conf.options";
> include "/etc/bind/named.conf.local";
> include "/etc/bind/named.conf.default-zones";
> include "/var/lib/samba/private/named.conf";
>
> named.conf.options has
>
> dnssec-validation auto;
> tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
> auth-nxdomain no; # conform to RFC1035
> listen-on-v6 { any; };
If that is all there is, there isn't enough.
If it isn't all there is, please post the entire contents.
> /etc/krb5.conf has
>
> [libdefaults]
> default_realm = intdom.GROUP
All the REALM should be in UPPERCASE
> dns_lookup_realm = false
> dns_lookup_kdc = true
>
> [realms]
> intdom.GROUP = {
> kdc = server5
> admin_server = server5
You do not require the [realms] part.
> }
>
> /etc/resolv.conf has
>
> nameserver 192.168.117.10
> search intdom.group
>
> smb.conf has
>
> [global]
> workgroup = intdom
> realm = intdom.GROUP
> netbios name = server5
> server role = active directory domain controller
> idmap_ldb:use rfc2307 = yes
> log file = /var/log/samba/log.%m
> log level = 4
> acl allow execute always = True
> server services = -dns
> allow dns updates = nonsecure
>
Can you post the contents of /etc/hostname & /etc/hosts
Rowland
More information about the samba
mailing list