[Samba] Switching from Internal DNS to Bind9_DLZ
lingpanda101
lingpanda101 at gmail.com
Mon Jan 8 18:11:06 UTC 2018
On 1/2/2018 4:05 PM, Rowland Penny wrote:
> On Tue, 2 Jan 2018 15:52:57 -0500
> lingpanda101 <lingpanda101 at gmail.com> wrote:
>
>> On 1/2/2018 3:37 PM, Rowland Penny wrote:
>>> On Tue, 2 Jan 2018 15:23:18 -0500
>>> lingpanda101 <lingpanda101 at gmail.com> wrote:
>>>
>>>
>>>> Actually it looks as if Bind isn't running. Though I could've sworn
>>>> it did at one point.
>>>>
>>>> service bind9 restart
>>>> * Stopping domain name service... bind9
>>>> rndc: connect failed: 127.0.0.1#953: connection
>>>> refused [ OK ]
>>>> * Starting domain name service... bind9 [fail]
>>>>
>>>> Log shows;
>>>>
>>>> Jan 2 15:20:51 ddc2 named[2793]:
>>>> ----------------------------------------------------
>>>> Jan 2 15:20:51 ddc2 named[2793]: BIND 9 is maintained by Internet
>>>> Systems Consortium,
>>>> Jan 2 15:20:51 ddc2 named[2793]: Inc. (ISC), a non-profit
>>>> 501(c)(3) public-benefit
>>>> Jan 2 15:20:51 ddc2 named[2793]: corporation. Support and
>>>> training for BIND 9 are
>>>> Jan 2 15:20:51 ddc2 named[2793]: available at
>>>> https://www.isc.org/support Jan 2 15:20:51 ddc2 named[2793]:
>>>> ----------------------------------------------------
>>>> Jan 2 15:20:51 ddc2 named[2793]: adjusted limit on open files from
>>>> 4096 to 1048576
>>>> Jan 2 15:20:51 ddc2 named[2793]: found 2 CPUs, using 2 worker
>>>> threads Jan 2 15:20:51 ddc2 named[2793]: using 2 UDP listeners
>>>> per interface Jan 2 15:20:51 ddc2 named[2793]: using up to 4096
>>>> sockets Jan 2 15:20:51 ddc2 named[2793]: loading configuration
>>>> from '/etc/bind/named.conf'
>>>> Jan 2 15:20:51 ddc2 named[2793]: /etc/bind/named.conf:15:
>>>> 'options' redefined near 'options'
>>>> Jan 2 15:20:51 ddc2 named[2793]: loading configuration: already
>>>> exists Jan 2 15:20:51 ddc2 named[2793]: exiting (due to fatal
>>>> error)
>>>>
>>>> It seems to stem from the issue I had before
>>>> "/etc/bind/named.conf:15: 'options' redefined near 'options'"
>>>>
>>> I reread your earlier post and noticed something I missed earlier,
>>> do you normally use red-hat ?
>>> I ask this because you have this line in /etc/bind/named.conf:
>>>
>>> include "/etc/bind/named.conf.options";
>>>
>>> Followed by:
>>> # Global Configuration Options
>>> options {
>>> .........
>>> ......
>>>
>>>
>>>
>>> If this is all in the one file (ala red-hat), then this is your
>>> problem, debian splits up Bind9 into separate conf files and you
>>> will have two 'options'
>>>
>>> Rowland
>> I do not. Ubuntu but I do have two CentOS systems.
>>
>> The config file was auto-generated when I installed via. apt-get.
>> This is what it originally contained before I made any modifications.
>>
>> // This is the primary configuration file for the BIND DNS server
>> named. //
>> // Please read /usr/share/doc/bind9/README.Debian.gz for information
>> on the // structure of BIND configuration files in Debian, *BEFORE*
>> you customize // this configuration file.
>> //
>> // If you are just adding zones, please do that in
>> /etc/bind/named.conf.local
>>
>> include "/etc/bind/named.conf.options";
>> include "/etc/bind/named.conf.local";
>> include "/etc/bind/named.conf.default-zones";
>>
>> If I comment out these include files, Bind9 starts. However I do
>> still get
>>
>> rndc: connect failed: 127.0.0.1#953: connection refused
>>
>> However I'm still getting the TSIG errors.
>>
> These are my named.conf files (with any comments stripped out), they
> have worked for me for the last 5 years ;-)
>
> /etc/bind/named.conf
>
> include "/etc/bind/named.conf.options";
> include "/etc/bind/named.conf.local";
> include "/etc/bind/named.conf.default-zones";
>
> /etc/bind/named.conf.options
>
> options {
> directory "/var/cache/bind";
> version "0.0.7";
> notify no;
> empty-zones-enable no;
> allow-query { 127.0.0.1; 192.168.0.0/24; };
> allow-recursion { 192.168.0.0/24; 127.0.0.1/32; };
> forwarders { 8.8.8.8; 8.8.4.4; };
> allow-transfer { none; };
> dnssec-validation no;
> dnssec-enable no;
> listen-on-v6 { none; };
> listen-on port 53 { 192.168.0.7; 127.0.0.1; };
>
> tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab";
> };
>
> /etc/bind/named.conf.local
>
> include "/usr/local/samba/private/named.conf";
>
>
> /etc/bind/named.conf.default-zones
>
> zone "." {
> type hint;
> file "/etc/bind/db.root";
> };
>
> zone "localhost" {
> type master;
> file "/etc/bind/db.local";
> };
>
> zone "127.in-addr.arpa" {
> type master;
> file "/etc/bind/db.127";
> };
>
> zone "0.in-addr.arpa" {
> type master;
> file "/etc/bind/db.0";
> };
>
> zone "255.in-addr.arpa" {
> type master;
> file "/etc/bind/db.255";
> };
>
> Rowland
_It looks as if I have a issue with the switch to Bind on one of my 6
DC's. Samba log gives the following.
_
[2018/01/08 10:59:19.002290, 0, pid=968, effective(0, 0), real(0, 0)]
../lib/util/fault.c:79(fault_report)
INTERNAL ERROR: Signal 7 in pid 968 (4.7.4)
Please read the Trouble-Shooting section of the Samba HOWTO
[2018/01/08 10:59:19.002521, 0, pid=968, effective(0, 0), real(0, 0)]
../lib/util/fault.c:81(fault_report)
===============================================================
[2018/01/08 10:59:19.002712, 0, pid=968, effective(0, 0), real(0, 0)]
../lib/util/fault.c:151(smb_panic_default)
PANIC: internal error
[2018/01/08 10:59:19.873041, 0, pid=948, effective(0, 0), real(0, 0)]
../source4/smbd/process_standard.c:161(standard_child_pipe_handler)
Child 968 (drepl) terminated with signal 6
[2018/01/08 11:00:39.091609, 0, pid=960, effective(0, 0), real(0, 0)]
../source4/rpc_server/common/forward.c:51(dcesrv_irpc_forward_callback)
IRPC callback failed for DsReplicaSync - NT_STATUS_OBJECT_NAME_NOT_FOUND
_I get repeated errors over and over for the following._
IRPC callback failed for DsReplicaSync - NT_STATUS_OBJECT_NAME_NOT_FOUND
_I tried switching back to the internal but it didn't resolve. Running
'samba-tool drs showrepl' shows a issue with the Domain DnsZones
partition. I tried manual replication but that to failed._
/usr/local/samba/bin/samba-tool drs replicate ddc2 ddc1
DC=DomainDnsZones,DC=domain,DC=local -U Administrator
Password for [DOMAIN\Administrator]:
ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed -
drsException: DsReplicaSync failed (-1073610699, 'The operation cannot
be performed.')
File
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/drs.py", line
386, in run
drs_utils.sendDsReplicaSync(server_bind, server_bind_handle,
source_dsa_guid, NC, req_options)
File
"/usr/local/samba/lib/python2.7/site-packages/samba/drs_utils.py", line
85, in sendDsReplicaSync
raise drsException("DsReplicaSync failed %s" % estr)
_Raising the log level to 3 didn't give me anything other than this._
[2018/01/08 12:40:05.883956, 3, pid=2271, effective(0, 0), real(0, 0)]
../source4/nbt_server/register.c:155(nbtd_register_name_handler)
Registered DDC2<00> with 172.16.22.27 on interface 172.16.22.255
[2018/01/08 12:40:05.886205, 3, pid=2271, effective(0, 0), real(0, 0)]
../source4/nbt_server/register.c:155(nbtd_register_name_handler)
Registered DDC2<03> with 172.16.22.27 on interface 172.16.22.255
[2018/01/08 12:40:05.886324, 3, pid=2271, effective(0, 0), real(0, 0)]
../source4/nbt_server/register.c:155(nbtd_register_name_handler)
Registered DDC2<20> with 172.16.22.27 on interface 172.16.22.255
[2018/01/08 12:40:05.915493, 3, pid=2271, effective(0, 0), real(0, 0)]
../source4/nbt_server/register.c:155(nbtd_register_name_handler)
Registered DOMAIN<1c> with 172.16.22.27 on interface 172.16.22.255
[2018/01/08 12:40:05.915654, 3, pid=2271, effective(0, 0), real(0, 0)]
../source4/nbt_server/register.c:155(nbtd_register_name_handler)
Registered DOMAIN<00> with 172.16.22.27 on interface 172.16.22.255
[2018/01/08 12:40:06.183365, 3, pid=2282, effective(0, 0), real(0, 0)]
../lib/util/util_runcmd.c:291(samba_runcmd_io_handler)
samba_runcmd_io_handler: Child /usr/local/samba/sbin/samba_dnsupdate
exited 0
_Why would the DC register itself on the broadcast address? Any harm in
simply demoting and rejoin the DC? Do I need to clean up all the meta
data before rejoin? Thanks._
--
--
James
More information about the samba
mailing list