ForestDnsZones partition and TrustAnchors zone problem

Samuel Cabrero scabrero at zentyal.com
Mon Oct 1 16:35:58 MDT 2012 

Hi,

I have found a problem related to the ForestDnsZones partition 
replication when using BIND9_DLZ as backend in samba4 rc1.

If the "TrustAnchors" zone exists in the windows server, it is 
replicated to samba4 and named daemon exits with the following error 
when trying to load it:

named[10704]: samba_dlz: Failed to configure zone '..TrustAnchors'
named[10704]: loading configuration: empty label
named[10704]: exiting (due to fatal error)

As soon the zone is deleted in the windows server (dnscmd /zonedelete 
TrustAnchors /DsDel) and the change is replicated to samba, named starts 
without problems.

This issue is more annoying than it seems because this TrustAnchors zone 
is automatically created each time that the server properties window is 
opened in the windows DNS management tool. If you right click in the 
server name and select properties, then select the Trust Anchors tab and 
click Ok button without make any changes, the zone is created again, 
replicated to samba4 and the problem is back.

I don't know if it is related, but the zone have two dots prepended to 
the name when replicated to samba:

root at s4dc1:/home/zen# samba-tool dns zonelist s4dc1.kernevil.lan
   3 zone(s) found

   pszZoneName                 : kernevil.lan
   Flags                       : DNS_RPC_ZONE_DSINTEGRATED 
DNS_RPC_ZONE_UPDATE_SECURE
   ZoneType                    : DNS_ZONE_TYPE_PRIMARY
   Version                     : 50
   dwDpFlags                   : DNS_DP_AUTOCREATED 
DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED
   pszDpFqdn                   : DomainDnsZones.kernevil.lan

   pszZoneName                 : _msdcs.kernevil.lan
   Flags                       : DNS_RPC_ZONE_DSINTEGRATED 
DNS_RPC_ZONE_UPDATE_SECURE
   ZoneType                    : DNS_ZONE_TYPE_PRIMARY
   Version                     : 50
   dwDpFlags                   : DNS_DP_AUTOCREATED 
DNS_DP_FOREST_DEFAULT DNS_DP_ENLISTED
   pszDpFqdn                   : ForestDnsZones.kernevil.lan

   pszZoneName                 : ..TrustAnchors
   Flags                       : DNS_RPC_ZONE_DSINTEGRATED 
DNS_RPC_ZONE_UPDATE_SECURE
   ZoneType                    : DNS_ZONE_TYPE_PRIMARY
   Version                     : 50
   dwDpFlags                   : DNS_DP_AUTOCREATED 
DNS_DP_FOREST_DEFAULT DNS_DP_ENLISTED
   pszDpFqdn                   : ForestDnsZones.kernevil.lan


root at s4dc1:/home/zen# samba-tool dns zonelist windc1.kernevil.lan
   3 zone(s) found

   pszZoneName                 : _msdcs.kernevil.lan
   Flags                       : DNS_RPC_ZONE_DSINTEGRATED 
DNS_RPC_ZONE_UPDATE_SECURE
   ZoneType                    : DNS_ZONE_TYPE_PRIMARY
   Version                     : 50
   dwDpFlags                   : DNS_DP_AUTOCREATED 
DNS_DP_FOREST_DEFAULT DNS_DP_ENLISTED
   pszDpFqdn                   : ForestDnsZones.kernevil.lan

   pszZoneName                 : kernevil.lan
   Flags                       : DNS_RPC_ZONE_DSINTEGRATED 
DNS_RPC_ZONE_UPDATE_SECURE
   ZoneType                    : DNS_ZONE_TYPE_PRIMARY
   Version                     : 50
   dwDpFlags                   : DNS_DP_AUTOCREATED 
DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED
   pszDpFqdn                   : DomainDnsZones.kernevil.lan

   pszZoneName                 : TrustAnchors
   Flags                       : DNS_RPC_ZONE_DSINTEGRATED
   ZoneType                    : DNS_ZONE_TYPE_PRIMARY
   Version                     : 50
   dwDpFlags                   : DNS_DP_AUTOCREATED 
DNS_DP_FOREST_DEFAULT DNS_DP_ENLISTED
   pszDpFqdn                   : ForestDnsZones.kernevil.lan


I would be happy to provide as much debug info as you need to help to 
solve this issue.

Cheers.

-- 
Samuel Cabrero - Developer
scabrero at zentyal.com

The Linux small business server
www.zentyal.com

More information about the samba-technical mailing list