duplicate dns zones 4.0.9 and samba-master

Taylor, Jonn jonnt at taylortelephone.com
Thu Oct 3 08:23:39 MDT 2013 

On 10/03/2013 08:47 AM, Taylor, Jonn wrote:
> On 10/02/2013 08:02 PM, Amitay Isaacs wrote:
>>
>> Hi John,
>>
>> On Thu, Oct 3, 2013 at 2:54 AM, Taylor, Jonn 
>> <jonnt at taylortelephone.com <mailto:jonnt at taylortelephone.com>> wrote:
>>
>>     Looks like it is working. Thank you! Now we just need to have
>>     Andrew fix the database stuff when he has time.
>>
>>     Oct  2 11:48:44 dc0 named[29090]: starting BIND
>>     9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.6 -u named
>>     Oct  2 11:48:44 dc0 named[29090]: built with
>>     '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu'
>>     '--target=x86_64-redhat-linux-gnu' '--program-prefix='
>>     '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin'
>>     '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share'
>>     '--includedir=/usr/include' '--libdir=/usr/lib64'
>>     '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib'
>>     '--mandir=/usr/share/man' '--infodir=/usr/share/info'
>>     '--with-libtool' '--localstatedir=/var' '--enable-threads'
>>     '--enable-ipv6' '--with-pic' '--disable-static'
>>     '--disable-openssl-version-check' '--with-dlz-ldap=yes'
>>     '--with-dlz-postgres=yes' '--with-dlz-mysql=yes'
>>     '--with-dlz-filesystem=yes' '--with-gssapi=yes'
>>     '--disable-isc-spnego'
>>     '--with-docbook-xsl=/usr/share/sgml/docbook/xsl-stylesheets'
>>     '--enable-fixed-rrset' 'build_alias=x86_64-redhat-linux-gnu'
>>     'host_alias=x86_64-redhat-linux-gnu'
>>     'target_alias=x86_64-redhat-linux-gnu' 'CFLAGS= -O2 -g -pipe -Wall
>>     -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector
>>     --param=ssp-buffer-size=4 -m64 -mtune=generic' 'CPPFLAGS=
>>     -DDIG_SIGCHASE'
>>     Oct  2 11:48:44 dc0 named[29090]:
>>     ----------------------------------------------------
>>     Oct  2 11:48:44 dc0 named[29090]: BIND 9 is maintained by Internet
>>     Systems Consortium,
>>     Oct  2 11:48:44 dc0 named[29090]: Inc. (ISC), a non-profit
>>     501(c)(3) public-benefit
>>     Oct  2 11:48:44 dc0 named[29090]: corporation. Support and
>>     training for BIND 9 are
>>     Oct  2 11:48:44 dc0 named[29090]: available at
>>     https://www.isc.org/support
>>     Oct  2 11:48:44 dc0 named[29090]:
>>     ----------------------------------------------------
>>     Oct  2 11:48:44 dc0 named[29090]: adjusted limit on open files
>>     from 4096 to 1048576
>>     Oct  2 11:48:44 dc0 named[29090]: found 1 CPU, using 1 worker thread
>>     Oct  2 11:48:44 dc0 named[29090]: using up to 4096 sockets
>>     Oct  2 11:48:44 dc0 named[29090]: loading configuration from
>>     '/etc/named.conf'
>>     Oct  2 11:48:44 dc0 named[29090]: reading built-in trusted keys
>>     from file '/etc/named.iscdlv.key'
>>     Oct  2 11:48:44 dc0 named[29090]: using default UDP/IPv4 port
>>     range: [1024, 65535]
>>     Oct  2 11:48:44 dc0 named[29090]: using default UDP/IPv6 port
>>     range: [1024, 65535]
>>     Oct  2 11:48:44 dc0 named[29090]: listening on IPv6 interface lo,
>>     ::1#53
>>     Oct  2 11:48:44 dc0 named[29090]: generating session key for
>>     dynamic DNS
>>     Oct  2 11:48:44 dc0 named[29090]: sizing zone task pool based on 1
>>     zones
>>     Oct  2 11:48:44 dc0 named[29090]: Loading 'AD DNS Zone' using
>>     driver dlopen
>>     Oct  2 11:48:45 dc0 named[29090]: samba_dlz: started for DN
>>     DC=taylortelephone,DC=com
>>     Oct  2 11:48:45 dc0 named[29090]: samba_dlz: starting configure
>>     Oct  2 11:48:45 dc0 named[29090]: samba_dlz: configured writeable
>>     zone 'example.lan'
>>     Oct  2 11:48:45 dc0 named[29090]: samba_dlz: configured writeable
>>     zone '198.89.70.in-addr.arpa'
>>     Oct  2 11:48:45 dc0 named[29090]: samba_dlz: configured writeable
>>     zone '173.168.192.in-addr.arpa'
>>     Oct  2 11:48:45 dc0 named[29090]: samba_dlz: configured writeable
>>     zone '183.168.192.in-addr.arpa'
>>     Oct  2 11:48:45 dc0 named[29090]: samba_dlz: configured writeable
>>     zone '170.168.192.in-addr.arpa'
>>     Oct  2 11:48:45 dc0 named[29090]: samba_dlz: configured writeable
>>     zone 'taylortelephone.com <http://taylortelephone.com>'
>>     Oct  2 11:48:45 dc0 named[29090]: samba_dlz: configured writeable
>>     zone 'taylordatacom.com <http://taylordatacom.com>'
>>     Oct  2 11:48:45 dc0 named[29090]: samba_dlz: configured writeable
>>     zone '_msdcs.taylortelephone.com <http://msdcs.taylortelephone.com>'
>>     Oct  2 11:48:45 dc0 named[29090]: samba_dlz: Ignoring duplicate
>>     zone 'taylortelephone.com <http://taylortelephone.com>' from
>> 'DC=@,DC=taylortelephone.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=taylortelephone,DC=com
>> <mailto:DC=@,DC=taylortelephone.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=taylortelephone,DC=com>'
>>     Oct  2 11:48:45 dc0 named[29090]: using built-in DLV key for view
>>     _default
>>
>>
>> This is a bit surprising. I was expecting to see the duplicate zone 
>> in the system partition
>>
>>    CN=MicrosoftDNS,CN=System,DC=taylortelephone,DC=com
>>
>> and not really in the ForestDnsZones partition.  I am wondering how 
>> did you end up with duplicate primary DNS zone in forest dns 
>> partition.  Usually the primary domain zone is in DomainDnsZones 
>> partition and _msdcs.<domain> zone is in ForestDnsZones partition.  
>> You might want to delete this duplicate zone from ForestDnsZones 
>> partition.
>>
>>
>> Amitay.
> I tried to delete it but when one gets deleted the other one does too. 
> Andrew said it is hard coded that way in s4. This use to be a 2003 
> domain that I upgraded to 2008r2. It only show up that way on an s4 
> server. My win2k8r2 that is going away shows only 1 in the dns snap-in.
>
> I have had a bug open on this for a year now. 
> https://bugzilla.samba.org/show_bug.cgi?id=9210
>
> Also, see these.
> Oct  3 08:28:35 dc0 named[30561]: samba b9_putrr: unhandled record type 0
> Oct  3 08:28:35 dc0 named[30561]: samba b9_putrr: unhandled record type 0
> Oct  3 08:29:59 dc0 named[30561]: samba b9_putrr: unhandled record type 0
>
> I do have dns updates working though samba and dhcpd. File permissions 
> are the big thing that I trouble with. The wiki could use some updates 
> on that. It is good but the info is spread around a little on dns stuff.
>
> Jonn
Here is my zone list.

   pszZoneName                 : example.lan
   Flags                       : DNS_RPC_ZONE_DSINTEGRATED 
DNS_RPC_ZONE_UPDATE_SECURE
   ZoneType                    : DNS_ZONE_TYPE_PRIMARY
   Version                     : 50
   dwDpFlags                   : DNS_DP_AUTOCREATED 
DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED
   pszDpFqdn                   : DomainDnsZones.taylortelephone.com

   pszZoneName                 : 198.89.70.in-addr.arpa
   Flags                       : DNS_RPC_ZONE_DSINTEGRATED 
DNS_RPC_ZONE_UPDATE_SECURE
   ZoneType                    : DNS_ZONE_TYPE_PRIMARY
   Version                     : 50
   dwDpFlags                   : DNS_DP_AUTOCREATED 
DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED
   pszDpFqdn                   : DomainDnsZones.taylortelephone.com

   pszZoneName                 : 173.168.192.in-addr.arpa
   Flags                       : DNS_RPC_ZONE_DSINTEGRATED 
DNS_RPC_ZONE_UPDATE_SECURE
   ZoneType                    : DNS_ZONE_TYPE_PRIMARY
   Version                     : 50
   dwDpFlags                   : DNS_DP_AUTOCREATED 
DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED
   pszDpFqdn                   : DomainDnsZones.taylortelephone.com

   pszZoneName                 : 183.168.192.in-addr.arpa
   Flags                       : DNS_RPC_ZONE_DSINTEGRATED 
DNS_RPC_ZONE_UPDATE_SECURE
   ZoneType                    : DNS_ZONE_TYPE_PRIMARY
   Version                     : 50
   dwDpFlags                   : DNS_DP_AUTOCREATED 
DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED
   pszDpFqdn                   : DomainDnsZones.taylortelephone.com

   pszZoneName                 : 170.168.192.in-addr.arpa
   Flags                       : DNS_RPC_ZONE_DSINTEGRATED 
DNS_RPC_ZONE_UPDATE_SECURE
   ZoneType                    : DNS_ZONE_TYPE_PRIMARY
   Version                     : 50
   dwDpFlags                   : DNS_DP_AUTOCREATED 
DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED
   pszDpFqdn                   : DomainDnsZones.taylortelephone.com

   pszZoneName                 : taylortelephone.com
   Flags                       : DNS_RPC_ZONE_DSINTEGRATED 
DNS_RPC_ZONE_UPDATE_SECURE
   ZoneType                    : DNS_ZONE_TYPE_PRIMARY
   Version                     : 50
   dwDpFlags                   : DNS_DP_AUTOCREATED 
DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED
   pszDpFqdn                   : DomainDnsZones.taylortelephone.com

   pszZoneName                 : taylordatacom.com
   Flags                       : DNS_RPC_ZONE_DSINTEGRATED 
DNS_RPC_ZONE_UPDATE_SECURE
   ZoneType                    : DNS_ZONE_TYPE_PRIMARY
   Version                     : 50
   dwDpFlags                   : DNS_DP_AUTOCREATED 
DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED
   pszDpFqdn                   : DomainDnsZones.taylortelephone.com

   pszZoneName                 : _msdcs.taylortelephone.com
   Flags                       : DNS_RPC_ZONE_DSINTEGRATED 
DNS_RPC_ZONE_UPDATE_SECURE
   ZoneType                    : DNS_ZONE_TYPE_PRIMARY
   Version                     : 50
   dwDpFlags                   : DNS_DP_AUTOCREATED 
DNS_DP_FOREST_DEFAULT DNS_DP_ENLISTED
   pszDpFqdn                   : ForestDnsZones.taylortelephone.com

   pszZoneName                 : taylortelephone.com
   Flags                       : DNS_RPC_ZONE_DSINTEGRATED 
DNS_RPC_ZONE_UPDATE_SECURE
   ZoneType                    : DNS_ZONE_TYPE_PRIMARY
   Version                     : 50
   dwDpFlags                   : DNS_DP_AUTOCREATED 
DNS_DP_FOREST_DEFAULT DNS_DP_ENLISTED
   pszDpFqdn                   : ForestDnsZones.taylortelephone.com

More information about the samba-technical mailing list