duplicate dns zones 4.0.9 and samba-master
Taylor, Jonn
jonnt at taylortelephone.com
Thu Oct 3 08:43:25 MDT 2013
On 10/03/2013 09:23 AM, Taylor, Jonn wrote:
> On 10/03/2013 08:47 AM, Taylor, Jonn wrote:
>> On 10/02/2013 08:02 PM, Amitay Isaacs wrote:
>>>
>>> Hi John,
>>>
>>> On Thu, Oct 3, 2013 at 2:54 AM, Taylor, Jonn
>>> <jonnt at taylortelephone.com <mailto:jonnt at taylortelephone.com>> wrote:
>>>
>>> Looks like it is working. Thank you! Now we just need to have
>>> Andrew fix the database stuff when he has time.
>>>
>>> Oct 2 11:48:44 dc0 named[29090]: starting BIND
>>> 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.6 -u named
>>> Oct 2 11:48:44 dc0 named[29090]: built with
>>> '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu'
>>> '--target=x86_64-redhat-linux-gnu' '--program-prefix='
>>> '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin'
>>> '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share'
>>> '--includedir=/usr/include' '--libdir=/usr/lib64'
>>> '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib'
>>> '--mandir=/usr/share/man' '--infodir=/usr/share/info'
>>> '--with-libtool' '--localstatedir=/var' '--enable-threads'
>>> '--enable-ipv6' '--with-pic' '--disable-static'
>>> '--disable-openssl-version-check' '--with-dlz-ldap=yes'
>>> '--with-dlz-postgres=yes' '--with-dlz-mysql=yes'
>>> '--with-dlz-filesystem=yes' '--with-gssapi=yes'
>>> '--disable-isc-spnego'
>>> '--with-docbook-xsl=/usr/share/sgml/docbook/xsl-stylesheets'
>>> '--enable-fixed-rrset' 'build_alias=x86_64-redhat-linux-gnu'
>>> 'host_alias=x86_64-redhat-linux-gnu'
>>> 'target_alias=x86_64-redhat-linux-gnu' 'CFLAGS= -O2 -g -pipe -Wall
>>> -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector
>>> --param=ssp-buffer-size=4 -m64 -mtune=generic' 'CPPFLAGS=
>>> -DDIG_SIGCHASE'
>>> Oct 2 11:48:44 dc0 named[29090]:
>>> ----------------------------------------------------
>>> Oct 2 11:48:44 dc0 named[29090]: BIND 9 is maintained by Internet
>>> Systems Consortium,
>>> Oct 2 11:48:44 dc0 named[29090]: Inc. (ISC), a non-profit
>>> 501(c)(3) public-benefit
>>> Oct 2 11:48:44 dc0 named[29090]: corporation. Support and
>>> training for BIND 9 are
>>> Oct 2 11:48:44 dc0 named[29090]: available at
>>> https://www.isc.org/support
>>> Oct 2 11:48:44 dc0 named[29090]:
>>> ----------------------------------------------------
>>> Oct 2 11:48:44 dc0 named[29090]: adjusted limit on open files
>>> from 4096 to 1048576
>>> Oct 2 11:48:44 dc0 named[29090]: found 1 CPU, using 1 worker
>>> thread
>>> Oct 2 11:48:44 dc0 named[29090]: using up to 4096 sockets
>>> Oct 2 11:48:44 dc0 named[29090]: loading configuration from
>>> '/etc/named.conf'
>>> Oct 2 11:48:44 dc0 named[29090]: reading built-in trusted keys
>>> from file '/etc/named.iscdlv.key'
>>> Oct 2 11:48:44 dc0 named[29090]: using default UDP/IPv4 port
>>> range: [1024, 65535]
>>> Oct 2 11:48:44 dc0 named[29090]: using default UDP/IPv6 port
>>> range: [1024, 65535]
>>> Oct 2 11:48:44 dc0 named[29090]: listening on IPv6 interface lo,
>>> ::1#53
>>> Oct 2 11:48:44 dc0 named[29090]: generating session key for
>>> dynamic DNS
>>> Oct 2 11:48:44 dc0 named[29090]: sizing zone task pool based on 1
>>> zones
>>> Oct 2 11:48:44 dc0 named[29090]: Loading 'AD DNS Zone' using
>>> driver dlopen
>>> Oct 2 11:48:45 dc0 named[29090]: samba_dlz: started for DN
>>> DC=taylortelephone,DC=com
>>> Oct 2 11:48:45 dc0 named[29090]: samba_dlz: starting configure
>>> Oct 2 11:48:45 dc0 named[29090]: samba_dlz: configured writeable
>>> zone 'example.lan'
>>> Oct 2 11:48:45 dc0 named[29090]: samba_dlz: configured writeable
>>> zone '198.89.70.in-addr.arpa'
>>> Oct 2 11:48:45 dc0 named[29090]: samba_dlz: configured writeable
>>> zone '173.168.192.in-addr.arpa'
>>> Oct 2 11:48:45 dc0 named[29090]: samba_dlz: configured writeable
>>> zone '183.168.192.in-addr.arpa'
>>> Oct 2 11:48:45 dc0 named[29090]: samba_dlz: configured writeable
>>> zone '170.168.192.in-addr.arpa'
>>> Oct 2 11:48:45 dc0 named[29090]: samba_dlz: configured writeable
>>> zone 'taylortelephone.com <http://taylortelephone.com>'
>>> Oct 2 11:48:45 dc0 named[29090]: samba_dlz: configured writeable
>>> zone 'taylordatacom.com <http://taylordatacom.com>'
>>> Oct 2 11:48:45 dc0 named[29090]: samba_dlz: configured writeable
>>> zone '_msdcs.taylortelephone.com
>>> <http://msdcs.taylortelephone.com>'
>>> Oct 2 11:48:45 dc0 named[29090]: samba_dlz: Ignoring duplicate
>>> zone 'taylortelephone.com <http://taylortelephone.com>' from
>>> 'DC=@,DC=taylortelephone.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=taylortelephone,DC=com
>>>
>>> <mailto:DC=@,DC=taylortelephone.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=taylortelephone,DC=com>'
>>>
>>> Oct 2 11:48:45 dc0 named[29090]: using built-in DLV key for view
>>> _default
>>>
>>>
>>> This is a bit surprising. I was expecting to see the duplicate zone
>>> in the system partition
>>>
>>> CN=MicrosoftDNS,CN=System,DC=taylortelephone,DC=com
>>>
>>> and not really in the ForestDnsZones partition. I am wondering how
>>> did you end up with duplicate primary DNS zone in forest dns
>>> partition. Usually the primary domain zone is in DomainDnsZones
>>> partition and _msdcs.<domain> zone is in ForestDnsZones partition.
>>> You might want to delete this duplicate zone from ForestDnsZones
>>> partition.
>>>
>>>
>>> Amitay.
>> I tried to delete it but when one gets deleted the other one does
>> too. Andrew said it is hard coded that way in s4. This use to be a
>> 2003 domain that I upgraded to 2008r2. It only show up that way on an
>> s4 server. My win2k8r2 that is going away shows only 1 in the dns
>> snap-in.
>>
>> I have had a bug open on this for a year now.
>> https://bugzilla.samba.org/show_bug.cgi?id=9210
>>
>> Also, see these.
>> Oct 3 08:28:35 dc0 named[30561]: samba b9_putrr: unhandled record
>> type 0
>> Oct 3 08:28:35 dc0 named[30561]: samba b9_putrr: unhandled record
>> type 0
>> Oct 3 08:29:59 dc0 named[30561]: samba b9_putrr: unhandled record
>> type 0
>>
>> I do have dns updates working though samba and dhcpd. File
>> permissions are the big thing that I trouble with. The wiki could use
>> some updates on that. It is good but the info is spread around a
>> little on dns stuff.
>>
>> Jonn
> Here is my zone list.
>
> pszZoneName : example.lan
> Flags : DNS_RPC_ZONE_DSINTEGRATED
> DNS_RPC_ZONE_UPDATE_SECURE
> ZoneType : DNS_ZONE_TYPE_PRIMARY
> Version : 50
> dwDpFlags : DNS_DP_AUTOCREATED
> DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED
> pszDpFqdn : DomainDnsZones.taylortelephone.com
>
> pszZoneName : 198.89.70.in-addr.arpa
> Flags : DNS_RPC_ZONE_DSINTEGRATED
> DNS_RPC_ZONE_UPDATE_SECURE
> ZoneType : DNS_ZONE_TYPE_PRIMARY
> Version : 50
> dwDpFlags : DNS_DP_AUTOCREATED
> DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED
> pszDpFqdn : DomainDnsZones.taylortelephone.com
>
> pszZoneName : 173.168.192.in-addr.arpa
> Flags : DNS_RPC_ZONE_DSINTEGRATED
> DNS_RPC_ZONE_UPDATE_SECURE
> ZoneType : DNS_ZONE_TYPE_PRIMARY
> Version : 50
> dwDpFlags : DNS_DP_AUTOCREATED
> DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED
> pszDpFqdn : DomainDnsZones.taylortelephone.com
>
> pszZoneName : 183.168.192.in-addr.arpa
> Flags : DNS_RPC_ZONE_DSINTEGRATED
> DNS_RPC_ZONE_UPDATE_SECURE
> ZoneType : DNS_ZONE_TYPE_PRIMARY
> Version : 50
> dwDpFlags : DNS_DP_AUTOCREATED
> DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED
> pszDpFqdn : DomainDnsZones.taylortelephone.com
>
> pszZoneName : 170.168.192.in-addr.arpa
> Flags : DNS_RPC_ZONE_DSINTEGRATED
> DNS_RPC_ZONE_UPDATE_SECURE
> ZoneType : DNS_ZONE_TYPE_PRIMARY
> Version : 50
> dwDpFlags : DNS_DP_AUTOCREATED
> DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED
> pszDpFqdn : DomainDnsZones.taylortelephone.com
>
> pszZoneName : taylortelephone.com
> Flags : DNS_RPC_ZONE_DSINTEGRATED
> DNS_RPC_ZONE_UPDATE_SECURE
> ZoneType : DNS_ZONE_TYPE_PRIMARY
> Version : 50
> dwDpFlags : DNS_DP_AUTOCREATED
> DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED
> pszDpFqdn : DomainDnsZones.taylortelephone.com
>
> pszZoneName : taylordatacom.com
> Flags : DNS_RPC_ZONE_DSINTEGRATED
> DNS_RPC_ZONE_UPDATE_SECURE
> ZoneType : DNS_ZONE_TYPE_PRIMARY
> Version : 50
> dwDpFlags : DNS_DP_AUTOCREATED
> DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED
> pszDpFqdn : DomainDnsZones.taylortelephone.com
>
> pszZoneName : _msdcs.taylortelephone.com
> Flags : DNS_RPC_ZONE_DSINTEGRATED
> DNS_RPC_ZONE_UPDATE_SECURE
> ZoneType : DNS_ZONE_TYPE_PRIMARY
> Version : 50
> dwDpFlags : DNS_DP_AUTOCREATED
> DNS_DP_FOREST_DEFAULT DNS_DP_ENLISTED
> pszDpFqdn : ForestDnsZones.taylortelephone.com
>
> pszZoneName : taylortelephone.com
> Flags : DNS_RPC_ZONE_DSINTEGRATED
> DNS_RPC_ZONE_UPDATE_SECURE
> ZoneType : DNS_ZONE_TYPE_PRIMARY
> Version : 50
> dwDpFlags : DNS_DP_AUTOCREATED
> DNS_DP_FOREST_DEFAULT DNS_DP_ENLISTED
> pszDpFqdn : ForestDnsZones.taylortelephone.com
>
This is the other error I am seeing for dns updates. FYI... I have no
machine with the name 29. Been seeing these on and off.
Oct 3 09:32:46 dc1 samba[8233]: [2013/10/03 09:32:46.985106, 0]
../source4/dsdb/samdb/ldb_modules/repl_meta_data.c:3684(replmd_op_possible_conflict_callback)
Oct 3 09:32:46 dc1 samba[8233]:
../source4/dsdb/samdb/ldb_modules/repl_meta_data.c:3684: Failed to find
name attribute in replPropertyMetaData for
DC=ILO2UX81900HG,DC=taylortelephone.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=taylortelephone,DC=com
Oct 3 09:32:47 dc1 samba[8233]: [2013/10/03 09:32:47.005280, 0]
../source4/dsdb/samdb/ldb_modules/repl_meta_data.c:3684(replmd_op_possible_conflict_callback)
Oct 3 09:32:47 dc1 samba[8233]:
../source4/dsdb/samdb/ldb_modules/repl_meta_data.c:3684: Failed to find
name attribute in replPropertyMetaData for
DC=29,DC=173.168.192.in-addr.arpa,CN=MicrosoftDNS,DC=DomainDnsZones,DC=taylortelephone,DC=com
Jonn
More information about the samba-technical
mailing list