duplicate dns zones 4.0.9 and samba-master
Taylor, Jonn
jonnt at taylortelephone.com
Thu Oct 10 16:19:59 MDT 2013
On 10/08/2013 09:22 PM, Amitay Isaacs wrote:
>
> On Wed, Oct 9, 2013 at 2:27 AM, Taylor, Jonn
> <jonnt at taylortelephone.com <mailto:jonnt at taylortelephone.com>> wrote:
>
> On 10/08/2013 02:15 AM, Amitay Isaacs wrote:
>>
>> On Thu, Oct 3, 2013 at 11:47 PM, Taylor, Jonn
>> <jonnt at taylortelephone.com <mailto:jonnt at taylortelephone.com>> wrote:
>>
>> On 10/02/2013 08:02 PM, Amitay Isaacs wrote:
>>>
>>> Hi John,
>>>
>>> On Thu, Oct 3, 2013 at 2:54 AM, Taylor, Jonn
>>> <jonnt at taylortelephone.com
>>> <mailto:jonnt at taylortelephone.com>> wrote:
>>>
>>> Looks like it is working. Thank you! Now we just need to
>>> have Andrew fix the database stuff when he has time.
>>>
>>> Oct 2 11:48:44 dc0 named[29090]: starting BIND
>>> 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.6 -u named
>>> Oct 2 11:48:44 dc0 named[29090]: built with
>>> '--build=x86_64-redhat-linux-gnu'
>>> '--host=x86_64-redhat-linux-gnu'
>>> '--target=x86_64-redhat-linux-gnu' '--program-prefix='
>>> '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin'
>>> '--sbindir=/usr/sbin' '--sysconfdir=/etc'
>>> '--datadir=/usr/share' '--includedir=/usr/include'
>>> '--libdir=/usr/lib64' '--libexecdir=/usr/libexec'
>>> '--sharedstatedir=/var/lib' '--mandir=/usr/share/man'
>>> '--infodir=/usr/share/info' '--with-libtool'
>>> '--localstatedir=/var' '--enable-threads'
>>> '--enable-ipv6' '--with-pic' '--disable-static'
>>> '--disable-openssl-version-check' '--with-dlz-ldap=yes'
>>> '--with-dlz-postgres=yes' '--with-dlz-mysql=yes'
>>> '--with-dlz-filesystem=yes' '--with-gssapi=yes'
>>> '--disable-isc-spnego'
>>> '--with-docbook-xsl=/usr/share/sgml/docbook/xsl-stylesheets'
>>> '--enable-fixed-rrset'
>>> 'build_alias=x86_64-redhat-linux-gnu'
>>> 'host_alias=x86_64-redhat-linux-gnu'
>>> 'target_alias=x86_64-redhat-linux-gnu' 'CFLAGS= -O2 -g
>>> -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions
>>> -fstack-protector --param=ssp-buffer-size=4 -m64
>>> -mtune=generic' 'CPPFLAGS= -DDIG_SIGCHASE'
>>> Oct 2 11:48:44 dc0 named[29090]:
>>> ----------------------------------------------------
>>> Oct 2 11:48:44 dc0 named[29090]: BIND 9 is maintained
>>> by Internet Systems Consortium,
>>> Oct 2 11:48:44 dc0 named[29090]: Inc. (ISC), a
>>> non-profit 501(c)(3) public-benefit
>>> Oct 2 11:48:44 dc0 named[29090]: corporation. Support
>>> and training for BIND 9 are
>>> Oct 2 11:48:44 dc0 named[29090]: available at
>>> https://www.isc.org/support
>>> Oct 2 11:48:44 dc0 named[29090]:
>>> ----------------------------------------------------
>>> Oct 2 11:48:44 dc0 named[29090]: adjusted limit on open
>>> files from 4096 to 1048576
>>> Oct 2 11:48:44 dc0 named[29090]: found 1 CPU, using 1
>>> worker thread
>>> Oct 2 11:48:44 dc0 named[29090]: using up to 4096 sockets
>>> Oct 2 11:48:44 dc0 named[29090]: loading configuration
>>> from '/etc/named.conf'
>>> Oct 2 11:48:44 dc0 named[29090]: reading built-in
>>> trusted keys from file '/etc/named.iscdlv.key'
>>> Oct 2 11:48:44 dc0 named[29090]: using default UDP/IPv4
>>> port range: [1024, 65535]
>>> Oct 2 11:48:44 dc0 named[29090]: using default UDP/IPv6
>>> port range: [1024, 65535]
>>> Oct 2 11:48:44 dc0 named[29090]: listening on IPv6
>>> interface lo, ::1#53
>>> Oct 2 11:48:44 dc0 named[29090]: generating session key
>>> for dynamic DNS
>>> Oct 2 11:48:44 dc0 named[29090]: sizing zone task pool
>>> based on 1 zones
>>> Oct 2 11:48:44 dc0 named[29090]: Loading 'AD DNS Zone'
>>> using driver dlopen
>>> Oct 2 11:48:45 dc0 named[29090]: samba_dlz: started for
>>> DN DC=taylortelephone,DC=com
>>> Oct 2 11:48:45 dc0 named[29090]: samba_dlz: starting
>>> configure
>>> Oct 2 11:48:45 dc0 named[29090]: samba_dlz: configured
>>> writeable zone 'example.lan'
>>> Oct 2 11:48:45 dc0 named[29090]: samba_dlz: configured
>>> writeable zone '198.89.70.in-addr.arpa'
>>> Oct 2 11:48:45 dc0 named[29090]: samba_dlz: configured
>>> writeable zone '173.168.192.in-addr.arpa'
>>> Oct 2 11:48:45 dc0 named[29090]: samba_dlz: configured
>>> writeable zone '183.168.192.in-addr.arpa'
>>> Oct 2 11:48:45 dc0 named[29090]: samba_dlz: configured
>>> writeable zone '170.168.192.in-addr.arpa'
>>> Oct 2 11:48:45 dc0 named[29090]: samba_dlz: configured
>>> writeable zone 'taylortelephone.com
>>> <http://taylortelephone.com>'
>>> Oct 2 11:48:45 dc0 named[29090]: samba_dlz: configured
>>> writeable zone 'taylordatacom.com
>>> <http://taylordatacom.com>'
>>> Oct 2 11:48:45 dc0 named[29090]: samba_dlz: configured
>>> writeable zone '_msdcs.taylortelephone.com
>>> <http://msdcs.taylortelephone.com>'
>>> Oct 2 11:48:45 dc0 named[29090]: samba_dlz: Ignoring
>>> duplicate zone 'taylortelephone.com
>>> <http://taylortelephone.com>' from
>>> 'DC=@,DC=taylortelephone.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=taylortelephone,DC=com
>>> <mailto:DC=@,DC=taylortelephone.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=taylortelephone,DC=com>'
>>> Oct 2 11:48:45 dc0 named[29090]: using built-in DLV key
>>> for view _default
>>>
>>>
>>> This is a bit surprising. I was expecting to see the
>>> duplicate zone in the system partition
>>>
>>> CN=MicrosoftDNS,CN=System,DC=taylortelephone,DC=com
>>>
>>> and not really in the ForestDnsZones partition. I am
>>> wondering how did you end up with duplicate primary DNS zone
>>> in forest dns partition. Usually the primary domain zone is
>>> in DomainDnsZones partition and _msdcs.<domain> zone is in
>>> ForestDnsZones partition. You might want to delete this
>>> duplicate zone from ForestDnsZones partition.
>>>
>>>
>>> Amitay.
>> I tried to delete it but when one gets deleted the other one
>> does too. Andrew said it is hard coded that way in s4. This
>> use to be a 2003 domain that I upgraded to 2008r2. It only
>> show up that way on an s4 server. My win2k8r2 that is going
>> away shows only 1 in the dns snap-in.
>>
>>
>> How did you try to delete this zone? Using samba-tool dns
>> zonedelete or using ldbdel? If you tried to delete using
>> "samba-tool dns zonedelete" it would remove only one of the zones
>> from DomainDNsZones partition and not from ForestDnsZones
>> partition. The correct way would be to delete using ldbdel.
>>
>> ldbdel -H /path/to/sam/database DC=taylortelephone.com
>> <http://taylortelephone.com>,CN=MicrosoftDNS,DC=ForestDnsZones,DC=taylortelephone,DC=com
>>
>>
>> I have had a bug open on this for a year now.
>> https://bugzilla.samba.org/show_bug.cgi?id=9210
>>
>>
>> I haven't been getting enough time to work on DNS stuff.
>>
>> Amitay.
> That did not work.
>
> [root at dc0 ~]# ldbdel -H /usr/local/samba/private/dns/sam.ldb
> DC=taylortelephone.com
> <http://taylortelephone.com>,CN=MicrosoftDNS,DC=ForestDnsZones,DC=taylortelephone,DC=com
> Processing section "[netlogon]"
> Processing section "[sysvol]"
> pm_process() returned Yes
> GENSEC backend 'gssapi_spnego' registered
> GENSEC backend 'gssapi_krb5' registered
> GENSEC backend 'gssapi_krb5_sasl' registered
> GENSEC backend 'sasl-DIGEST-MD5' registered
> GENSEC backend 'spnego' registered
> GENSEC backend 'schannel' registered
> GENSEC backend 'sasl-EXTERNAL' registered
> GENSEC backend 'ntlmssp' registered
> GENSEC backend 'krb5' registered
> GENSEC backend 'fake_gssapi_krb5' registered
> delete of 'DC=taylortelephone.com
> <http://taylortelephone.com>,CN=MicrosoftDNS,DC=ForestDnsZones,DC=taylortelephone,DC=com'
> failed - (Not allowed on non-leaf) subtree_delete: Unable to
> delete a non-leaf node (it has 7 children)!
> [root at dc0 ~]#
>
> Jonn
>
>
> ldbdel -r (recursive delete)
>
> Use with caution!
>
> Amitay.
OK, that removed the duplicate zone and things seem to be working
better. I still see strange entries in dns like 2 digit numbers and host
names with a stub zone that come and go.
Jonn
More information about the samba-technical
mailing list