Migrate dns to bind

Amitay Isaacs amitay at gmail.com
Wed Sep 4 04:42:18 CEST 2013 

Hi John,

On Wed, Sep 4, 2013 at 2:49 AM, Jonn Taylor <jonnt at taylortelephone.com>wrote:

> I am having problems migrating away from the internal dns server. I have 2
> win2k3 servers that I would like to make go away someday. My DC2 server is
> currently providing pdc, dhcp and dns. DC0 will be the final replacement.
>
> Is this problem caused by this bug? https://bugzilla.samba.org/**
> show_bug.cgi?id=9210 <https://bugzilla.samba.org/show_bug.cgi?id=9210>
>
> Sep  3 11:36:19 dc0 named[4401]: starting BIND 9.8.2rc1-RedHat-9.8.2-0.17.
> **rc1.el6.3 -u named
> Sep  3 11:36:19 dc0 named[4401]: built with '--build=x86_64-redhat-linux-*
> *gnu' '--host=x86_64-redhat-linux-**gnu' '--target=x86_64-redhat-linux-**gnu'
> '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr'
> '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc'
> '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64'
> '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib'
> '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--with-libtool'
> '--localstatedir=/var' '--enable-threads' '--enable-ipv6' '--with-pic'
> '--disable-static' '--disable-openssl-version-**check'
> '--with-dlz-ldap=yes' '--with-dlz-postgres=yes' '--with-dlz-mysql=yes'
> '--with-dlz-filesystem=yes' '--with-gssapi=yes' '--disable-isc-spnego'
> '--with-docbook-xsl=/usr/**share/sgml/docbook/xsl-**stylesheets'
> '--enable-fixed-rrset' 'build_alias=x86_64-redhat-**linux-gnu'
> 'host_alias=x86_64-redhat-**linux-gnu' 'target_alias=x86_64-redhat-**linux-gnu'
> 'CFLAGS= -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions
> -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' 'CPPFLAGS=
> -DDIG_SIGCHASE'
> Sep  3 11:36:19 dc0 named[4401]: ------------------------------**
> ----------------------
> Sep  3 11:36:19 dc0 named[4401]: BIND 9 is maintained by Internet Systems
> Consortium,
> Sep  3 11:36:19 dc0 named[4401]: Inc. (ISC), a non-profit 501(c)(3)
> public-benefit
> Sep  3 11:36:19 dc0 named[4401]: corporation.  Support and training for
> BIND 9 are
> Sep  3 11:36:19 dc0 named[4401]: available at https://www.isc.org/support
> Sep  3 11:36:19 dc0 named[4401]: ------------------------------**
> ----------------------
> Sep  3 11:36:19 dc0 named[4401]: adjusted limit on open files from 4096 to
> 1048576
> Sep  3 11:36:19 dc0 named[4401]: found 1 CPU, using 1 worker thread
> Sep  3 11:36:19 dc0 named[4401]: using up to 4096 sockets
> Sep  3 11:36:19 dc0 named[4401]: loading configuration from
> '/etc/named.conf'
> Sep  3 11:36:19 dc0 named[4401]: reading built-in trusted keys from file
> '/etc/named.iscdlv.key'
> Sep  3 11:36:19 dc0 named[4401]: using default UDP/IPv4 port range: [1024,
> 65535]
> Sep  3 11:36:19 dc0 named[4401]: using default UDP/IPv6 port range: [1024,
> 65535]
> Sep  3 11:36:19 dc0 named[4401]: listening on IPv6 interface lo, ::1#53
> Sep  3 11:36:19 dc0 named[4401]: generating session key for dynamic DNS
> Sep  3 11:36:19 dc0 named[4401]: sizing zone task pool based on 1 zones
> Sep  3 11:36:19 dc0 named[4401]: Loading 'AD DNS Zone' using driver dlopen
> Sep  3 11:36:20 dc0 named[4401]: samba_dlz: started for DN
> DC=taylortelephone,DC=com
> Sep  3 11:36:20 dc0 named[4401]: samba_dlz: starting configure
> Sep  3 11:36:20 dc0 named[4401]: samba_dlz: configured writeable zone
> 'example.lan'
> Sep  3 11:36:20 dc0 named[4401]: samba_dlz: configured writeable zone
> '198.89.70.in-addr.arpa'
> Sep  3 11:36:20 dc0 named[4401]: samba_dlz: configured writeable zone
> '173.168.192.in-addr.arpa'
> Sep  3 11:36:20 dc0 named[4401]: samba_dlz: configured writeable zone
> '183.168.192.in-addr.arpa'
> Sep  3 11:36:20 dc0 named[4401]: samba_dlz: configured writeable zone
> '170.168.192.in-addr.arpa'
> Sep  3 11:36:20 dc0 named[4401]: samba_dlz: configured writeable zone '
> taylortelephone.com'
> Sep  3 11:36:20 dc0 named[4401]: samba_dlz: configured writeable zone '
> taylordatacom.com'
> Sep  3 11:36:20 dc0 named[4401]: samba_dlz: configured writeable zone '_
> msdcs.taylortelephone.com'
> Sep  3 11:36:20 dc0 named[4401]: samba_dlz: Failed to configure zone '
> taylortelephone.com'
> Sep  3 11:36:20 dc0 named[4401]: loading configuration: already exists
> Sep  3 11:36:20 dc0 named[4401]: exiting (due to fatal error)
>
>
It does appear to be related. You seem to have sames zones defined both in
DNS partitions and the domain partition.  This will cause problem with BIND
DLZ module as it will try to load zones from all DNS partitions and domain
partition (CN=MicrosoftDNS,CN=System subtree).  W2K3 server can maintain
DNS information in two places if you have DNS partitions configured.
Currently Samba does not support that.

One option would be to remove duplicate DNS information and store the zones
only in one place (preferably in DNS partitions).  Then any of DNS
solutions (internal server or BIND DLZ) would work just fine.

Amitay.

More information about the samba-technical mailing list