Site coverage DNS update on RODC
Kévin Guérineau
kguerineau at tranquil.it
Fri Aug 3 15:55:27 UTC 2018
Hi everyone,
I have been working with Denis at Tranquil IT testing with our client on
the new site coverage coming with 4.9rc2. I have some issues with
samba_dnsupdate on RODC, and I would need some help here to see if there
is a bug or the issue resides inbetween the keyboard and the chair.
Aside from the error messages below, samba_dnsupdate does not properly
create the _gc fields (with Samba, every RWDC is a GC. so I guess it is
the same case for RODC).
I have added more specific notes written inline of the samba_dnsupdate
--verbose output bellow. I can fill a bugzilla entry if you suitable.
Thanks,
Kevin Guérineau
[root at srvrodc.env.tranq private]# samba_dnsupdate --verbose
IPs: ['192.168.1.130']
8 DNS updates and 0 DNS deletes needed
Successfully obtained Kerberos ticket to DNS/srvads.env.tranquil.it as
SRVRODC$
update (nsupdate): A srvrodc.env.tranquil.it 192.168.1.130
Calling nsupdate for A srvrodc.env.tranquil.it 192.168.1.130 (add)
Successfully obtained Kerberos ticket to DNS/srvads.env.tranquil.it as
SRVRODC$
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
srvrodc.env.tranquil.it. 900 IN A 192.168.1.130
####### note : during provisioning , srvrodc A field entry is created
but SRVRODC$ does not have the RW ACE to that entry. then update fails
####### note : during samba_dnsupdate on SRVRODC, if DNS A entry for
itself with a wrong ip address , samba_dnsupdate create a new entry
rather than updating the existing one (it should delete the wrong one)
update (rodc): CNAME
1a3cc061-4804-4983-950a-b2a3a0d29fa4._msdcs.env.tranquil.it
srvrodc.env.tranquil.it
Calling netlogon RODC update for CNAME
1a3cc061-4804-4983-950a-b2a3a0d29fa4._msdcs.env.tranquil.it
srvrodc.env.tranquil.it
####### note : samba_dnsupdate tries to update even though the entry is
already correct. Is it an expected behavior
update (rodc): SRV _ldap._tcp.Site2._sites.env.tranquil.it
srvrodc.env.tranquil.it 389
Calling netlogon RODC update for SRV
_ldap._tcp.Site2._sites.env.tranquil.it srvrodc.env.tranquil.it 389
Error setting DNS entry of type 22: SRV
_ldap._tcp.Site2._sites.env.tranquil.it srvrodc.env.tranquil.it 389:
(3221225653, '{Device Timeout} The specified I/O operation on %hs was
not completed before the time-out period expired.')
####### note : we are not sure why it fails here, if the entry is
deleted, it is properly re-created, but we still get the same error message
update (rodc): SRV _ldap._tcp.Site2._sites.dc._msdcs.env.tranquil.it
srvrodc.env.tranquil.it 389
Calling netlogon RODC update for SRV
_ldap._tcp.Site2._sites.dc._msdcs.env.tranquil.it
srvrodc.env.tranquil.it 389
update (rodc): SRV _kerberos._tcp.Site2._sites.env.tranquil.it
srvrodc.env.tranquil.it 88
Calling netlogon RODC update for SRV
_kerberos._tcp.Site2._sites.env.tranquil.it srvrodc.env.tranquil.it 88
Error setting DNS entry of type 34: SRV
_kerberos._tcp.Site2._sites.env.tranquil.it srvrodc.env.tranquil.it 88:
(3221225653, '{Device Timeout} The specified I/O operation on %hs was
not completed before the time-out period expired.')
####### (same as above) note : we are not sure why it fails here, if the
entry is deleted, it is properly re-created, but we get the same error
message
update (rodc): SRV _kerberos._tcp.Site2._sites.dc._msdcs.env.tranquil.it
srvrodc.env.tranquil.it 88
Calling netlogon RODC update for SRV
_kerberos._tcp.Site2._sites.dc._msdcs.env.tranquil.it
srvrodc.env.tranquil.it 88
update (rodc): SRV _gc._tcp.Site2._sites.env.tranquil.it
srvrodc.env.tranquil.it 3268
####### note : we don't have any error message, but the entry is not
created.
update (rodc): SRV _ldap._tcp.Site2._sites.gc._msdcs.env.tranquil.it
srvrodc.env.tranquil.it 3268
####### (same as above) note : we don't have any error message, but the
entry is not created
Failed update of 2 entries
####### note : it says that two entries fails, which it is the case, but
the one that failed are not the one that really failed actually
--
*Kévin GUÉRINEAU, technicien systèmes et réseaux*
Tranquil IT
12 avenue Jules Verne (Bât. A)
44230 Saint Sébastien sur Loire (FRANCE)
tel: +33 (0) 240 975 755
/Retrouvez-nous sur les réseaux :/
twitter <https://twitter.com/TRANQUIL_IT> linkedin
<https://www.linkedin.com/company/3108003/> youtube
<https://www.youtube.com/channel/UCl45FZItnoOlXsaWUa3UrTw>
------------------------------------------------------------------------
Tranquil IT <https://tranquil.it>
More information about the samba-technical
mailing list