[Samba] V4 - New Install - Missing Zone File

jdfire at cox.net jdfire at cox.net
Tue Feb 21 17:24:50 MST 2012


---- steve <steve at steve-ss.com> wrote: 
> On 02/22/2012 12:46 AM, jdfire at cox.net wrote:
> >> The default DNS backend has changed to BIND9_DLZ.  This means the DNS
> >> records are stored in Samba4's AD tree instead of in a normal zone
> >> file.
> >>
> >> I've not tried the above, so am not sure exactly how to set it up.
> >> There are some posts about it in the samba-technical mailing list
> >> archives, though.
> >>
> >> For the zone file, re-provision with the following option:
> >>
> >>    --dns-backend=BIND9_FLATFILE
> >>
> >> The BIND9_FLATFILE backend is the old way.  BIND9_DLZ and
> >> SAMBA_INTERNAL are the two new methods.  BIND9_DLZ needs a recent
> >> version of bind with DLZ dlopen support.  The SAMBA_INTERNAL does not
> >> yet support signed DNS updates (last I heard).
> >>
> >> Since I provisioned samba4 before the DLZ option was available I have
> >> stuck with BIND9_FLATFILE for now.
> >>
> >> If you're just starting out, you might want to try the DLZ backend.
> >>
> >> -- 
> > Thank you for your help! I was able to get a new Bind version to somewhat work. I was able to join an XP machine to the domain but DNS seems to not be updating correctly. Below you will find the logs that I am seeing.
> >
> > /var/log/messages:
> >
> >
> > Feb 21 16:39:39 davis named[1163]:   validating @0x24c0d30: com SOA: no valid signature found
> > Feb 21 16:39:39 davis named[1163]:   validating @0x220f220: com SOA: no valid signature found
> > Feb 21 16:39:39 davis named[1163]:   validating @0x220f220: CK0POJMG874LJREF7EFN8430QVIT8BSM.com NSEC3: no valid signature found
> > Feb 21 16:39:39 davis named[1163]:   validating @0x24c0d30: CK0POJMG874LJREF7EFN8430QVIT8BSM.com NSEC3: no valid signature found
> > Feb 21 16:39:39 davis named[1163]:   validating @0x198b010: A2MEHD73GB2UACB908FCH30EPFLFHMH7.com NSEC3: no valid signature found
> > Feb 21 16:39:39 davis named[1163]:   validating @0x24c0d30: A2MEHD73GB2UACB908FCH30EPFLFHMH7.com NSEC3: no valid signature found
> > Feb 21 16:39:40 davis named[1163]:   validating @0x24c0d30: 3RL0HJSI26SCTO21AV9TVIGIPUVPJAI1.com NSEC3: no valid signature found
> > Feb 21 16:39:40 davis named[1163]:   validating @0x198b010: 3RL0HJSI26SCTO21AV9TVIGIPUVPJAI1.com NSEC3: no valid signature found
> >
> >
> > samba output in single mode:
> >
> >
> > samba -i -M single
> > samba version 4.0.0alpha18-GIT-89586ed started.
> > Copyright Andrew Tridgell and the Samba Team 1992-2012
> > samba: using 'single' process model
> > ../source4/dsdb/dns/dns_update.c:294: Failed DNS update - NT_STATUS_UNSUCCESSFUL
> >
> >
> > Any ideas as to what that could me? Thank you for your time and have a great day!
> Hi
> I think DLZ is the default. I didn't specify any dns-backend when 
> provisioning but I got files I needed to include for named. I had to 
> make 2 changes to the bind 9 config as detailed here:
> http://linuxcostablanca.blogspot.com/2012/01/samba-4-ubuntu.html
> HTH
> Steve

Hello Steve, I have the entries in my /etc/named.conf. Not sure what else to try. Based on the logs samba4 is unable to update DNS. And Bind is having issues with a signature by what the /var/log/messages is saying. Any ideas as to what it could be?



More information about the samba mailing list