[Samba] V4 - New Install - Missing Zone File

Michael Wood esiotrot at gmail.com
Wed Feb 22 04:05:28 MST 2012


Hi Amitay

I think you may be getting mixed up between my issues with upgrading
and the original poster's (Jeremy/jdfire) issue with a new provision
:)

The messages from the logs are all from Jeremy.  It's a new provision,
so there's no "migration" unless I'm missing something.

My issues with upgradeprovision etc. are unrelated to Jeremy's issue.
I just mentioned that I hadn't tested the DLZ module yet because I was
still running an old provision from before the DLZ module existed.

On 22 February 2012 10:24, Amitay Isaacs <amitay at gmail.com> wrote:
> HI Michael,
>
> On Wed, Feb 22, 2012 at 7:06 PM, Michael Wood <esiotrot at gmail.com> wrote:
>> Hi
>>
>> On 22 February 2012 01:46,  <jdfire at cox.net> wrote:
>>>> The default DNS backend has changed to BIND9_DLZ.  This means the DNS
>>>> records are stored in Samba4's AD tree instead of in a normal zone
>>>> file.
>> [...]
>>>> If you're just starting out, you might want to try the DLZ backend.
>>>
>>> Thank you for your help! I was able to get a new Bind version to somewhat work. I was able to join an XP machine to the domain but DNS seems to not be updating correctly. Below you will find the logs that I am seeing.
>>
>> I don't know what would cause that, but you could try increasing the
>> debug level (e.g. samba -d10 -i -M single) to see if it gives you more
>> details about the issue.  Increasing bind9's debug level might help
>> too.
>>
>> Also, you might want to discuss this on samba-technical.  I've copied
>> my reply there.  Since Samba 4 is still in alpha, the HOWTO says to
>> discuss successes/failures on samba-technical.
>>
>>> /var/log/messages:
>>>
>>>
>>> Feb 21 16:39:39 davis named[1163]:   validating @0x24c0d30: com SOA: no valid signature found
>>> Feb 21 16:39:39 davis named[1163]:   validating @0x220f220: com SOA: no valid signature found
>>> Feb 21 16:39:39 davis named[1163]:   validating @0x220f220: CK0POJMG874LJREF7EFN8430QVIT8BSM.com NSEC3: no valid signature found
>>> Feb 21 16:39:39 davis named[1163]:   validating @0x24c0d30: CK0POJMG874LJREF7EFN8430QVIT8BSM.com NSEC3: no valid signature found
>>> Feb 21 16:39:39 davis named[1163]:   validating @0x198b010: A2MEHD73GB2UACB908FCH30EPFLFHMH7.com NSEC3: no valid signature found
>>> Feb 21 16:39:39 davis named[1163]:   validating @0x24c0d30: A2MEHD73GB2UACB908FCH30EPFLFHMH7.com NSEC3: no valid signature found
>>> Feb 21 16:39:40 davis named[1163]:   validating @0x24c0d30: 3RL0HJSI26SCTO21AV9TVIGIPUVPJAI1.com NSEC3: no valid signature found
>>> Feb 21 16:39:40 davis named[1163]:   validating @0x198b010: 3RL0HJSI26SCTO21AV9TVIGIPUVPJAI1.com NSEC3: no valid signature found
>
> These messages are from DNSSEC and are not really from dlz_bind9 module.
> Can you check if you have any lines in the log with prefix samba_dlz?
>
>>> samba output in single mode:
>>>
>>>
>>> samba -i -M single
>>> samba version 4.0.0alpha18-GIT-89586ed started.
>>> Copyright Andrew Tridgell and the Samba Team 1992-2012
>>> samba: using 'single' process model
>>> ../source4/dsdb/dns/dns_update.c:294: Failed DNS update - NT_STATUS_UNSUCCESSFUL
>>>
>>>
>>> Any ideas as to what that could me? Thank you for your time and have a great day!
>
> To check if dynamic dns is working, you can try to run samba_dnsupdate
> script manually.
> Make sure bind9 and samba are running and then
>
>  # samba_dnsupdate --verbose
>
> This will try to dynamically update various names in the zone. And
> check the logs for
> messages from dlz_bind9 module.

The stuff below about DNS migration is not relevant for Jeremy's
problem, I don't think.  Right?

> Just to make sure that the DNS migration has completed correctly, can
> you post the output of
> following commands:
>
>  # ldbsearch -H /path/to/sam.ldb -b "DC=DomainDnsZones,DC...."
> "(name=@)" --show-binary
>  # ldbsearch -H /path/to/sam.ldb -b "DC=ForestDnsZones,DC=...."
> "(name=@)" --show-binary
>
> There was an issue previously with migration that @ records were not
> populated correctly.
>
> Amitay.

-- 
Michael Wood <esiotrot at gmail.com>


More information about the samba mailing list