[Samba] V4 - New Install - Missing Zone File

Amitay Isaacs amitay at gmail.com
Wed Feb 22 01:24:06 MST 2012


HI Michael,

On Wed, Feb 22, 2012 at 7:06 PM, Michael Wood <esiotrot at gmail.com> wrote:
> Hi
>
> On 22 February 2012 01:46,  <jdfire at cox.net> wrote:
>>> The default DNS backend has changed to BIND9_DLZ.  This means the DNS
>>> records are stored in Samba4's AD tree instead of in a normal zone
>>> file.
> [...]
>>> If you're just starting out, you might want to try the DLZ backend.
>>
>> Thank you for your help! I was able to get a new Bind version to somewhat work. I was able to join an XP machine to the domain but DNS seems to not be updating correctly. Below you will find the logs that I am seeing.
>
> I don't know what would cause that, but you could try increasing the
> debug level (e.g. samba -d10 -i -M single) to see if it gives you more
> details about the issue.  Increasing bind9's debug level might help
> too.
>
> Also, you might want to discuss this on samba-technical.  I've copied
> my reply there.  Since Samba 4 is still in alpha, the HOWTO says to
> discuss successes/failures on samba-technical.
>
>> /var/log/messages:
>>
>>
>> Feb 21 16:39:39 davis named[1163]:   validating @0x24c0d30: com SOA: no valid signature found
>> Feb 21 16:39:39 davis named[1163]:   validating @0x220f220: com SOA: no valid signature found
>> Feb 21 16:39:39 davis named[1163]:   validating @0x220f220: CK0POJMG874LJREF7EFN8430QVIT8BSM.com NSEC3: no valid signature found
>> Feb 21 16:39:39 davis named[1163]:   validating @0x24c0d30: CK0POJMG874LJREF7EFN8430QVIT8BSM.com NSEC3: no valid signature found
>> Feb 21 16:39:39 davis named[1163]:   validating @0x198b010: A2MEHD73GB2UACB908FCH30EPFLFHMH7.com NSEC3: no valid signature found
>> Feb 21 16:39:39 davis named[1163]:   validating @0x24c0d30: A2MEHD73GB2UACB908FCH30EPFLFHMH7.com NSEC3: no valid signature found
>> Feb 21 16:39:40 davis named[1163]:   validating @0x24c0d30: 3RL0HJSI26SCTO21AV9TVIGIPUVPJAI1.com NSEC3: no valid signature found
>> Feb 21 16:39:40 davis named[1163]:   validating @0x198b010: 3RL0HJSI26SCTO21AV9TVIGIPUVPJAI1.com NSEC3: no valid signature found

These messages are from DNSSEC and are not really from dlz_bind9 module.
Can you check if you have any lines in the log with prefix samba_dlz?

>> samba output in single mode:
>>
>>
>> samba -i -M single
>> samba version 4.0.0alpha18-GIT-89586ed started.
>> Copyright Andrew Tridgell and the Samba Team 1992-2012
>> samba: using 'single' process model
>> ../source4/dsdb/dns/dns_update.c:294: Failed DNS update - NT_STATUS_UNSUCCESSFUL
>>
>>
>> Any ideas as to what that could me? Thank you for your time and have a great day!

To check if dynamic dns is working, you can try to run samba_dnsupdate
script manually.
Make sure bind9 and samba are running and then

 # samba_dnsupdate --verbose

This will try to dynamically update various names in the zone. And
check the logs for
messages from dlz_bind9 module.

Just to make sure that the DNS migration has completed correctly, can
you post the output of
following commands:

 # ldbsearch -H /path/to/sam.ldb -b "DC=DomainDnsZones,DC...."
"(name=@)" --show-binary
 # ldbsearch -H /path/to/sam.ldb -b "DC=ForestDnsZones,DC=...."
"(name=@)" --show-binary

There was an issue previously with migration that @ records were not
populated correctly.

Amitay.


More information about the samba mailing list