[Samba] samba_dlz Failed to configure reverse zone

Lars Hanke debian at lhanke.de
Wed Dec 24 05:43:26 MST 2014 

I dug somewhat deeper into what is going on below and it seems even 
stranger. The reverse zone without SOA or NS does not even exist:

root at verdandi:~# samba-tool dns query localhost 10.16.172.in-addr.arpa @ 
ALL -U Administrator
Password for [AD\Administrator]:
ERROR(runtime): uncaught exception - (9714, 
'WERR_DNS_ERROR_NAME_DOES_NOT_EXIST')
   File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", 
line 175, in _run
     return self.run(*args, **kwargs)
   File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line 
988, in run
     None, record_type, select_flags, None, None)

So if this zone does not exist, why does BIND_DLZ want to serve it?

Thanks for your help and merry x-mas,
  - lars.

Am 22.12.2014 um 12:57 schrieb Lars Hanke:
> I just upgraded bind9 on my backup DC to 9.9.5-7-Debian and restarting
> the service failed:
>
>
> Dec 22 12:25:55 verdandi named[18534]: starting BIND 9.9.5-7-Debian -u
> bind -4
> Dec 22 12:25:55 verdandi named[18534]: built with '--prefix=/usr'
> '--mandir=/usr/share/man' '--infodir=/usr/share/info'
> '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads'
> '--enable-largefile' '--with-libtool' '--enable-shared'
> '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr'
> '--with-gnu-ld' '--with-geoip=/usr' '--with-atf=no' '--enable-ipv6'
> '--enable-rrl' '--enable-filter-aaaa' 'CFLAGS=-fno-strict-aliasing
> -fno-delete-null-pointer-checks -DDIG_SIGCHASE -O2'
> Dec 22 12:25:55 verdandi named[18534]:
> ----------------------------------------------------
> Dec 22 12:25:55 verdandi named[18534]: BIND 9 is maintained by Internet
> Systems Consortium,
> Dec 22 12:25:55 verdandi named[18534]: Inc. (ISC), a non-profit
> 501(c)(3) public-benefit
> Dec 22 12:25:55 verdandi named[18534]: corporation.  Support and
> training for BIND 9 are
> Dec 22 12:25:55 verdandi named[18534]: available at
> https://www.isc.org/support
> Dec 22 12:25:55 verdandi named[18534]:
> ----------------------------------------------------
> Dec 22 12:25:55 verdandi named[18534]: adjusted limit on open files from
> 4096 to 1048576
> Dec 22 12:25:55 verdandi named[18534]: found 4 CPUs, using 4 worker threads
> Dec 22 12:25:55 verdandi named[18534]: using 4 UDP listeners per interface
> Dec 22 12:25:55 verdandi named[18534]: using up to 4096 sockets
> Dec 22 12:25:55 verdandi named[18534]: loading configuration from
> '/etc/bind/named.conf'
> Dec 22 12:25:55 verdandi named[18534]: reading built-in trusted keys
> from file '/etc/bind/bind.keys'
> Dec 22 12:25:55 verdandi named[18534]: using default UDP/IPv4 port
> range: [1024, 65535]
> Dec 22 12:25:55 verdandi named[18534]: using default UDP/IPv6 port
> range: [1024, 65535]
> Dec 22 12:25:55 verdandi named[18534]: no IPv6 interfaces found
> Dec 22 12:25:55 verdandi named[18534]: listening on IPv4 interface lo,
> 127.0.0.1#53
> Dec 22 12:25:55 verdandi named[18534]: listening on IPv4 interface eth0,
> 172.16.10.17#53
> Dec 22 12:25:55 verdandi named[18534]: generating session key for
> dynamic DNS
> Dec 22 12:25:55 verdandi named[18534]: sizing zone task pool based on 22
> zones
> Dec 22 12:25:55 verdandi named[18534]: Loading 'ad.microsult.de' using
> driver dlopen
> Dec 22 12:25:56 verdandi named[18534]: samba_dlz: started for DN
> DC=ad,DC=microsult,DC=de
> Dec 22 12:25:56 verdandi named[18534]: samba_dlz: starting configure
> Dec 22 12:25:56 verdandi named[18534]: zone 10.16.172.in-addr.arpa/NONE:
> has 0 SOA records
> Dec 22 12:25:56 verdandi named[18534]: zone 10.16.172.in-addr.arpa/NONE:
> has no NS records
> Dec 22 12:25:56 verdandi named[18534]: samba_dlz: Failed to configure
> zone '10.16.172.in-addr.arpa.'
> Dec 22 12:25:56 verdandi named[18534]: loading configuration: bad zone
> Dec 22 12:25:56 verdandi named[18534]: exiting (due to fatal error)
> Dec 22 12:25:56 verdandi named[18534]: samba_dlz: shutting down
>
> It used to run before the update, but a zone with SOA and NS entries is
> of course something strange. The failing zone was fresh, when it first
> started. In fact as viewed from the DC it may only have contained - and
> still contain - the secondary DC itself.
>
> Thanks for your help,
>   - lars.

More information about the samba mailing list