[Samba] samba_dlz Failed to configure reverse zone

Lars Hanke debian at lhanke.de
Mon Dec 29 02:40:11 MST 2014 

And some more information about this strange effect apparently no-one 
has seen before.

I now added the missing zone:

samba-tool dns zonecreate verdandi 10.16.172.in-addr.arpa -U Administrator

and it claims that the zone is okay, but the next one is missing:

Dec 29 10:31:12 verdandi named[2601]: Loading 'ad.microsult.de' using 
driver dlopen
Dec 29 10:31:12 verdandi named[2601]: samba_dlz: started for DN 
DC=ad,DC=microsult,DC=de
Dec 29 10:31:12 verdandi named[2601]: samba_dlz: starting configure
Dec 29 10:31:12 verdandi named[2601]: samba_dlz: configured writeable 
zone '10.16.172.in-addr.arpa.'
Dec 29 10:31:12 verdandi named[2601]: zone 1.16.172.in-addr.arpa/NONE: 
has 0 SOA records
Dec 29 10:31:12 verdandi named[2601]: zone 1.16.172.in-addr.arpa/NONE: 
has no NS records
Dec 29 10:31:12 verdandi named[2601]: samba_dlz: Failed to configure 
zone '1.16.172.in-addr.arpa.'
Dec 29 10:31:12 verdandi named[2601]: loading configuration: bad zone
Dec 29 10:31:12 verdandi named[2601]: exiting (due to fatal error)
Dec 29 10:31:12 verdandi named[2601]: samba_dlz: shutting down

Okay, don't know why it wants it, but it ought to be helped in the same 
fashion:

samba-tool dns zonecreate verdandi 1.16.172.in-addr.arpa -U Administrator

And, expect more zones to pop up, but no:

Dec 29 10:29:20 verdandi named[2522]: Loading 'ad.microsult.de' using 
driver dlopen
Dec 29 10:29:20 verdandi named[2522]: samba_dlz: started for DN 
DC=ad,DC=microsult,DC=de
Dec 29 10:29:20 verdandi named[2522]: samba_dlz: starting configure
Dec 29 10:29:20 verdandi named[2522]: samba_dlz: configured writeable 
zone '10.16.172.in-addr.arpa.'
Dec 29 10:29:20 verdandi named[2522]: samba_dlz: configured writeable 
zone '1.16.172.in-addr.arpa.'
Dec 29 10:29:20 verdandi named[2522]: samba_dlz: Failed to configure 
zone '10.16.172.in-addr.arpa'
Dec 29 10:29:20 verdandi named[2522]: loading configuration: already exists
Dec 29 10:29:20 verdandi named[2522]: exiting (due to fatal error)
Dec 29 10:29:20 verdandi named[2522]: samba_dlz: shutting down

(and as you can see from the dates, this is repeatable) This becomes 
more and more confusing.

Any ideas?

Thanks,
  - lars.

Am 24.12.2014 um 13:43 schrieb Lars Hanke:
> I dug somewhat deeper into what is going on below and it seems even
> stranger. The reverse zone without SOA or NS does not even exist:
>
> root at verdandi:~# samba-tool dns query localhost 10.16.172.in-addr.arpa @
> ALL -U Administrator
> Password for [AD\Administrator]:
> ERROR(runtime): uncaught exception - (9714,
> 'WERR_DNS_ERROR_NAME_DOES_NOT_EXIST')
>    File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
> line 175, in _run
>      return self.run(*args, **kwargs)
>    File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line
> 988, in run
>      None, record_type, select_flags, None, None)
>
> So if this zone does not exist, why does BIND_DLZ want to serve it?
>
> Thanks for your help and merry x-mas,
>   - lars.
>
> Am 22.12.2014 um 12:57 schrieb Lars Hanke:
>> I just upgraded bind9 on my backup DC to 9.9.5-7-Debian and restarting
>> the service failed:
>>
>>
>> Dec 22 12:25:55 verdandi named[18534]: starting BIND 9.9.5-7-Debian -u
>> bind -4
>> Dec 22 12:25:55 verdandi named[18534]: built with '--prefix=/usr'
>> '--mandir=/usr/share/man' '--infodir=/usr/share/info'
>> '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads'
>> '--enable-largefile' '--with-libtool' '--enable-shared'
>> '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr'
>> '--with-gnu-ld' '--with-geoip=/usr' '--with-atf=no' '--enable-ipv6'
>> '--enable-rrl' '--enable-filter-aaaa' 'CFLAGS=-fno-strict-aliasing
>> -fno-delete-null-pointer-checks -DDIG_SIGCHASE -O2'
>> Dec 22 12:25:55 verdandi named[18534]:
>> ----------------------------------------------------
>> Dec 22 12:25:55 verdandi named[18534]: BIND 9 is maintained by Internet
>> Systems Consortium,
>> Dec 22 12:25:55 verdandi named[18534]: Inc. (ISC), a non-profit
>> 501(c)(3) public-benefit
>> Dec 22 12:25:55 verdandi named[18534]: corporation.  Support and
>> training for BIND 9 are
>> Dec 22 12:25:55 verdandi named[18534]: available at
>> https://www.isc.org/support
>> Dec 22 12:25:55 verdandi named[18534]:
>> ----------------------------------------------------
>> Dec 22 12:25:55 verdandi named[18534]: adjusted limit on open files from
>> 4096 to 1048576
>> Dec 22 12:25:55 verdandi named[18534]: found 4 CPUs, using 4 worker
>> threads
>> Dec 22 12:25:55 verdandi named[18534]: using 4 UDP listeners per
>> interface
>> Dec 22 12:25:55 verdandi named[18534]: using up to 4096 sockets
>> Dec 22 12:25:55 verdandi named[18534]: loading configuration from
>> '/etc/bind/named.conf'
>> Dec 22 12:25:55 verdandi named[18534]: reading built-in trusted keys
>> from file '/etc/bind/bind.keys'
>> Dec 22 12:25:55 verdandi named[18534]: using default UDP/IPv4 port
>> range: [1024, 65535]
>> Dec 22 12:25:55 verdandi named[18534]: using default UDP/IPv6 port
>> range: [1024, 65535]
>> Dec 22 12:25:55 verdandi named[18534]: no IPv6 interfaces found
>> Dec 22 12:25:55 verdandi named[18534]: listening on IPv4 interface lo,
>> 127.0.0.1#53
>> Dec 22 12:25:55 verdandi named[18534]: listening on IPv4 interface eth0,
>> 172.16.10.17#53
>> Dec 22 12:25:55 verdandi named[18534]: generating session key for
>> dynamic DNS
>> Dec 22 12:25:55 verdandi named[18534]: sizing zone task pool based on 22
>> zones
>> Dec 22 12:25:55 verdandi named[18534]: Loading 'ad.microsult.de' using
>> driver dlopen
>> Dec 22 12:25:56 verdandi named[18534]: samba_dlz: started for DN
>> DC=ad,DC=microsult,DC=de
>> Dec 22 12:25:56 verdandi named[18534]: samba_dlz: starting configure
>> Dec 22 12:25:56 verdandi named[18534]: zone 10.16.172.in-addr.arpa/NONE:
>> has 0 SOA records
>> Dec 22 12:25:56 verdandi named[18534]: zone 10.16.172.in-addr.arpa/NONE:
>> has no NS records
>> Dec 22 12:25:56 verdandi named[18534]: samba_dlz: Failed to configure
>> zone '10.16.172.in-addr.arpa.'
>> Dec 22 12:25:56 verdandi named[18534]: loading configuration: bad zone
>> Dec 22 12:25:56 verdandi named[18534]: exiting (due to fatal error)
>> Dec 22 12:25:56 verdandi named[18534]: samba_dlz: shutting down
>>
>> It used to run before the update, but a zone with SOA and NS entries is
>> of course something strange. The failing zone was fresh, when it first
>> started. In fact as viewed from the DC it may only have contained - and
>> still contain - the secondary DC itself.
>>
>> Thanks for your help,
>>   - lars.
>

More information about the samba mailing list