[Samba] samba_dlz Failed to configure reverse zone

Rowland Penny rowlandpenny at googlemail.com
Mon Dec 29 03:09:54 MST 2014 

On 29/12/14 09:40, Lars Hanke wrote:
> And some more information about this strange effect apparently no-one 
> has seen before.
>
> I now added the missing zone:
>
> samba-tool dns zonecreate verdandi 10.16.172.in-addr.arpa -U 
> Administrator
>
> and it claims that the zone is okay, but the next one is missing:
>
> Dec 29 10:31:12 verdandi named[2601]: Loading 'ad.microsult.de' using 
> driver dlopen
> Dec 29 10:31:12 verdandi named[2601]: samba_dlz: started for DN 
> DC=ad,DC=microsult,DC=de
> Dec 29 10:31:12 verdandi named[2601]: samba_dlz: starting configure
> Dec 29 10:31:12 verdandi named[2601]: samba_dlz: configured writeable 
> zone '10.16.172.in-addr.arpa.'
> Dec 29 10:31:12 verdandi named[2601]: zone 1.16.172.in-addr.arpa/NONE: 
> has 0 SOA records
> Dec 29 10:31:12 verdandi named[2601]: zone 1.16.172.in-addr.arpa/NONE: 
> has no NS records
> Dec 29 10:31:12 verdandi named[2601]: samba_dlz: Failed to configure 
> zone '1.16.172.in-addr.arpa.'
> Dec 29 10:31:12 verdandi named[2601]: loading configuration: bad zone
> Dec 29 10:31:12 verdandi named[2601]: exiting (due to fatal error)
> Dec 29 10:31:12 verdandi named[2601]: samba_dlz: shutting down
>
> Okay, don't know why it wants it, but it ought to be helped in the 
> same fashion:
>
> samba-tool dns zonecreate verdandi 1.16.172.in-addr.arpa -U Administrator
>
> And, expect more zones to pop up, but no:
>
> Dec 29 10:29:20 verdandi named[2522]: Loading 'ad.microsult.de' using 
> driver dlopen
> Dec 29 10:29:20 verdandi named[2522]: samba_dlz: started for DN 
> DC=ad,DC=microsult,DC=de
> Dec 29 10:29:20 verdandi named[2522]: samba_dlz: starting configure
> Dec 29 10:29:20 verdandi named[2522]: samba_dlz: configured writeable 
> zone '10.16.172.in-addr.arpa.'
> Dec 29 10:29:20 verdandi named[2522]: samba_dlz: configured writeable 
> zone '1.16.172.in-addr.arpa.'
> Dec 29 10:29:20 verdandi named[2522]: samba_dlz: Failed to configure 
> zone '10.16.172.in-addr.arpa'
> Dec 29 10:29:20 verdandi named[2522]: loading configuration: already 
> exists
> Dec 29 10:29:20 verdandi named[2522]: exiting (due to fatal error)
> Dec 29 10:29:20 verdandi named[2522]: samba_dlz: shutting down
>
> (and as you can see from the dates, this is repeatable) This becomes 
> more and more confusing.
>
> Any ideas?
>
> Thanks,
>  - lars.
>
> Am 24.12.2014 um 13:43 schrieb Lars Hanke:
>> I dug somewhat deeper into what is going on below and it seems even
>> stranger. The reverse zone without SOA or NS does not even exist:
>>
>> root at verdandi:~# samba-tool dns query localhost 10.16.172.in-addr.arpa @
>> ALL -U Administrator
>> Password for [AD\Administrator]:
>> ERROR(runtime): uncaught exception - (9714,
>> 'WERR_DNS_ERROR_NAME_DOES_NOT_EXIST')
>>    File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
>> line 175, in _run
>>      return self.run(*args, **kwargs)
>>    File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line
>> 988, in run
>>      None, record_type, select_flags, None, None)
>>
>> So if this zone does not exist, why does BIND_DLZ want to serve it?
>>
>> Thanks for your help and merry x-mas,
>>   - lars.
>>
>> Am 22.12.2014 um 12:57 schrieb Lars Hanke:
>>> I just upgraded bind9 on my backup DC to 9.9.5-7-Debian and restarting
>>> the service failed:
>>>
>>>
>>> Dec 22 12:25:55 verdandi named[18534]: starting BIND 9.9.5-7-Debian -u
>>> bind -4
>>> Dec 22 12:25:55 verdandi named[18534]: built with '--prefix=/usr'
>>> '--mandir=/usr/share/man' '--infodir=/usr/share/info'
>>> '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads'
>>> '--enable-largefile' '--with-libtool' '--enable-shared'
>>> '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr'
>>> '--with-gnu-ld' '--with-geoip=/usr' '--with-atf=no' '--enable-ipv6'
>>> '--enable-rrl' '--enable-filter-aaaa' 'CFLAGS=-fno-strict-aliasing
>>> -fno-delete-null-pointer-checks -DDIG_SIGCHASE -O2'
>>> Dec 22 12:25:55 verdandi named[18534]:
>>> ----------------------------------------------------
>>> Dec 22 12:25:55 verdandi named[18534]: BIND 9 is maintained by Internet
>>> Systems Consortium,
>>> Dec 22 12:25:55 verdandi named[18534]: Inc. (ISC), a non-profit
>>> 501(c)(3) public-benefit
>>> Dec 22 12:25:55 verdandi named[18534]: corporation.  Support and
>>> training for BIND 9 are
>>> Dec 22 12:25:55 verdandi named[18534]: available at
>>> https://www.isc.org/support
>>> Dec 22 12:25:55 verdandi named[18534]:
>>> ----------------------------------------------------
>>> Dec 22 12:25:55 verdandi named[18534]: adjusted limit on open files 
>>> from
>>> 4096 to 1048576
>>> Dec 22 12:25:55 verdandi named[18534]: found 4 CPUs, using 4 worker
>>> threads
>>> Dec 22 12:25:55 verdandi named[18534]: using 4 UDP listeners per
>>> interface
>>> Dec 22 12:25:55 verdandi named[18534]: using up to 4096 sockets
>>> Dec 22 12:25:55 verdandi named[18534]: loading configuration from
>>> '/etc/bind/named.conf'
>>> Dec 22 12:25:55 verdandi named[18534]: reading built-in trusted keys
>>> from file '/etc/bind/bind.keys'
>>> Dec 22 12:25:55 verdandi named[18534]: using default UDP/IPv4 port
>>> range: [1024, 65535]
>>> Dec 22 12:25:55 verdandi named[18534]: using default UDP/IPv6 port
>>> range: [1024, 65535]
>>> Dec 22 12:25:55 verdandi named[18534]: no IPv6 interfaces found
>>> Dec 22 12:25:55 verdandi named[18534]: listening on IPv4 interface lo,
>>> 127.0.0.1#53
>>> Dec 22 12:25:55 verdandi named[18534]: listening on IPv4 interface 
>>> eth0,
>>> 172.16.10.17#53
>>> Dec 22 12:25:55 verdandi named[18534]: generating session key for
>>> dynamic DNS
>>> Dec 22 12:25:55 verdandi named[18534]: sizing zone task pool based 
>>> on 22
>>> zones
>>> Dec 22 12:25:55 verdandi named[18534]: Loading 'ad.microsult.de' using
>>> driver dlopen
>>> Dec 22 12:25:56 verdandi named[18534]: samba_dlz: started for DN
>>> DC=ad,DC=microsult,DC=de
>>> Dec 22 12:25:56 verdandi named[18534]: samba_dlz: starting configure
>>> Dec 22 12:25:56 verdandi named[18534]: zone 
>>> 10.16.172.in-addr.arpa/NONE:
>>> has 0 SOA records
>>> Dec 22 12:25:56 verdandi named[18534]: zone 
>>> 10.16.172.in-addr.arpa/NONE:
>>> has no NS records
>>> Dec 22 12:25:56 verdandi named[18534]: samba_dlz: Failed to configure
>>> zone '10.16.172.in-addr.arpa.'
>>> Dec 22 12:25:56 verdandi named[18534]: loading configuration: bad zone
>>> Dec 22 12:25:56 verdandi named[18534]: exiting (due to fatal error)
>>> Dec 22 12:25:56 verdandi named[18534]: samba_dlz: shutting down
>>>
>>> It used to run before the update, but a zone with SOA and NS entries is
>>> of course something strange. The failing zone was fresh, when it first
>>> started. In fact as viewed from the DC it may only have contained - and
>>> still contain - the secondary DC itself.
>>>
>>> Thanks for your help,
>>>   - lars.
>>
>

Hi, how have you setup bind ?
can you post the bind conf files ?

Rowland

More information about the samba mailing list