[Samba] recreate/re-provision DNS db from scratch?

Denis Cardon denis.cardon at tranquil-it-systems.fr
Thu Feb 26 02:12:00 MST 2015

Hi Bram,

> One Samba server (DC & file server), no replication, 4.0.6 and this is my
> Xth attempt to upgrade the #@$^ thing. Each time it ends up broken and I
> have to rollback, unfortunately. And each time I hope a new version fixes
> the issue or that I can find the cause. As you can imagine this is quite a
> problem, not in the least with regards to security.

if you are really eager to update as soon as possible and there is only 
a DNS issue, you can always switch back to plain file bind9 DNS zones 
like in the good ol' days, it still works great even if it is not as 
convenient as samba4 DNS. I had to do that once when working a DC with 
ailling DNS zones (I don't remember exactly what I did to get it back on 

On the screwed up DC, can you still connect throught ldap and display 
the base object of the dc=domaindnszones,dc=yourdomain,dc=lan?



> The machine is a virtualized host on KVM, Linux, fully up to date Debian 7.8
> (wheezy), 64 bit. Not sure what else to say about it.
>> - Do you use the internal DNS or BIND_DLZ?
> Internal.
> Also, I'm using './configure' without any arguments. All pretty standard I
> would say.
>> - Is Samba/BIND listening on port 53 (netstat -taunp|grep :53)
>> - Does DNS entries resolve on the server (try
>> https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO#Testing_DNS)
> Resolving works fine both on the box itself (I tested 'host
> jnet.hermanjordan.nl' and on the lan IP) and from the
> Windows client. I must confess I did not check the two SRV records at that
> time (but see next).
> I can login from a Windows client, but in eventlog and with gpupdate I get
> strange errors about not finding the logon server or unable to lookup the
> computer name or account name (well, what I wrote earlier).
> Similarly, on Windows the DNS MMC tool sometimes gave an error after
> connecting to the DC about DNS not being available for management (so to
> say). Then a minute later or after a restart it worked, then a little later
> it broke again and after F5 it's completely broken again. Broken as in: the
> UI says there's a problem with the zone file. That's on 4.1.17 and that's
> why I think there must be something broken... it shouldn't flip/flop.
> I would tend to think that all the issues I'm seeing, 1) the samba-tool dns
> giving a mysterious error, 2) the DNS MMC/RSAT tool giving strange results,
> and 3) the errors on the client with regards to group policy, are all
> related / caused by the same thing. But I'm stuck as to.. how to proceed.
> If there's no way to re-provision/re-create all the DNS stuff, then do you
> have any ideas on the "samba-tool dns" issues? If it's all the same issue
> then that one may be the best entry to debug my issue? (Samba speaking to
> Samba after all)
> The command works on 4.0.6 (.. but.. again.. I don't want to be stuck with
> such an old version), but not on 4.1.17.
> Unless, of course, that issue is completely unrelated. I kinda hope it's
> related, though.
> Thanks a lot for taking the time to look into this!
> Bram.

Denis Cardon
Tranquil IT Systems
Les Espaces Jules Verne, bâtiment A
12 avenue Jules Verne
44230 Saint Sébastien sur Loire
tel : +33 (0)

