[Samba] RNDC errors using SAMBA_INTERNAL_DNS

lingpanda101 at gmail.com lingpanda101 at gmail.com
Thu Apr 28 17:32:51 UTC 2016


On 4/28/2016 1:05 PM, Rowland penny wrote:
> On 28/04/16 17:21, Wayne Merricks wrote:
>> Hi all,
>>
>> I've set up a simple domain using Samba 4.4.2 from source under 
>> Ubuntu 16.04.
>>
>> I accepted the usual defaults and basically followed wiki.samba.org 
>> to the letter.  The main thing is I'm using Samba's internal DNS and 
>> not Bind (Bind is not even installed on the system).
>>
>> In the log.samba file on the first DC I kept getting this:
>>
>> [2016/04/28 17:01:02.716292,  0] 
>> ../lib/util/util_runcmd.c:328(samba_runcmd_io_handler)
>>   /usr/sbin/rndc: Failed to exec child - No such file or directory
>> [2016/04/28 17:01:02.717094,  0] 
>> ../source4/dsdb/dns/dns_update.c:91(dnsupdate_rndc_done)
>>   ../source4/dsdb/dns/dns_update.c:91: Failed rndc update - 
>> NT_STATUS_UNSUCCESSFUL
>>
>> I'm not sure why dns_update would want to use rndc (bind utils) but I 
>> installed rndc just to see what it would do and now I get this error:
>>
>> [2016/04/28 17:09:03.095642,  0] 
>> ../lib/util/util_runcmd.c:328(samba_runcmd_io_handler)
>>   /usr/sbin/rndc: rndc: neither /etc/bind/rndc.conf nor 
>> /etc/bind/rndc.key was found
>> [2016/04/28 17:09:03.096090,  0] 
>> ../source4/dsdb/dns/dns_update.c:91(dnsupdate_rndc_done)
>>   ../source4/dsdb/dns/dns_update.c:91: Failed rndc update - 
>> NT_STATUS_ACCESS_DENIED
>>
>> The error makes sense as Bind is not installed but I'm puzzled why it 
>> wants to do this even though it is set up as Samba Internal DNS.
>>
>> On the second DC I get tsig verify failure messages but the Google 
>> consensus seems to be that these are safely ignored under Samba 
>> Internal DNS:
>>
>> [2016/04/27 17:35:00.113802,  0] 
>> ../lib/util/util_runcmd.c:328(samba_runcmd_io_handler)
>>   /usr/local/samba/sbin/samba_dnsupdate: ; TSIG error with server: 
>> tsig verify failure
>> [2016/04/27 17:35:00.296862,  0] 
>> ../lib/util/util_runcmd.c:328(samba_runcmd_io_handler)
>>   /usr/local/samba/sbin/samba_dnsupdate: ; TSIG error with server: 
>> tsig verify failure
>> [2016/04/27 17:35:00.316968,  0] 
>> ../source4/dsdb/dns/dns_update.c:295(dnsupdate_nameupdate_done)
>>   ../source4/dsdb/dns/dns_update.c:295: Failed DNS update - 
>> NT_STATUS_UNSUCCESSFUL
>>
>>
>> Are either of these errors worth fixing or are they something to live 
>> with when using Samba Internal DNS?
>>
>> Regards,
>>
>> Wayne
>>
>
> Strange, I compiled 4.4.2 myself and I don't have /usr/bin/rndc but 
> everything is working ok, mind you, I do use Bind9.
>
> What packages did you install before compiling Samba and what where 
> your ./configure options ?
>
> Rowland
>
>

I use Ubuntu 12.04 with Samba 4.4.2 and do not have this issue. It's as 
if Samba thinks you are using Bind. What is the output of

samba-tool testparm -v | grep |"server services ="

Is bind installed and or running on this system inadvertently? I'm 
curious if switching to bind and back to the internal DNS would solve this?

'samba_upgradedns --dns-backend=BIND9_DLZ'

then

'samba_upgradedns --dns-backend=SAMBA_INTERNAL'

Shutdown Samba first.

The tsig error you can safely ignore. Secure updates last I checked 
still don't work.

-- 
-James



More information about the samba mailing list