[Samba] Horrible BIND9_DLZ DNS breakage after DC replaced and samba-tool domain demote --remove-other-dead-server
Rowland Penny
rpenny at samba.org
Mon Aug 15 18:59:56 UTC 2016
On Mon, 15 Aug 2016 16:02:38 +0100
Rowland Penny via samba <samba at lists.samba.org> wrote:
>
> OK, this has nothing to do with the classicupgrade, I have setup a
> couple of VMs and provisioned a test DC in one and joined another DC
> in the other.
>
> I am now at the point the OP is at, samba_dnsupdate cannot add the
> required records, all I get in log.samba is this multiple times:
>
> [2016/08/15 15:57:23.949917,
> 0] ../lib/util/util_runcmd.c:328(samba_runcmd_io_handler) /usr/local/samba/sbin/samba_dnsupdate:
> update failed: NOTAUTH
>
> and it ends with this:
>
> [2016/08/15 15:57:23.975421,
> 0] ../source4/dsdb/dns/dns_update.c:295(dnsupdate_nameupdate_done) ../source4/dsdb/dns/dns_update.c:295:
> Failed DNS update - NT_STATUS_UNSUCCESSFUL
>
> Now to try and find the cause and fix it.
>
> Rowland
>
OK, I think I have sorted this, I added some lines to samba_dnsupdate
to print out why it didn't work and got this:
Could not obtain Kerberos ticket for DNS/devdc1.example.com as DEVDC2$
response to GSS-TSIG query was unsuccessful
....
response to GSS-TSIG query was unsuccessful
Failed update of 24 entries
So, I thought, no SOA records for DEVDC2
Added them:
samba-tool dns add 127.0.0.1 example.com devdc2 A 192.168.0.251 -Uadministrator
samba-tool dns add 127.0.0.1 example.com @ NS devdc2.example.com -Uadministrator
samba-tool dns add 127.0.0.1 _msdcs.example.com @ NS devdc2.example.com -Uadministrator
and then ran samba_dnsupdate again and this time it didn't print
anything, so I tried this:
root at devdc2:~# host -t SRV _ldap._tcp.example.com.
and got this:
_ldap._tcp.example.com has SRV record 0 100 389 devdc1.example.com.
_ldap._tcp.example.com has SRV record 0 100 389 devdc2.example.com.
I think all the records are now there.
So, as the OP said, this is a bit of a chicken and egg situation, you
need the SOA records to add the SOA records via samba_dnsupdate.
Rowland
More information about the samba
mailing list