[Samba] debugging bind9_DLZ

Rowland Penny rpenny at samba.org
Fri Nov 4 16:31:23 UTC 2016 

On Fri, 04 Nov 2016 11:15:47 -0500
Bob of Donelson Trophy via samba <samba at lists.samba.org> wrote:

> On 2016-11-04 10:55, Rowland Penny via samba wrote:
> 
> > On Fri, 04 Nov 2016 08:04:44 -0500
> > Bob of Donelson Trophy via samba <samba at lists.samba.org> wrote:
> > 
> >> On wiki page
> >> https://wiki.samba.org/index.php/BIND9_DLZ_DNS_Back_End#Reconfiguring_the_BIND9_DLZ_Back_End
> >> in the "Debugging the Bind Module" the section discusses the
> >> location for the log file. 
> >> 
> >> The /etc/named.log says "bash: bind: -g: cannot read: No such file
> >> or directory" . . . I am puzzled, what "file or directory" is being
> >> referenced? 
> >> 
> >> My "nslookup xxx.xxx.xxx.xxx" are failing. (nslookup hostname
> >> works) I have tried deleting the reverse zone and re-adding it and
> >> when I query, I get: 
> >> 
> >> root at dtxxx04:~# samba-tool dns query 192.168.xxx.50
> >> xxx.168.192.in-addr.arpa @ ALL
> >> Password for [administrator at DTxxxM.DT]:
> >> ERROR(runtime): uncaught exception - (9714,
> >> 'WERR_DNS_ERROR_NAME_DOES_NOT_EXIST')
> >> File
> >> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
> >> line 176, in _run
> >> return self.run(*args, **kwargs)
> >> File
> >> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/dns.py",
> >> line 998, in run
> >> None, record_type, select_flags, None, None) 
> >> 
> >> I found a reference in an older mailing list posting and near the
> >> end of the thread, the OP mentions that "resorted to dsupdate -g"
> >> to get it to add the reverse zone. I do not know how to dsupdate
> >> (This "dsupdate" is from memory and might slightly incorrect about
> >> the command.) 
> >> 
> >> Bottom line, samba-tool cannot add the reverse entries I need. 
> >> 
> >> Suggestions?
> >> 
> >> --  
> >> _______________________________
> >> 
> >> Bob Wooden of Donelson Trophy
> > 
> > Try looking in the system log (syslog on debian, messages on red
> > hat)
> > 
> > As for your reverse records, are you sure the reverse zone exists,
> > your command works for me.
> > 
> > Rowland
> 
> Well, good question. As I am unfamiliar, I think so. 
> 
> I tried Loius suggestion but got the DNS_ERROR. This is the error I am
> finding alot. 
> 
> Here is query and zonelist: 
> 
> root at dtdc03:~# samba-tool dns query dtdc03 xxx.168.192.in-addr.arpa 49
> PTR
> ERROR(runtime): uncaught exception - (9714,
> 'WERR_DNS_ERROR_NAME_DOES_NOT_EXIST')
>   File
> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
> line 176, in _run
>     return self.run(*args, **kwargs)
>   File
> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/dns.py",
> line 998, in run
>     None, record_type, select_flags, None, None)
> root at dtdc03:~# samba-tool dns zonelist dtdc03
>   3 zone(s) found
> 
>   pszZoneName                 : xxx.168.192.in-appr.arpa
>   Flags                       : DNS_RPC_ZONE_DSINTEGRATED
> DNS_RPC_ZONE_UPDATE_SECURE 
>   ZoneType                    : DNS_ZONE_TYPE_PRIMARY
>   Version                     : 50
>   dwDpFlags                   : DNS_DP_AUTOCREATED
> DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED 
>   pszDpFqdn                   : DomainDnsZones.dtshrm.dt
> 
>   pszZoneName                 : dtshrm.dt
>   Flags                       : DNS_RPC_ZONE_DSINTEGRATED
> DNS_RPC_ZONE_UPDATE_SECURE 
>   ZoneType                    : DNS_ZONE_TYPE_PRIMARY
>   Version                     : 50
>   dwDpFlags                   : DNS_DP_AUTOCREATED
> DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED 
>   pszDpFqdn                   : DomainDnsZones.dtshrm.dt
> 
>   pszZoneName                 : _msdcs.dtshrm.dt
>   Flags                       : DNS_RPC_ZONE_DSINTEGRATED
> DNS_RPC_ZONE_UPDATE_SECURE 
>   ZoneType                    : DNS_ZONE_TYPE_PRIMARY
>   Version                     : 50
>   dwDpFlags                   : DNS_DP_AUTOCREATED
> DNS_DP_FOREST_DEFAULT DNS_DP_ENLISTED 
>   pszDpFqdn                   : ForestDnsZones.dtshrm.dt 
> 
> These three look correct, but I am not sure as I am not familiar with
> this detail. 
> 
> If it matters, I have two DC's but neither will reversedns. (Thought I
> had this working and discovered, yesterday that one DC was not working
> properly. Went through my entire setup again, on both DC's, last night
> and now cannot add reversedns to either DC.) All other dns testing
> checks out. 
> 
> Basically I keep being told, though log files and other, that the zone
> does not exist. 
> 
> At this point I am a little confused but, bottom line is I cannot add
> any reversedns zones to resolve my nslookup xxx.xxx.xxx.xxx failure
> issue to either DC. I am puzzled. 
> 
> What else would you like to see? log files?
> 

OK, lets check if the record does exists, if I run this on a DC:

ldbsearch --cross-ncs -H /usr/local/samba/private/sam.ldb -s sub
'(&(objectclass=dnsNode)(cn=180))'

I get this:

# record 1
dn: DC=180,DC=0.168.192.in-addr.arpa,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com
objectClass: top
objectClass: dnsNode
instanceType: 4
whenCreated: 20161020160412.0Z
uSNCreated: 44302
showInAdvancedViewOnly: TRUE
name: 180
objectGUID: 85c0aade-15c9-48a8-822e-5ec24df2dbf9
objectCategory: CN=Dns-Node,CN=Schema,CN=Configuration,DC=samdom,DC=example,DC
 =com
dc: 180
whenChanged: 20161104144426.0Z
dnsRecord:: IQAMAAXwAAAKAAAAAAAOEAAAAAAWnzcAHwQKZGV2c3RhdGlvbgZzYW1kb20HZXhhbX
 BsZQNjb20A
dNSTombstoned: FALSE
uSNChanged: 44985
distinguishedName: DC=180,DC=0.168.192.in-addr.arpa,CN=MicrosoftDNS,DC=DomainD
 nsZones,DC=samdom,DC=example,DC=com

So, adapt it for your setup and see if the record does exist in AD.

Rowland

More information about the samba mailing list