[Samba] debugging bind9_DLZ

Bob of Donelson Trophy bob at donelsontrophy.net
Fri Nov 4 16:49:16 UTC 2016 

On 2016-11-04 11:31, Rowland Penny via samba wrote:

> <<<<<  cut >>>>>>>>
> 
>> root at dtdc03:~# samba-tool dns zonelist dtdc03
>> 3 zone(s) found
>> 
>> pszZoneName                 : xxx.168.192.in-appr.arpa
>> Flags                       : DNS_RPC_ZONE_DSINTEGRATED
>> DNS_RPC_ZONE_UPDATE_SECURE 
>> ZoneType                    : DNS_ZONE_TYPE_PRIMARY
>> Version                     : 50
>> dwDpFlags                   : DNS_DP_AUTOCREATED
>> DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED 
>> pszDpFqdn                   : DomainDnsZones.dtshrm.dt
>> 
>> pszZoneName                 : dtshrm.dt
>> Flags                       : DNS_RPC_ZONE_DSINTEGRATED
>> DNS_RPC_ZONE_UPDATE_SECURE 
>> ZoneType                    : DNS_ZONE_TYPE_PRIMARY
>> Version                     : 50
>> dwDpFlags                   : DNS_DP_AUTOCREATED
>> DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED 
>> pszDpFqdn                   : DomainDnsZones.dtshrm.dt
>> 
>> pszZoneName                 : _msdcs.dtshrm.dt
>> Flags                       : DNS_RPC_ZONE_DSINTEGRATED
>> DNS_RPC_ZONE_UPDATE_SECURE 
>> ZoneType                    : DNS_ZONE_TYPE_PRIMARY
>> Version                     : 50
>> dwDpFlags                   : DNS_DP_AUTOCREATED
>> DNS_DP_FOREST_DEFAULT DNS_DP_ENLISTED 
>> pszDpFqdn                   : ForestDnsZones.dtshrm.dt 
>> 
>> These three look correct, but I am not sure as I am not familiar with
>> this detail. 
>> 
>> If it matters, I have two DC's but neither will reversedns. (Thought I
>> had this working and discovered, yesterday that one DC was not working
>> properly. Went through my entire setup again, on both DC's, last night
>> and now cannot add reversedns to either DC.) All other dns testing
>> checks out. 
>> 
>> Basically I keep being told, though log files and other, that the zone
>> does not exist. 
>> 
>> At this point I am a little confused but, bottom line is I cannot add
>> any reversedns zones to resolve my nslookup xxx.xxx.xxx.xxx failure
>> issue to either DC. I am puzzled. 
>> 
>> What else would you like to see? log files?
> 
> OK, lets check if the record does exists, if I run this on a DC:
> 
> ldbsearch --cross-ncs -H /usr/local/samba/private/sam.ldb -s sub
> '(&(objectclass=dnsNode)(cn=180))'
> 
> I get this:
> 
> # record 1
> dn: DC=180,DC=0.168.192.in-addr.arpa,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com
> objectClass: top
> objectClass: dnsNode
> instanceType: 4
> whenCreated: 20161020160412.0Z
> uSNCreated: 44302
> showInAdvancedViewOnly: TRUE
> name: 180
> objectGUID: 85c0aade-15c9-48a8-822e-5ec24df2dbf9
> objectCategory: CN=Dns-Node,CN=Schema,CN=Configuration,DC=samdom,DC=example,DC
> =com
> dc: 180
> whenChanged: 20161104144426.0Z
> dnsRecord:: IQAMAAXwAAAKAAAAAAAOEAAAAAAWnzcAHwQKZGV2c3RhdGlvbgZzYW1kb20HZXhhbX
> BsZQNjb20A
> dNSTombstoned: FALSE
> uSNChanged: 44985
> distinguishedName: DC=180,DC=0.168.192.in-addr.arpa,CN=MicrosoftDNS,DC=DomainD
> nsZones,DC=samdom,DC=example,DC=com
> 
> So, adapt it for your setup and see if the record does exist in AD.
> 
> Rowland

Aha!!  0 records . . . but, doesn't the "xxx.168.192.in-addr.arpa"
represent the reverse zone? 

Okay, so 0 records, now?

-- 
_______________________________

Bob Wooden of Donelson Trophy

More information about the samba mailing list