[Samba] debugging bind9_DLZ
Bob of Donelson Trophy
bob at donelsontrophy.net
Fri Nov 4 17:29:42 UTC 2016
On 2016-11-04 12:07, Rowland Penny via samba wrote:
> On Fri, 04 Nov 2016 11:49:16 -0500
> Bob of Donelson Trophy <bob at donelsontrophy.net> wrote:
>
> On 2016-11-04 11:31, Rowland Penny via samba wrote:
>
> <<<<< cut >>>>>>>>
>
> root at dtdc03:~# samba-tool dns zonelist dtdc03
> 3 zone(s) found
>
> pszZoneName : xxx.168.192.in-appr.arpa
> Flags : DNS_RPC_ZONE_DSINTEGRATED
> DNS_RPC_ZONE_UPDATE_SECURE
> ZoneType : DNS_ZONE_TYPE_PRIMARY
> Version : 50
> dwDpFlags : DNS_DP_AUTOCREATED
> DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED
> pszDpFqdn : DomainDnsZones.dtshrm.dt
>
> pszZoneName : dtshrm.dt
> Flags : DNS_RPC_ZONE_DSINTEGRATED
> DNS_RPC_ZONE_UPDATE_SECURE
> ZoneType : DNS_ZONE_TYPE_PRIMARY
> Version : 50
> dwDpFlags : DNS_DP_AUTOCREATED
> DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED
> pszDpFqdn : DomainDnsZones.dtshrm.dt
>
> pszZoneName : _msdcs.dtshrm.dt
> Flags : DNS_RPC_ZONE_DSINTEGRATED
> DNS_RPC_ZONE_UPDATE_SECURE
> ZoneType : DNS_ZONE_TYPE_PRIMARY
> Version : 50
> dwDpFlags : DNS_DP_AUTOCREATED
> DNS_DP_FOREST_DEFAULT DNS_DP_ENLISTED
> pszDpFqdn : ForestDnsZones.dtshrm.dt
>
> These three look correct, but I am not sure as I am not familiar
> with this detail.
>
> If it matters, I have two DC's but neither will reversedns.
> (Thought I had this working and discovered, yesterday that one DC
> was not working properly. Went through my entire setup again, on
> both DC's, last night and now cannot add reversedns to either DC.)
> All other dns testing checks out.
>
> Basically I keep being told, though log files and other, that the
> zone does not exist.
>
> At this point I am a little confused but, bottom line is I cannot
> add any reversedns zones to resolve my nslookup xxx.xxx.xxx.xxx
> failure issue to either DC. I am puzzled.
>
> What else would you like to see? log files?
> OK, lets check if the record does exists, if I run this on a DC:
>
> ldbsearch --cross-ncs -H /usr/local/samba/private/sam.ldb -s sub
> '(&(objectclass=dnsNode)(cn=180))'
>
> I get this:
>
> # record 1
> dn:
> DC=180,DC=0.168.192.in-addr.arpa,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com
> objectClass: top objectClass: dnsNode
> instanceType: 4
> whenCreated: 20161020160412.0Z
> uSNCreated: 44302
> showInAdvancedViewOnly: TRUE
> name: 180
> objectGUID: 85c0aade-15c9-48a8-822e-5ec24df2dbf9
> objectCategory:
> CN=Dns-Node,CN=Schema,CN=Configuration,DC=samdom,DC=example,DC =com
> dc: 180
> whenChanged: 20161104144426.0Z
> dnsRecord::
> IQAMAAXwAAAKAAAAAAAOEAAAAAAWnzcAHwQKZGV2c3RhdGlvbgZzYW1kb20HZXhhbX
> BsZQNjb20A dNSTombstoned: FALSE
> uSNChanged: 44985
> distinguishedName:
> DC=180,DC=0.168.192.in-addr.arpa,CN=MicrosoftDNS,DC=DomainD
> nsZones,DC=samdom,DC=example,DC=com
>
> So, adapt it for your setup and see if the record does exist in AD.
>
> Rowland
Aha!! 0 records . . . but, doesn't the "xxx.168.192.in-addr.arpa"
represent the reverse zone?
Okay, so 0 records, now?
Are you actually using 'xxx.168.192.in-addr.arpa', I thought you were
sanitizing your reverse zone (but why, I couldn't work out)
Rowland
No, I'm sanitizing just a little bit.
What I am seeing is this search sees no reverse zone yet, a zonelist
appears to have a reverse zone?
Any "zonecreate" or "zonedelete" or attempts to add a PTR record fail in
similar complaint like the query result posted. I have watched so many
log files that they have become a blur and I am sure I have overlooked
some detail.
Any suggestion on my next step will be greatly appreciated.
--
_______________________________
Bob Wooden of Donelson Trophy
More information about the samba
mailing list