[Samba] debugging bind9_DLZ
Rowland Penny
rpenny at samba.org
Fri Nov 4 17:43:22 UTC 2016
On Fri, 04 Nov 2016 12:29:42 -0500
Bob of Donelson Trophy via samba <samba at lists.samba.org> wrote:
> On 2016-11-04 12:07, Rowland Penny via samba wrote:
>
> > On Fri, 04 Nov 2016 11:49:16 -0500
> > Bob of Donelson Trophy <bob at donelsontrophy.net> wrote:
> >
> > On 2016-11-04 11:31, Rowland Penny via samba wrote:
> >
> > <<<<< cut >>>>>>>>
> >
> > root at dtdc03:~# samba-tool dns zonelist dtdc03
> > 3 zone(s) found
> >
> > pszZoneName : xxx.168.192.in-appr.arpa
> > Flags : DNS_RPC_ZONE_DSINTEGRATED
> > DNS_RPC_ZONE_UPDATE_SECURE
> > ZoneType : DNS_ZONE_TYPE_PRIMARY
> > Version : 50
> > dwDpFlags : DNS_DP_AUTOCREATED
> > DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED
> > pszDpFqdn : DomainDnsZones.dtshrm.dt
> >
> > pszZoneName : dtshrm.dt
> > Flags : DNS_RPC_ZONE_DSINTEGRATED
> > DNS_RPC_ZONE_UPDATE_SECURE
> > ZoneType : DNS_ZONE_TYPE_PRIMARY
> > Version : 50
> > dwDpFlags : DNS_DP_AUTOCREATED
> > DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED
> > pszDpFqdn : DomainDnsZones.dtshrm.dt
> >
> > pszZoneName : _msdcs.dtshrm.dt
> > Flags : DNS_RPC_ZONE_DSINTEGRATED
> > DNS_RPC_ZONE_UPDATE_SECURE
> > ZoneType : DNS_ZONE_TYPE_PRIMARY
> > Version : 50
> > dwDpFlags : DNS_DP_AUTOCREATED
> > DNS_DP_FOREST_DEFAULT DNS_DP_ENLISTED
> > pszDpFqdn : ForestDnsZones.dtshrm.dt
> >
> > These three look correct, but I am not sure as I am not familiar
> > with this detail.
> >
> > If it matters, I have two DC's but neither will reversedns.
> > (Thought I had this working and discovered, yesterday that one DC
> > was not working properly. Went through my entire setup again, on
> > both DC's, last night and now cannot add reversedns to either DC.)
> > All other dns testing checks out.
> >
> > Basically I keep being told, though log files and other, that the
> > zone does not exist.
> >
> > At this point I am a little confused but, bottom line is I cannot
> > add any reversedns zones to resolve my nslookup xxx.xxx.xxx.xxx
> > failure issue to either DC. I am puzzled.
> >
> > What else would you like to see? log files?
> > OK, lets check if the record does exists, if I run this on a DC:
> >
> > ldbsearch --cross-ncs -H /usr/local/samba/private/sam.ldb -s sub
> > '(&(objectclass=dnsNode)(cn=180))'
> >
> > I get this:
> >
> > # record 1
> > dn:
> > DC=180,DC=0.168.192.in-addr.arpa,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com
> > objectClass: top objectClass: dnsNode
> > instanceType: 4
> > whenCreated: 20161020160412.0Z
> > uSNCreated: 44302
> > showInAdvancedViewOnly: TRUE
> > name: 180
> > objectGUID: 85c0aade-15c9-48a8-822e-5ec24df2dbf9
> > objectCategory:
> > CN=Dns-Node,CN=Schema,CN=Configuration,DC=samdom,DC=example,DC =com
> > dc: 180
> > whenChanged: 20161104144426.0Z
> > dnsRecord::
> > IQAMAAXwAAAKAAAAAAAOEAAAAAAWnzcAHwQKZGV2c3RhdGlvbgZzYW1kb20HZXhhbX
> > BsZQNjb20A dNSTombstoned: FALSE
> > uSNChanged: 44985
> > distinguishedName:
> > DC=180,DC=0.168.192.in-addr.arpa,CN=MicrosoftDNS,DC=DomainD
> > nsZones,DC=samdom,DC=example,DC=com
> >
> > So, adapt it for your setup and see if the record does exist in AD.
> >
> > Rowland
>
> Aha!! 0 records . . . but, doesn't the "xxx.168.192.in-addr.arpa"
> represent the reverse zone?
>
> Okay, so 0 records, now?
>
> Are you actually using 'xxx.168.192.in-addr.arpa', I thought you were
> sanitizing your reverse zone (but why, I couldn't work out)
>
> Rowland
>
> No, I'm sanitizing just a little bit.
>
> What I am seeing is this search sees no reverse zone yet, a zonelist
> appears to have a reverse zone?
>
> Any "zonecreate" or "zonedelete" or attempts to add a PTR record fail
> in similar complaint like the query result posted. I have watched so
> many log files that they have become a blur and I am sure I have
> overlooked some detail.
>
> Any suggestion on my next step will be greatly appreciated.
>
I would start by running 'samba-tool dbcheck --cross-ncs --fix --yes'
Rowland
More information about the samba
mailing list