[Samba] dnsupdate_nameupdate_done - Failed DNS update

Jonathan Hunter jmhunter1 at gmail.com
Fri Sep 23 14:11:21 UTC 2016 

Thank you Rowland.

I have a couple of reverse zones (different subnets across sites), yes,
these are in Samba AD/DNS as well.

Where are you looking in the logs - I'm missing seeing the bit that shows
an update happening then failing?

I tried tcpdump to find out what the query was that was failing, but I
couldn't see any updates, just queries :(


On 23 September 2016 at 14:56, Rowland Penny via samba <
samba at lists.samba.org> wrote:

> On Fri, 23 Sep 2016 14:40:56 +0100
> Jonathan Hunter via samba <samba at lists.samba.org> wrote:
>
> > Hi,
> >
> > All 3 of my DCs regularly display an error in syslog almost exactly
> > every 10 minutes. They have been doing this for quite some time, and
> > I have so far ignored the message as everything else DNS-wise seemed
> > to mostly be working - but I figured it was worth getting to the
> > bottom of it if I can. So this isn't new at all but rather something
> > that has been present for some time.
> >
> > I am using the internal Samba DNS server, currently with Samba 4.5.0.
> > The message is as follows, every 10 minutes (I have pasted in from
> > all 3 DCs here):
> >
> > Sep 23 13:03:54 dc1 samba[13117]: [2016/09/23 13:03:54.867360,  0]
> > ../source4/dsdb/dns/dns_update.c:290(dnsupdate_nameupdate_done)
> > Sep 23 13:03:54 dc1
> > samba[13117]:   ../source4/dsdb/dns/dns_update.c:290: Failed DNS
> > update - with error code 5
> >
> > Sep 23 13:00:11 dc2 samba[901]: [2016/09/23 13:00:11.584679,  0]
> > ../source4/dsdb/dns/dns_update.c:290(dnsupdate_nameupdate_done)
> > Sep 23 13:00:11 dc2
> > samba[901]:   ../source4/dsdb/dns/dns_update.c:290: Failed DNS update
> > - with error code 10
> >
> > Sep 23 13:05:28 dc3 samba[897]: [2016/09/23 13:05:28.800364,  0]
> > ../source4/dsdb/dns/dns_update.c:290(dnsupdate_nameupdate_done)
> > Sep 23 13:05:28 dc3
> > samba[897]:   ../source4/dsdb/dns/dns_update.c:290: Failed DNS update
> > - with error code 1
> >
> > The precise error codes vary (I have had 1, 6, 10, 110 recently) but
> > I do get some sort of message every 10 minutes, and the error code
> > usually stays the same on a particular DC. If it makes a difference,
> > DC1 and DC2 are in site A, and DC3 is at site B, there is full
> > connectivity between them all (or at least, there should be).
> >
> > I've tried tcpdump and wireshark to figure out what's going on, but I
> > can't seem to spot any form of DNS request coming in that would be an
> > update. The most I can see via tcpdump at any time I've looked are
> > some queries that return NXDOMAIN - e.g. there are frequent ones from
> > an VMWare ESXi server querying for
> > _kerberos-master.udp.MYDOMAIN.ORG.UK as per
> > https://communities.vmware.com/thread/491621 and getting NXDOMAIN -
> > but I wouldn't have thought that these queries would constitute a
> > "DNS update" that would fail?
> >
> > My debugging method so far has been to run tcpdump against port 53 -
> > but either I am somehow managing to not see the failing DNS packet
> > when I look at the results, or the DNS update arrives at the DC some
> > other way. Looking at the code in dns_update.c it looks like there
> > may be some form of regular DNS check, that is failing in my case?
> >
> > Does anybody know
> >   - if I can turn debugging on for just this DNS functionality? I
> > expect the log file here to be massive as a DC is also a DNS server..
> > but hopefully that will give me more of a clue as to what "update" is
> > failing?
> >   - if there is some other way I might be able to capture / check this
> > traffic?
> >   - what else I should maybe be looking for in my packet dumps or
> > elsewhere?
> >
> > Are the error codes regular UNIX values, in which case I believe
> > 1 = EPERM (Operation not permitted)
> > 6 = ENXIO (No such device or address)
> > 10 = ECHILD (No child processes)
> > 110 = ETIMEDOUT (Connection timed out)
> > This would explain what the errors mean; but I don't know why they are
> > occurring, and so regularly..
> >
> > Thank you for any pointers! :)
> >
> > Jonathan
> >
>
> Have you set up the reverse zone ?
> The logs appear to show an update happening followed by one failing,
> forward zone being allowed, reverse zone failing ??
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba




-- 
"If we knew what it was we were doing, it would not be called research,
would it?"
      - Albert Einstein

More information about the samba mailing list