[Samba] dnsupdate_nameupdate_done - Failed DNS update

Denis Cardon denis.cardon at tranquil-it-systems.fr
Fri Sep 23 15:43:14 UTC 2016


Hi Jonathan,

> All 3 of my DCs regularly display an error in syslog almost exactly every
> 10 minutes. They have been doing this for quite some time, and I have so
> far ignored the message as everything else DNS-wise seemed to mostly be
> working - but I figured it was worth getting to the bottom of it if I can.
> So this isn't new at all but rather something that has been present for
> some time.
>
> I am using the internal Samba DNS server, currently with Samba 4.5.0. The
> message is as follows, every 10 minutes (I have pasted in from all 3 DCs
> here):
>
> Sep 23 13:03:54 dc1 samba[13117]: [2016/09/23 13:03:54.867360,  0]
> ../source4/dsdb/dns/dns_update.c:290(dnsupdate_nameupdate_done)
> Sep 23 13:03:54 dc1 samba[13117]:   ../source4/dsdb/dns/dns_update.c:290:
> Failed DNS update - with error code 5

could you please try to run samba_dnsupdate --verbose from the command 
line on your three DC. When a DC starts, it will try to update its own 
DNS fields, but it your DNS zones is missing some stuff, it may not be 
able to do it.

Cheers,

Denis

>
> Sep 23 13:00:11 dc2 samba[901]: [2016/09/23 13:00:11.584679,  0]
> ../source4/dsdb/dns/dns_update.c:290(dnsupdate_nameupdate_done)
> Sep 23 13:00:11 dc2 samba[901]:   ../source4/dsdb/dns/dns_update.c:290:
> Failed DNS update - with error code 10
>
> Sep 23 13:05:28 dc3 samba[897]: [2016/09/23 13:05:28.800364,  0]
> ../source4/dsdb/dns/dns_update.c:290(dnsupdate_nameupdate_done)
> Sep 23 13:05:28 dc3 samba[897]:   ../source4/dsdb/dns/dns_update.c:290:
> Failed DNS update - with error code 1
>
> The precise error codes vary (I have had 1, 6, 10, 110 recently) but I do
> get some sort of message every 10 minutes, and the error code usually stays
> the same on a particular DC. If it makes a difference, DC1 and DC2 are in
> site A, and DC3 is at site B, there is full connectivity between them all
> (or at least, there should be).
>
> I've tried tcpdump and wireshark to figure out what's going on, but I can't
> seem to spot any form of DNS request coming in that would be an update. The
> most I can see via tcpdump at any time I've looked are some queries that
> return NXDOMAIN - e.g. there are frequent ones from an VMWare ESXi server
> querying for _kerberos-master.udp.MYDOMAIN.ORG.UK as per
> https://communities.vmware.com/thread/491621 and getting NXDOMAIN - but I
> wouldn't have thought that these queries would constitute a "DNS update"
> that would fail?
>
> My debugging method so far has been to run tcpdump against port 53 - but
> either I am somehow managing to not see the failing DNS packet when I look
> at the results, or the DNS update arrives at the DC some other way. Looking
> at the code in dns_update.c it looks like there may be some form of regular
> DNS check, that is failing in my case?
>
> Does anybody know
>   - if I can turn debugging on for just this DNS functionality? I expect
> the log file here to be massive as a DC is also a DNS server.. but
> hopefully that will give me more of a clue as to what "update" is failing?
>   - if there is some other way I might be able to capture / check this
> traffic?
>   - what else I should maybe be looking for in my packet dumps or elsewhere?
>
> Are the error codes regular UNIX values, in which case I believe
> 1 = EPERM (Operation not permitted)
> 6 = ENXIO (No such device or address)
> 10 = ECHILD (No child processes)
> 110 = ETIMEDOUT (Connection timed out)
> This would explain what the errors mean; but I don't know why they are
> occurring, and so regularly..
>
> Thank you for any pointers! :)
>
> Jonathan
>

-- 
Denis Cardon
Tranquil IT Systems
Les Espaces Jules Verne, bâtiment A
12 avenue Jules Verne
44230 Saint SĂ©bastien sur Loire
tel : +33 (0) 2.40.97.57.55
http://www.tranquil-it-systems.fr




More information about the samba mailing list