[Samba] CentOS 6.8 named won't start after upgrade

Paul R. Ganci ganci at nurdog.com
Thu Sep 29 16:07:24 UTC 2016 

I fixed the problem by going to a backup. Not sure what happened but somehow the DNS database was corrupted. 

On September 29, 2016 12:20:59 AM MDT, "Paul R. Ganci via samba" <samba at lists.samba.org> wrote:
>Ugh, I was upgrading the AD server running on a CentOS 6.8 which uses 
>named as its back-end. I have been running it for years with no 
>problems. Today after upgrading bind named will not start. I get this
>error:
>
>Sep 28 23:32:25 nikita named[6369]: 
>----------------------------------------------------
>Sep 28 23:32:25 nikita named[6369]: BIND 9 is maintained by Internet 
>Systems Consortium,
>Sep 28 23:32:25 nikita named[6369]: Inc. (ISC), a non-profit 501(c)(3) 
>public-benefit
>Sep 28 23:32:25 nikita named[6369]: corporation.  Support and training 
>for BIND 9 are
>Sep 28 23:32:25 nikita named[6369]: available at
>https://www.isc.org/support
>Sep 28 23:32:25 nikita named[6369]: 
>----------------------------------------------------
>Sep 28 23:32:25 nikita named[6369]: adjusted limit on open files from 
>4096 to 1048576
>Sep 28 23:32:25 nikita named[6369]: found 8 CPUs, using 8 worker
>threads
>Sep 28 23:32:25 nikita named[6369]: using up to 4096 sockets
>Sep 28 23:32:25 nikita named[6369]: loading configuration from 
>'/etc/named.conf'
>Sep 28 23:32:25 nikita named[6369]: reading built-in trusted keys from 
>file '/etc/named.iscdlv.key'
>Sep 28 23:32:25 nikita named[6369]: using default UDP/IPv4 port range: 
>[1024, 65535]
>Sep 28 23:32:25 nikita named[6369]: using default UDP/IPv6 port range: 
>[1024, 65535]
>Sep 28 23:32:25 nikita named[6369]: no IPv6 interfaces found
>Sep 28 23:32:25 nikita named[6369]: listening on IPv4 interface lo, 
>127.0.0.1#53
>Sep 28 23:32:25 nikita named[6369]: listening on IPv4 interface br0, 
>192.168.1.11#53
>Sep 28 23:32:25 nikita named[6369]: listening on IPv4 interface br1, 
>xxx.xxx.xxx.xxx#53
>Sep 28 23:32:25 nikita named[6369]: listening on IPv4 interface virbr0,
>
>192.168.122.1#53
>Sep 28 23:32:25 nikita named[6369]: binding TCP socket: address in use
>Sep 28 23:32:25 nikita named[6369]: generating session key for dynamic
>DNS
>Sep 28 23:32:25 nikita named[6369]: sizing zone task pool based on 6
>zones
>Sep 28 23:32:25 nikita named[6369]: Loading 'AD DNS Zone' using driver 
>dlopen
>Sep 28 23:32:25 nikita named[6369]: samba_dlz: Failed to connect to 
>/var/lib/samba/private/dns/sam.ldb
>Sep 28 23:32:25 nikita named[6369]: dlz_dlopen of 'AD DNS Zone' failed
>Sep 28 23:32:25 nikita named[6369]: SDLZ driver failed to load.
>Sep 28 23:32:25 nikita named[6369]: DLZ driver failed to load.
>Sep 28 23:32:25 nikita named[6369]: loading configuration: failure
>Sep 28 23:32:25 nikita named[6369]: exiting (due to fatal error)
>
>Usually this occurs because of a protection issue. But I have just 
>checked... Everything has the correct protections from what I can tell:
>
> > cd /var/lib/samba
>
> > ls -alt
>total 22160
>-rw-------   1 root root                     32768 Sep 29 00:08 
>winbindd_cache.tdb
>drwxr-x---   8 root named                     4096 Sep 28 23:41 private
>
> > cd private
>/var/lib/samba/private
>
> > ls -alt
>total 5080
>drwx------  2 root root     4096 Sep 29 00:08 msg.sock
>drwxr-x---  8 root named    4096 Sep 28 23:41 .
>-rw-------  1 root root    24576 Sep 28 23:33 schannel_store.tdb
>-rw-r--r--  1 root root      633 Sep 28 23:24 named.conf
>srwxrwxrwx  1 root root        0 Sep 28 23:23 ldapi
>drwxr-x---  2 root root     4096 Sep 28 23:23 ldap_priv
>drwxr-xr-x 10 root root     4096 Sep 28 23:23 ..
>-rw-------  1 root root      696 Sep 28 23:23 netlogon_creds_cli.tdb
>drwxrwx---  3 root named    4096 Sep 11 00:18 dns
>
> > cd dns
>/var/lib/samba/private/dns
> > ls -alt
>total 2956
>drwxr-x--- 8 root named    4096 Sep 28 23:41 ..
>drwxrwx--- 2 root named    4096 Sep 11 00:18 sam.ldb.d
>drwxrwx--- 3 root named    4096 Sep 11 00:18 .
>-rw-r----- 1 root named 3014656 Sep 11 00:05 sam.ldb
>
>I also believe I have the correct SDLZ driver. Here is the contents of 
>/var/lib/samba/private/named.conf
>
> > cat named.conf
># This DNS configuration is for BIND 9.8.0 or later with dlz_dlopen
>support.
>#
># This file should be included in your main BIND configuration file
>#
># For example with
># include "/var/lib/samba/private/named.conf";
>
>#
># This configures dynamically loadable zones (DLZ) from AD schema
># Uncomment only single database line, depending on your BIND version
>#
>dlz "AD DNS Zone" {
>     # For BIND 9.8.x
>      database "dlopen /usr/lib64/samba/bind9/dlz_bind9.so";
>
>     # For BIND 9.9.x
>     # database "dlopen /usr/lib64/samba/bind9/dlz_bind9_9.so";
>
>     # For BIND 9.10.x
>     # database "dlopen /usr/lib64/samba/bind9/dlz_bind9_10.so";
>};
>
>Finally
>
> > named -V
>
>BIND 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6_8.1 built with 
>'--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' 
>'--target=x86_64-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr' 
>'--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' 
>'--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' 
>'--libdir=/usr/lib64' '--libexecdir=/usr/libexec' 
>'--sharedstatedir=/var/lib' '--mandir=/usr/share/man' 
>'--infodir=/usr/share/info' '--with-libtool' '--localstatedir=/var' 
>'--enable-threads' '--enable-ipv6' '--enable-filter-aaaa' '--with-pic' 
>'--disable-static' '--disable-openssl-version-check'
>'--enable-rpz-nsip' 
>'--enable-rpz-nsdname' '--with-dlopen=yes' '--with-dlz-ldap=yes' 
>'--with-dlz-postgres=yes' '--with-dlz-mysql=yes' 
>'--with-dlz-filesystem=yes' '--with-gssapi=yes' '--disable-isc-spnego' 
>'--with-docbook-xsl=/usr/share/sgml/docbook/xsl-stylesheets' 
>'--enable-fixed-rrset' 'build_alias=x86_64-redhat-linux-gnu' 
>'host_alias=x86_64-redhat-linux-gnu' 
>'target_alias=x86_64-redhat-linux-gnu' 'CFLAGS= -O2 -g -pipe -Wall 
>-Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector 
>--param=ssp-buffer-size=4 -m64 -mtune=generic' 'CPPFLAGS=
>-DDIG_SIGCHASE'
>using OpenSSL version: OpenSSL 1.0.1e 11 Feb 2013
>using libxml2 version: 2.7.6
>
>There is no reason that what was working prior to the upgrade should 
>fail now. Does anybody see what is wrong? Very frustrating problem.
>
>-- 
>Paul (ganci at nurdog.com)
>Cell: (303)257-5208
>
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.

More information about the samba mailing list