[Samba] Problems with bind9_dlz when rndc is reloaded

Roger Lovato rogerlovato at outlook.com
Tue Jan 10 22:39:53 UTC 2017 

Hi guys,


I'm facing a problems with samba4 + bind9_dlz that consuming my time for several days.


Everything is working fine until samba4 need to update dns when I'm work with more than one DC server. When samba (or bind) need to reload all zones, the module bind9_dlz is shutting down and then all my environment stops and I need to restart the bind to up again.


See my log:


...

Jan 10 22:32:41 movd-gcp-002 named[9728]: Loading 'lovato.intranet' using driver dlopen
Jan 10 22:32:41 movd-gcp-002 named[9728]: samba_dlz: starting configure
Jan 10 22:32:41 movd-gcp-002 named[9728]: samba_dlz: Ignoring duplicate zone 'lovato.intranet' from 'DC=@,DC=lovato.intranet,CN=MicrosoftDNS,DC=DomainDnsZones,DC=lovato,DC=intranet'
Jan 10 22:32:41 movd-gcp-002 named[9728]: samba_dlz: Ignoring duplicate zone '_msdcs.lovato.intranet' from 'DC=@,DC=_msdcs.lovato.intranet,CN=MicrosoftDNS,DC=ForestDnsZones,DC=lovato,DC=intranet'
Jan 10 22:32:41 movd-gcp-002 named[9728]: isc_log_open 'named.run' failed: permission denied
Jan 10 22:32:41 movd-gcp-002 named[9728]: zone lovato.intranet/NONE: (other) removed
Jan 10 22:32:41 movd-gcp-002 named[9728]: zone _msdcs.lovato.intranet/NONE: (other) removed
Jan 10 22:32:41 movd-gcp-002 named[9728]: reloading configuration succeeded
Jan 10 22:32:41 movd-gcp-002 named[9728]: reloading zones succeeded
Jan 10 22:32:41 movd-gcp-002 named[9728]: samba_dlz: shutting down
Jan 10 22:32:41 movd-gcp-002 named[9728]: all zones loaded
Jan 10 22:32:41 movd-gcp-002 named[9728]: running
server reload successful


Bind standing up, but all dynamic zones stops and samba cannot update dns names anymore.


This is curious is because this happens only when rndc is reloaded. I think that happens because the SAMBA dynamic zones are not cleaned and that causes shutting down.


Jan 10 22:32:41 movd-gcp-002 named[9728]: samba_dlz: Ignoring duplicate zone '_msdcs.lovato.intranet' from 'DC=@,DC=_msdcs.lovato.intranet,CN=MicrosoftDNS,DC=ForestDnsZones,DC=lovato,DC=intranet'


If I restart bind, I think all zones, including dynamic zones, are cleaned and bind starts normally.


See log:


...

Jan 10 22:38:10 movd-gcp-002 named[10014]: Loading 'lovato.intranet' using driver dlopen
Jan 10 22:38:10 movd-gcp-002 named[10014]: samba_dlz: GENSEC backend 'gssapi_spnego' registered
Jan 10 22:38:10 movd-gcp-002 named[10014]: samba_dlz: GENSEC backend 'gssapi_krb5' registered
Jan 10 22:38:10 movd-gcp-002 named[10014]: samba_dlz: GENSEC backend 'gssapi_krb5_sasl' registered
Jan 10 22:38:10 movd-gcp-002 named[10014]: samba_dlz: GENSEC backend 'spnego' registered
Jan 10 22:38:10 movd-gcp-002 named[10014]: samba_dlz: GENSEC backend 'schannel' registered
Jan 10 22:38:10 movd-gcp-002 named[10014]: samba_dlz: GENSEC backend 'naclrpc_as_system' registered
Jan 10 22:38:10 movd-gcp-002 named[10014]: samba_dlz: GENSEC backend 'sasl-EXTERNAL' registered
Jan 10 22:38:10 movd-gcp-002 named[10014]: samba_dlz: GENSEC backend 'ntlmssp' registered
Jan 10 22:38:10 movd-gcp-002 named[10014]: samba_dlz: GENSEC backend 'ntlmssp_resume_ccache' registered
Jan 10 22:38:10 movd-gcp-002 named[10014]: samba_dlz: GENSEC backend 'http_basic' registered
Jan 10 22:38:10 movd-gcp-002 named[10014]: samba_dlz: GENSEC backend 'http_ntlm' registered
Jan 10 22:38:10 movd-gcp-002 named[10014]: samba_dlz: GENSEC backend 'krb5' registered
Jan 10 22:38:10 movd-gcp-002 named[10014]: samba_dlz: GENSEC backend 'fake_gssapi_krb5' registered
Jan 10 22:38:11 movd-gcp-002 named[10014]: samba_dlz: started for DN DC=lovato,DC=intranet
Jan 10 22:38:11 movd-gcp-002 named[10014]: samba_dlz: starting configure
Jan 10 22:38:11 movd-gcp-002 named[10014]: samba_dlz: configured writeable zone 'lovato.intranet'
Jan 10 22:38:11 movd-gcp-002 named[10014]: samba_dlz: configured writeable zone '_msdcs.lovato.intranet'
Jan 10 22:38:11 movd-gcp-002 named[10014]: set up managed keys zone for view _default, file '/var/named/dynamic/managed-keys.bind'
Jan 10 22:38:11 movd-gcp-002 named[10014]: command channel listening on 127.0.0.1#953
Jan 10 22:38:11 movd-gcp-002 named[10014]: command channel listening on ::1#953
Jan 10 22:38:11 movd-gcp-002 named[10014]: isc_log_open 'named.run' failed: permission denied
Jan 10 22:38:11 movd-gcp-002 named[10014]: managed-keys-zone: loaded serial 3
Jan 10 22:38:11 movd-gcp-002 named[10014]: zone 0.0.127.in-addr.arpa/IN: loaded serial 2013050101
Jan 10 22:38:11 movd-gcp-002 named[10014]: zone localhost/IN: loaded serial 2013050101
Jan 10 22:38:11 movd-gcp-002 named[10014]: all zones loaded
Jan 10 22:38:11 movd-gcp-002 named[10014]: running


I've seen many other people with the same problem, but nobody posted any solution.


Can someone help me?


Regards.

More information about the samba mailing list