[Samba] Problems with bind9_dlz when rndc is reloaded

Thu Jan 12 10:58:27 UTC 2017

Hi Roger,

I'm using Samba as AD DC in version 4.5.0 on Centos 7 with Bind9_DLZ DNS
backend, Bind is 9.9.4 and I don't have that issue.
I tried reload my bind using systemctl at first and no issue, then I tried
"rdnc reload" to be sure rndc was used, still no issue.

By no issue I don't mean log are clean, I mean the DNS service is working
well (tested using dig commands).

In my logs I have the very same complaints about "duplicate zone" which are
ignored.
In my logs I don't have complaints about permissions on named.run. Perhaps
you should have a look on that.

Cheers,

mathias

2017-01-10 23:39 GMT+01:00 Roger Lovato via samba <samba at lists.samba.org>:

> Hi guys,
>
>
> I'm facing a problems with samba4 + bind9_dlz that consuming my time for
> several days.
>
>
> Everything is working fine until samba4 need to update dns when I'm work
> with more than one DC server. When samba (or bind) need to reload all
> zones, the module bind9_dlz is shutting down and then all my environment
> stops and I need to restart the bind to up again.
>
>
> See my log:
>
>
> ...
>
> Jan 10 22:32:41 movd-gcp-002 named[9728]: Loading 'lovato.intranet' using
> driver dlopen
> Jan 10 22:32:41 movd-gcp-002 named[9728]: samba_dlz: starting configure
> Jan 10 22:32:41 movd-gcp-002 named[9728]: samba_dlz: Ignoring duplicate
> zone 'lovato.intranet' from 'DC=@,DC=lovato.intranet,CN=MicrosoftDNS,DC=
> DomainDnsZones,DC=lovato,DC=intranet'
> Jan 10 22:32:41 movd-gcp-002 named[9728]: samba_dlz: Ignoring duplicate
> zone '_msdcs.lovato.intranet' from 'DC=@,DC=_msdcs.lovato.
> intranet,CN=MicrosoftDNS,DC=ForestDnsZones,DC=lovato,DC=intranet'
> Jan 10 22:32:41 movd-gcp-002 named[9728]: isc_log_open 'named.run' failed:
> permission denied
> Jan 10 22:32:41 movd-gcp-002 named[9728]: zone lovato.intranet/NONE:
> (other) removed
> Jan 10 22:32:41 movd-gcp-002 named[9728]: zone
> _msdcs.lovato.intranet/NONE: (other) removed
> Jan 10 22:32:41 movd-gcp-002 named[9728]: reloading configuration succeeded
> Jan 10 22:32:41 movd-gcp-002 named[9728]: reloading zones succeeded
> Jan 10 22:32:41 movd-gcp-002 named[9728]: samba_dlz: shutting down
> Jan 10 22:32:41 movd-gcp-002 named[9728]: all zones loaded
> Jan 10 22:32:41 movd-gcp-002 named[9728]: running
> server reload successful
>
>
> Bind standing up, but all dynamic zones stops and samba cannot update dns
> names anymore.
>
>
> This is curious is because this happens only when rndc is reloaded. I
> think that happens because the SAMBA dynamic zones are not cleaned and that
> causes shutting down.
>
>
> Jan 10 22:32:41 movd-gcp-002 named[9728]: samba_dlz: Ignoring duplicate
> zone '_msdcs.lovato.intranet' from 'DC=@,DC=_msdcs.lovato.
> intranet,CN=MicrosoftDNS,DC=ForestDnsZones,DC=lovato,DC=intranet'
>
>
> If I restart bind, I think all zones, including dynamic zones, are cleaned
> and bind starts normally.
>
>
> See log:
>
>
> ...
>
> Jan 10 22:38:10 movd-gcp-002 named[10014]: Loading 'lovato.intranet' using
> driver dlopen
> Jan 10 22:38:10 movd-gcp-002 named[10014]: samba_dlz: GENSEC backend
> 'gssapi_spnego' registered
> Jan 10 22:38:10 movd-gcp-002 named[10014]: samba_dlz: GENSEC backend
> 'gssapi_krb5' registered
> Jan 10 22:38:10 movd-gcp-002 named[10014]: samba_dlz: GENSEC backend
> 'gssapi_krb5_sasl' registered
> Jan 10 22:38:10 movd-gcp-002 named[10014]: samba_dlz: GENSEC backend
> 'spnego' registered
> Jan 10 22:38:10 movd-gcp-002 named[10014]: samba_dlz: GENSEC backend
> 'schannel' registered
> Jan 10 22:38:10 movd-gcp-002 named[10014]: samba_dlz: GENSEC backend
> 'naclrpc_as_system' registered
> Jan 10 22:38:10 movd-gcp-002 named[10014]: samba_dlz: GENSEC backend
> 'sasl-EXTERNAL' registered
> Jan 10 22:38:10 movd-gcp-002 named[10014]: samba_dlz: GENSEC backend
> 'ntlmssp' registered
> Jan 10 22:38:10 movd-gcp-002 named[10014]: samba_dlz: GENSEC backend
> 'ntlmssp_resume_ccache' registered
> Jan 10 22:38:10 movd-gcp-002 named[10014]: samba_dlz: GENSEC backend
> 'http_basic' registered
> Jan 10 22:38:10 movd-gcp-002 named[10014]: samba_dlz: GENSEC backend
> 'http_ntlm' registered
> Jan 10 22:38:10 movd-gcp-002 named[10014]: samba_dlz: GENSEC backend
> 'krb5' registered
> Jan 10 22:38:10 movd-gcp-002 named[10014]: samba_dlz: GENSEC backend
> 'fake_gssapi_krb5' registered
> Jan 10 22:38:11 movd-gcp-002 named[10014]: samba_dlz: started for DN
> DC=lovato,DC=intranet
> Jan 10 22:38:11 movd-gcp-002 named[10014]: samba_dlz: starting configure
> Jan 10 22:38:11 movd-gcp-002 named[10014]: samba_dlz: configured writeable
> zone 'lovato.intranet'
> Jan 10 22:38:11 movd-gcp-002 named[10014]: samba_dlz: configured writeable
> zone '_msdcs.lovato.intranet'
> Jan 10 22:38:11 movd-gcp-002 named[10014]: set up managed keys zone for
> view _default, file '/var/named/dynamic/managed-keys.bind'
> Jan 10 22:38:11 movd-gcp-002 named[10014]: command channel listening on
> 127.0.0.1#953
> Jan 10 22:38:11 movd-gcp-002 named[10014]: command channel listening on
> ::1#953
> Jan 10 22:38:11 movd-gcp-002 named[10014]: isc_log_open 'named.run'
> failed: permission denied
> Jan 10 22:38:11 movd-gcp-002 named[10014]: managed-keys-zone: loaded
> serial 3
> Jan 10 22:38:11 movd-gcp-002 named[10014]: zone 0.0.127.in-addr.arpa/IN:
> loaded serial 2013050101
> Jan 10 22:38:11 movd-gcp-002 named[10014]: zone localhost/IN: loaded
> serial 2013050101
> Jan 10 22:38:11 movd-gcp-002 named[10014]: all zones loaded
> Jan 10 22:38:11 movd-gcp-002 named[10014]: running
>
>
> I've seen many other people with the same problem, but nobody posted any
> solution.
>
>
> Can someone help me?
>
>
> Regards.
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>