[Samba] borked my dns

Robert Wooden bob at donelsontrophy.com
Sat Jul 15 23:55:30 UTC 2017 

I have a two DC, one member server system serving a few W workstation
clients.

I recently updated the DC's hardware, moved the FSMO records and demoted
the old DC's two weeks ago.

Everything seemed to be fine except one of the DC's (the one carrying the
FSMO roles) was sluggish (for lack of better term) during and DNS queries.
But, would return results so, I thought all was good.

One week ago (last Saturday) I discover that I have some "broken" dns.
Scheduled to leave for a long overdue vacation that morning, there was no
time to resolve this issue, so, I shutdown the workstations and got on a
plane.

Now, returned, I find this:

root at dc06:~# systemctl status bind9
● bind9.service - BIND Domain Name Server
   Loaded: loaded (/lib/systemd/system/bind9.service; enabled; vendor
preset: enabled)
  Drop-In: /run/systemd/generator/bind9.service.d
           └─50-insserv.conf-$named.conf
   Active: failed (Result: exit-code) since Sat 2017-07-15 18:10:21 CDT;
20min ago
     Docs: man:named(8)
  Process: 1108 ExecStop=/usr/sbin/rndc stop (code=exited, status=1/FAILURE)
  Process: 870 ExecStart=/usr/sbin/named -f -u bind (code=exited,
status=1/FAILURE)
 Main PID: 870 (code=exited, status=1/FAILURE)

Jul 15 18:10:21 dc06 named[870]: samba_dlz: configured writeable zone
'16.168.192.in-addr.arpa'
Jul 15 18:10:21 dc06 named[870]: zone 16.168.192.in-appr.arpa/NONE: has no
NS records
Jul 15 18:10:21 dc06 named[870]: samba_dlz: Failed to configure zone
'16.168.192.in-appr.arpa'
Jul 15 18:10:21 dc06 named[870]: loading configuration: bad zone
Jul 15 18:10:21 dc06 named[870]: exiting (due to fatal error)
Jul 15 18:10:21 dc06 systemd[1]: bind9.service: Main process exited,
code=exited, status=1/FAILURE
Jul 15 18:10:21 dc06 rndc[1108]: rndc: connect failed: 127.0.0.1#953:
connection refused
Jul 15 18:10:21 dc06 systemd[1]: bind9.service: Control process exited,
code=exited status=1
Jul 15 18:10:21 dc06 systemd[1]: bind9.service: Unit entered failed state.
Jul 15 18:10:21 dc06 systemd[1]: bind9.service: Failed with result
'exit-code'.


As you can see I have no "NS records".

More tests (this is a few of them but, all tests keep failing):

root at dc06:~# nslookup dtdc06
;; connection timed out; no servers could be reached

root at dc06:~# nslookup 192.168.16.47
;; connection timed out; no servers could be reached

root at dc06:~# host -t SRV _ldap._tcp.dtshrm.dt.
;; connection timed out; no servers could be reached

root at dc06:~# samba-tool dns zonelist dc06.dtshrm.dt --secondary -U
administrator
Password for [DTDOM\administrator]:
ERROR: Connecting to DNS RPC server dc06.dtshrm.dt failed with
(-1073741643, '{Device Timeout} The specified I/O operation on %hs was not
completed before the time-out period expired.')

I have reviewed all my bind9 configuration adjustments and nothing appears
to have changed. DC bind9 tests all fail. DNS appears to be completely
broken!

To those who know more about DNS than I, what other information do you need
to see? I am open to suggestions on how to proceed to correct this?

Can I rebuild the records or should I just rebuild the DC's from scratch?
If so, should I "turn off" the second DC (as it replicates from the first
DC) before correcting the errors on first DC and then restart the second DC
and let it replicate the (soon to be) corrected or rebuilt DC?

-- 
Bob Wooden

More information about the samba mailing list