[Samba] How can I fix this dns issue?

Robert Wooden bob at donelsontrophy.com
Sun Jul 16 14:58:02 UTC 2017 

I have a two DC, one member server system serving a few W workstation
clients.

I recently updated the DC's hardware, moved the FSMO records and demoted
the old DC's two weeks ago.

Everything seemed to be fine except one of the DC's (the one carrying the
FSMO roles) was sluggish (for lack of better term) during any DNS queries.
But, would return results eventually, so, I thought all was okay.

One week ago (last Saturday) I discover that I have some "broken" dns test
responses. Scheduled to leave for a long overdue vacation that morning,
there was no time to resolve this issue, so, I shutdown the workstations
and got on a plane.

Now, returned, I find this:

root at dc06:~# systemctl status bind9
● bind9.service - BIND Domain Name Server
   Loaded: loaded (/lib/systemd/system/bind9.service; enabled; vendor
preset: enabled)
  Drop-In: /run/systemd/generator/bind9.service.d
           └─50-insserv.conf-$named.conf
   Active: failed (Result: exit-code) since Sat 2017-07-15 18:10:21 CDT;
20min ago
     Docs: man:named(8)
  Process: 1108 ExecStop=/usr/sbin/rndc stop (code=exited, status=1/FAILURE)
  Process: 870 ExecStart=/usr/sbin/named -f -u bind (code=exited,
status=1/FAILURE)
 Main PID: 870 (code=exited, status=1/FAILURE)

Jul 15 18:10:21 dc06 named[870]: samba_dlz: configured writeable zone
'16.168.192.in-addr.arpa'
Jul 15 18:10:21 dc06 named[870]: zone 16.168.192.in-appr.arpa/NONE: *has no
NS records*
Jul 15 18:10:21 dc06 named[870]: samba_dlz: Failed to configure zone
'16.168.192.in-appr.arpa'
Jul 15 18:10:21 dc06 named[870]: loading configuration: bad zone
Jul 15 18:10:21 dc06 named[870]: exiting (due to fatal error)
Jul 15 18:10:21 dc06 systemd[1]: bind9.service: Main process exited,
code=exited, status=1/FAILURE
Jul 15 18:10:21 dc06 rndc[1108]: rndc: connect failed: 127.0.0.1#953:
connection refused
Jul 15 18:10:21 dc06 systemd[1]: bind9.service: Control process exited,
code=exited status=1
Jul 15 18:10:21 dc06 systemd[1]: bind9.service: Unit entered failed state.
Jul 15 18:10:21 dc06 systemd[1]: bind9.service: Failed with result
'exit-code'.


As you can see I have no "NS records".

More tests (this is a few of them but, all tests keep failing):

root at dc06:~# nslookup dtdc06
;; connection timed out; no servers could be reached

root at dc06:~# nslookup 192.168.16.47
;; connection timed out; no servers could be reached

root at dc06:~# host -t SRV _ldap._tcp.dtshrm.dt.
;; connection timed out; no servers could be reached

root at dc06:~# samba-tool dns zonelist dc06.dtshrm.dt --secondary -U
administrator
Password for [DTDOM\administrator]:
ERROR: Connecting to DNS RPC server dc06.dtshrm.dt failed with
(-1073741643, '{Device Timeout} The specified I/O operation on %hs was not
completed before the time-out period expired.')

I have reviewed all my bind9 configuration adjustments and nothing appears
to have changed. DC bind9 tests all fail. DNS appears to be completely
broken!

Can I rebuild the DNS records or should I just rebuild the DC's from
scratch? If so, should I "turn off" the second DC (as it replicates from
the first DC) before correcting the errors on first DC and then restart the
second DC and let it replicate the (soon to be) corrected or rebuilt DC?

-- 
Bob Wooden

More information about the samba mailing list