[Samba] How to update the root hints for bind DLZ

Torsten Kurbad samba-technical at tk-webart.de
Tue Jun 6 09:36:35 UTC 2017 

Hi,

we are running a Samba AD on UCS 4.2, which comes with Samba 4.6.1.

The DNS server (192.168.0.200) is operated by bind with the samba DLZ
module. It also hosts several zones outside of samba.

Every couple of hours, I get messages like these on the server:

Jun  5 23:04:58 ucsdc1 daemon:[warning] checkhints:
  h.root-servers.net/A (198.97.190.53) missing from hints
Jun  5 23:04:58 ucsdc1 daemon:[warning] checkhints:
  h.root-servers.net/A (128.63.2.53) extra record in hints
Jun  5 23:06:48 ucsdc1 daemon:[warning] checkhints:
  h.root-servers.net/A (198.97.190.53) missing from hints
Jun  5 23:06:48 ucsdc1 daemon:[warning] checkhints:
  h.root-servers.net/A (128.63.2.53) extra record in hints

This is because h.root-servers.net transitioned to a new IP in the
one any a half year ago.
[https://www.isc.org/blogs/h-root-will-change-its-addresses-on-1-december-2015-what-does-this-mean-for-you/]

I updated the relevant section in my /etc/bind/db.root that now looks
like this:

;
; FORMERLY AOS.ARL.ARMY.MIL
;
.                        3600000      NS    H.ROOT-SERVERS.NET.
H.ROOT-SERVERS.NET.      3600000      A     198.97.190.53
H.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:1::53

'dig -t any 192.168.0.200' says:

h.root-servers.net.	57555	IN	A    198.97.190.53
h.root-servers.net.	57555	IN	AAAA 2001:500:1::53

However, the messages keep appearing in the log. After some
digging I found that 'samba-tool dns roothints 192.168.0.200' says:

  Name=h.root-servers.net., Records=1, Children=0
    A: 128.63.2.53 (flags=8, serial=0, ttl=0)

If I try to update this entry in the Windows DNS management console, I
get an error message:

  Failure to write NS record <h.root-servers.net>
  Der Name ist nicht vorhanden.

(Last part is German - Unfortunately, I don't have an English Windows
version at my disposal, but loosely translated it would be something
like "The name could not be found".)

Thus, my question is: What is the correct way to update Samba's root
hints?

Thank you and best regards,
Torsten

More information about the samba mailing list