[Samba] " a misconfigured DNS zone" (was Provision new domain keeping users and passwords (Santiago))
L.P.H. van Belle
belle at bazuin.nl
Thu Mar 30 07:13:53 UTC 2017
Hai,
Ok, first, 15--03-2017 Rowland replied on your subject :
"Re: [Samba] Problems with replication and dns"
Did you try to setup that config exact as he did show?
If not, and even if you did, below is your config, but adjusted, at least now it "usable" for the AD DC.
So please setup this up, restart bind and post the log again.
(more info : https://wiki.samba.org/index.php/Setting_up_a_BIND_DNS_Server)
I tried to keep your config as much as is, so its easier to track the changes. Nothing is removed, only remarked where needed.
options {
auth-nxdomain yes;
//listen-on port 53 { 127.0.0.1; };
//listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
//allow-query { localhost; };
recursion yes;
empty-zones-enable no;
dnssec-enable yes;
dnssec-validation yes;
tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab";
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
// I changed the load order here, make user the DLZ zones are loaded first.
include "/usr/local/samba/private/named.conf";
//include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
zone "." IN {
type hint;
file "named.ca";
};
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: Santiago Londoño Mejía [mailto:santiago.londono at pragma.com.co]
> Verzonden: woensdag 29 maart 2017 17:33
> Aan: L.P.H. van Belle
> Onderwerp: Re: [Samba] Provision new domain keeping users and passwords
> (Santiago)
>
> Hello,
>
> Thank you very much for your reply
> named.conf:
>
> options {
> listen-on port 53 { 127.0.0.1; };
> listen-on-v6 port 53 { ::1; };
> directory "/var/named";
> dump-file "/var/named/data/cache_dump.db";
> statistics-file "/var/named/data/named_stats.txt";
> memstatistics-file "/var/named/data/named_mem_stats.txt";
> allow-query { localhost; };
> recursion yes;
>
> dnssec-enable yes;
> dnssec-validation yes;
> tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab";
> /* Path to ISC DLV key */
> bindkeys-file "/etc/named.iscdlv.key";
>
> managed-keys-directory "/var/named/dynamic";
> };
>
> logging {
> channel default_debug {
> file "data/named.run";
> severity dynamic;
> };
> };
>
> zone "." IN {
> type hint;
> file "named.ca";
> };
>
> include "/etc/named.rfc1912.zones";
> include "/etc/named.root.key";
> include "/usr/local/samba/private/named.conf";
>
> named log:
>
> Mar 29 10:31:00 neptuno named[32096]: sizing zone task pool based on 6
> zones
> Mar 29 10:31:00 neptuno named[32096]: Loading 'AD DNS Zone' using driver
> dlopen
> Mar 29 10:31:00 neptuno named[32096]: samba_dlz: started for DN
> DC=pragma,DC=com,DC=co
> Mar 29 10:31:00 neptuno named[32096]: samba_dlz: starting configure
> Mar 29 10:31:00 neptuno named[32096]: samba_dlz: configured writeable
> zone 'waspruebas.proteccion.com.co'
> Mar 29 10:31:00 neptuno named[32096]: samba_dlz: configured writeable
> zone 'segdllo02.suranet.com'
> Mar 29 10:31:00 neptuno named[32096]: zone dbmed04.pragma.com.co/NONE:
> has no NS records
> Mar 29 10:31:00 neptuno named[32096]: samba_dlz: Failed to configure
> zone 'dbmed04.pragma.com.co'
> Mar 29 10:31:00 neptuno named[32096]: loading configuration: bad zone
> Mar 29 10:31:00 neptuno named[32096]: exiting (due to fatal error)
>
> Best regards,
>
> Santiago.
>
> 2017-03-29 9:48 GMT-05:00, L.P.H. van Belle via samba
> <samba at lists.samba.org>:
> > Hai Santiago,
> >
> >
> >
> > Your welkom, i hope i can help you out.
> >
> >
> >
> > Post my your bind9 configuration, you can anonimize it if needed,
> >
> > but dont remove any lines from it.
> >
> >
> >
> > And i need a snap of the log when bind is starting up.
> >
> > Like this one :
> >
> > Mar 29 16:42:58 dc1 named[21921]: starting BIND 9.9.5-9+deb8u10-Debian -
> f -u
> > bind
> >
> > Mar 29 16:42:58 dc1 named[21921]: built with '?pr.... etc. .
> >
> > Mar 29 16:42:58 dc1 named[21921]: ---bla bla.....
> >
> > ..... and from this point is what i really want.
> >
> >
> >
> > Mar 29 16:42:58 dc1 named[21921]: using up to 4096 sockets
> >
> > Mar 29 16:42:58 dc1 named[21921]: loading configuration from
> > '/etc/bind/named.conf'
> >
> > Mar 29 16:42:58 dc1 named[21921]: reading built-in trusted keys from
> file
> > '/etc/bind/bind.keys'
> >
> > Mar 29 16:42:58 dc1 named[21921]: using default UDP/IPv4 port range:
> [1024,
> > 65535]
> >
> > Mar 29 16:42:58 dc1 named[21921]: using default UDP/IPv6 port range:
> [1024,
> > 65535]
> >
> > Mar 29 16:42:58 dc1 named[21921]: listening on IPv4 interface lo,
> > 127.0.0.1#53
> >
> > Mar 29 16:42:58 dc1 named[21921]: listening on IPv4 interface eth0,
> > 192.168.1.1#53
> >
> > Mar 29 16:42:58 dc1 named[21921]: generating session key for dynamic DNS
> >
> > Mar 29 16:42:58 dc1 named[21921]: sizing zone task pool based on 5 zones
> >
> > Mar 29 16:42:58 dc1 named[21921]: Loading 'AD DNS Zone' using driver
> dlopen
> >
> > Mar 29 16:42:58 dc1 named[21921]: samba_dlz: started for DN
> > DC=officemain,DC=domain,DC=tld
> >
> > Mar 29 16:42:58 dc1 named[21921]: samba_dlz: starting configure
> >
> > Mar 29 16:42:58 dc1 named[21921]: samba_dlz: configured writeable zone
> > '1.168.192.in-addr.arpa'
> >
> > Mar 29 16:42:58 dc1 named[21921]: samba_dlz: configured writeable zone
> > '0.1.10.in-addr.arpa'
> >
> > Mar 29 16:42:58 dc1 named[21921]: samba_dlz: configured writeable zone
> > '1.2.10.in-addr.arpa'
> >
> > Mar 29 16:42:58 dc1 named[21921]: samba_dlz: configured writeable zone
> > '2.3.10.in-addr.arpa'
> >
> > Mar 29 16:42:58 dc1 named[21921]: samba_dlz: configured writeable zone
> > '3.4.10.in-addr.arpa'
> >
> > Mar 29 16:42:58 dc1 named[21921]: samba_dlz: configured writeable zone
> > '4.5.10.in-addr.arpa'
> >
> > Mar 29 16:42:58 dc1 named[21921]: samba_dlz: configured writeable zone
> > 'officemain.domain.tld'
> >
> > Mar 29 16:42:58 dc1 named[21921]: samba_dlz: configured writeable zone
> > 'office1.domain.tld'
> >
> > Mar 29 16:42:58 dc1 named[21921]: samba_dlz: configured writeable zone
> > 'office2.domain.tld'
> >
> > Mar 29 16:42:58 dc1 named[21921]: samba_dlz: configured writeable zone
> > 'office3.domain.tld'
> >
> > Mar 29 16:42:58 dc1 named[21921]: samba_dlz: configured writeable zone
> > 'office4.domain.tld'
> >
> > Mar 29 16:42:58 dc1 named[21921]: samba_dlz: configured writeable zone
> > 'office5.domain.tld'
> >
> > Mar 29 16:42:58 dc1 named[21921]: samba_dlz: configured writeable zone
> > 'domain.tld'
> >
> > Mar 29 16:42:58 dc1 named[21921]: samba_dlz: configured writeable zone
> > '_msdcs.officemain.domain.tld'
> >
> > Mar 29 16:42:58 dc1 named[21921]: set up managed keys zone for view
> > _default, file 'managed-keys.bind'
> >
> > Mar 29 16:42:58 dc1 named[21921]: command channel listening on
> > 127.0.0.1#953
> >
> > Mar 29 16:42:58 dc1 named[21921]: managed-keys-zone: loaded serial 715
> >
> > Mar 29 16:42:58 dc1 named[21921]: zone 0.in-addr.arpa/IN: loaded serial
> 1
> >
> > Mar 29 16:42:58 dc1 named[21921]: zone localhost/IN: loaded serial 2
> >
> > Mar 29 16:42:58 dc1 named[21921]: zone 127.in-addr.arpa/IN: loaded
> serial 1
> >
> > Mar 29 16:42:58 dc1 named[21921]: zone 255.in-addr.arpa/IN: loaded
> serial 1
> >
> > Mar 29 16:42:58 dc1 named[21921]: all zones loaded
> >
> > Mar 29 16:42:58 dc1 named[21921]: running
> >
> >
> >
> >
> >
> >> -----Oorspronkelijk bericht-----
> >
> >> Van: Santiago Londoño Mejía [mailto:santiago.londono at pragma.com.co]
> >
> >> Verzonden: woensdag 29 maart 2017 16:33
> >
> >> Aan: L.P.H. van Belle
> >
> >> Onderwerp: Re: [Samba] Provision new domain keeping users and passwords
> >
> >> (Santiago)
> >
> >>
> >
> >> Hello,
> >
> >> backend: bind9_DLZ
> >
> >>
> >
> >> deleting zone WASPRUEBAS.PROTECCION.COM.CO
> >
> >>
> >
> >> ./samba-tool dns zonedelete neptuno waspruebas.proteccion.com.co
> >
> >> ERROR(runtime): uncaught exception - (9717,
> >
> >> 'WERR_DNS_ERROR_DS_UNAVAILABLE')
> >
> >> File "/usr/local/samba/lib64/python2.7/site-
> >
> >> packages/samba/netcmd/__init__.py",
> >
> >> line 175, in _run
> >
> >> return self.run(*args, **kwargs)
> >
> >> File "/usr/local/samba/lib64/python2.7/site-
> >
> >> packages/samba/netcmd/dns.py",
> >
> >> line 925, in run
> >
> >> None)
> >
> >>
> >
> >> Thank you very much for your response
> >
> >> Best regards,
> >
> >>
> >
> >> Santiago.
> >
> >>
> >
> >>
> >
> >>
> >
> >>
> >
> >>
> >
> >>
> >
> >>
> >
> >>
> >
> >> 2017-03-29 9:17 GMT-05:00, L.P.H. van Belle via samba
> >
> >> <samba at lists.samba.org>:
> >
> >> > Hi Santiago,
> >
> >> >
> >
> >> > Same for you?
> >
> >> > Are you running samba internal DNS or bind9_DLZ?
> >
> >> >
> >
> >> > Can you explain a bit more about this?
> >
> >> >
> >
> >> >
> >
> >> > I know the sitiuantion to have problems with zones, and i may know a
> >> > way
> >
> >> to
> >
> >> > get around it.
> >
> >> > At least i did fix something like this about 2 years ago with samba
> >
> >> 4.1.x
> >
> >> > and bind9_dlz.
> >
> >> >
> >
> >> >
> >
> >> > Greetz,
> >
> >> >
> >
> >> > Louis
> >
> >> >
> >
> >> >
> >
> >> >
> >
> >> > --
> >
> >> > To unsubscribe from this list go to the following URL and read the
> >
> >> > instructions: https://lists.samba.org/mailman/options/samba
> >
> >> >
> >
> >>
> >
> >>
> >
> >> --
> >
> >> Santiago Londoño Mejía
> >
> >> Analista de Infraestructura
> >
> >> t. (574) 605 25 23 ext. 1232
> >
> >> m. (57) 3148332567
> >
> >> Medellín | Carrera 50 C #10 Sur 80
> >
> >> Bogotá | Medellín | Cali
> >
> >> www.pragma.com.co
> >
> >>
> >
> >> --
> >
> >>
> >
> >>
> >
> >> Este mensaje es confidencial. Puede contener información privilegiada
> que
> >
> >> pertenece a PRAGMA S.A. y/o a sus clientes, contratistas, directores,
> >
> >> empleados y asesores, por tanto no debe ser usado ni divulgado por
> >
> >> personas distintas a su destinatario. Si obtiene este mensaje por
> error,
> >
> >> equivocación u omisión, por favor bórrelo y avise al remitente.
> >
> >>
> >
> >> Está prohibida su retención, grabación, utilización o divulgación con
> >
> >> cualquier propósito.
> >
> >>
> >
> >> Este mensaje ha sido sometido a programas antivirus. No obstante,
> PRAGMA
> >
> >> S.A. no asume ninguna responsabilidad por eventuales daños generados
> por
> >
> >> el recibo y uso de este material, siendo responsabilidad del
> destinatario
> >
> >> verificar con sus propios medios la existencia de virus u otros
> defectos.
> >
> >>
> >
> >> Las opiniones, conclusiones y otra información contenida en este correo
> >> no
> >
> >> relacionadas con el negocio oficial de PRAGMA S.A., deben entenderse
> como
> >
> >> personales y de ninguna manera son avaladas por la Compañía.
> >
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
> >
>
>
> --
> Santiago Londoño Mejía
> Analista de Infraestructura
> t. (574) 605 25 23 ext. 1232
> m. (57) 3148332567
> Medellín | Carrera 50 C #10 Sur 80
> Bogotá | Medellín | Cali
> www.pragma.com.co
>
> --
>
>
> Este mensaje es confidencial. Puede contener información privilegiada que
> pertenece a PRAGMA S.A. y/o a sus clientes, contratistas, directores,
> empleados y asesores, por tanto no debe ser usado ni divulgado por
> personas distintas a su destinatario. Si obtiene este mensaje por error,
> equivocación u omisión, por favor bórrelo y avise al remitente.
>
> Está prohibida su retención, grabación, utilización o divulgación con
> cualquier propósito.
>
> Este mensaje ha sido sometido a programas antivirus. No obstante, PRAGMA
> S.A. no asume ninguna responsabilidad por eventuales daños generados por
> el recibo y uso de este material, siendo responsabilidad del destinatario
> verificar con sus propios medios la existencia de virus u otros defectos.
>
> Las opiniones, conclusiones y otra información contenida en este correo no
> relacionadas con el negocio oficial de PRAGMA S.A., deben entenderse como
> personales y de ninguna manera son avaladas por la Compañía.
More information about the samba
mailing list