[Samba] Switching from Internal DNS to Bind9_DLZ

lingpanda101 lingpanda101 at gmail.com
Tue Jan 2 20:23:18 UTC 2018


On 1/2/2018 2:49 PM, Rowland Penny wrote:
> On Tue, 2 Jan 2018 14:40:10 -0500
> lingpanda101 <lingpanda101 at gmail.com> wrote:
>
>> On 1/2/2018 2:23 PM, Rowland Penny wrote:
>>> On Tue, 2 Jan 2018 14:15:11 -0500
>>> lingpanda101 <lingpanda101 at gmail.com> wrote:
>>>
>>>> On 1/2/2018 1:51 PM, Rowland Penny wrote:
>>>>> On Tue, 2 Jan 2018 13:38:52 -0500
>>>>> lingpanda101 via samba <samba at lists.samba.org> wrote:
>>>>>
>>>>>
>>>>>> A few other observations while attempting to switch.
>>>>>>
>>>>>>      * I do not have a dns.keytab file. Should I or is created
>>>>>> after attempting to switch?
>>>>> See my earlier post about samba_dnsupgrade.
>>>>>
>>>>>>      * running 'named-checkconf' throws an error.
>>>>> It would, it cannot find the zones files that are now in AD.
>>>>>
>>>>> Rowland
>>>> Rowland,
>>>>
>>>>        I think I'm on the home stretch :). However I am running
>>>> into a issue after switching the backend. The switch command
>>>> completes successfully. Bind starts but I get errors when
>>>> attempting to run this command after reboot.
>>>>
>>>> samba_dnsupdate --verbose --all-names
>>>>
>>>> I get this error for all updates.
>>>>
>>>> TSIG error with server: tsig indicates error
>>>> update failed: NOTAUTH(BADSIG)
>>>> Failed nsupdate: 2
>>>> update(nsupdate): A gc._msdcs.domain.local 172.16.22.27
>>>> Calling nsupdate for A gc._msdcs.domain.local 172.16.22.27 (add)
>>>> Successfully obtained Kerberos ticket to DNS/DDC1.domain.local as
>>>> DDC2$ Outgoing update query:
>>>> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
>>>> ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
>>>> ;; UPDATE SECTION:
>>>> gc._msdcs.domain.local.   900     IN      A       172.16.22.27
>>>>
>>>>
>>>> I can connect to the server via. Windows DNS Manager and browse.
>>>>
>>>>
>>> Try adding '--use-samba-tool' to the 'samba_dnsupdate' command
>>>
>>> Rowland
>> I will add that DNS is replicating correctly.  I deleted and added a
>> DNS A record and it replicated instantaneously across sites.
>>
> The problem is that only the owner (or a member of dnsadmins) of a dns
> record can update it. You seem to be trying to use a computer account
> (fairly common) that doesn't own the records.
>
> Rowland

Actually it looks as if Bind isn't running. Though I could've sworn it 
did at one point.

service bind9 restart
  * Stopping domain name service... bind9
               rndc: connect failed: 127.0.0.1#953: connection refused
[ OK ]
  * Starting domain name service... bind9 [fail]

Log shows;

Jan  2 15:20:51 ddc2 named[2793]: 
----------------------------------------------------
Jan  2 15:20:51 ddc2 named[2793]: BIND 9 is maintained by Internet 
Systems Consortium,
Jan  2 15:20:51 ddc2 named[2793]: Inc. (ISC), a non-profit 501(c)(3) 
public-benefit
Jan  2 15:20:51 ddc2 named[2793]: corporation.  Support and training for 
BIND 9 are
Jan  2 15:20:51 ddc2 named[2793]: available at https://www.isc.org/support
Jan  2 15:20:51 ddc2 named[2793]: 
----------------------------------------------------
Jan  2 15:20:51 ddc2 named[2793]: adjusted limit on open files from 4096 
to 1048576
Jan  2 15:20:51 ddc2 named[2793]: found 2 CPUs, using 2 worker threads
Jan  2 15:20:51 ddc2 named[2793]: using 2 UDP listeners per interface
Jan  2 15:20:51 ddc2 named[2793]: using up to 4096 sockets
Jan  2 15:20:51 ddc2 named[2793]: loading configuration from 
'/etc/bind/named.conf'
Jan  2 15:20:51 ddc2 named[2793]: /etc/bind/named.conf:15: 'options' 
redefined near 'options'
Jan  2 15:20:51 ddc2 named[2793]: loading configuration: already exists
Jan  2 15:20:51 ddc2 named[2793]: exiting (due to fatal error)

It seems to stem from the issue I had before "/etc/bind/named.conf:15: 
'options' redefined near 'options'"

-- 
--
James




More information about the samba mailing list