[Samba] samba 4.8.3 samba_dnsupdate odd long timeouts

Kacper Wirski kacper.wirski at gmail.com
Fri Jun 29 06:15:48 UTC 2018


To follow up on my own question:

I still have no idea what caused this behaviour with dnsupdate, but 
removing DC with:

- first demote

- then remove-other-dead-server (I noticed it clears in much better way 
all entries

- removing whole samba dir and reinstalling it

- and simply re-joining this DC solved this issue, samba_dnsupdate 
--all-names completed in seconds with success.

Weird, at least for me, whatsoever, but if fixed "itself", I won't complain.

Regards,

Kacper


W dniu 28.06.2018 o 18:20, Kacper Wirski via samba pisze:
> Hello,
> I'll try to be as brief as possible.
> I'm testing samba 4.8.3 on centos 7.5.
> Fresh installation joined to existing AD domain that was ran with samba
> 4.7.6.
>
> I did add 2 DC's with 4.8.3, then removed all 4.7.6 DC's. Everything seemed
> to work fine, except for adding DNS entries on one of the machines.
>
> Samba by itself was unable to add them throwing error in log that dnsupdate
> failed.
> When running it with "samba_dnsupdate --verbose -d 10" it does eventually
> complete, but it takes FOREVER, roughly 300 seconds to complete each update.
>
> DNS backend is BIND, it's not my first adventure with samba 4 AD, so I t h
> i n k I covered most of the basics, that is:
> - proper ownership of files for "named"
> - trying with and without SELinux
> - veryfing /etc/krb5.conf /usr/local/samba/etc/smb.conf and /etc/named.conf
> for oddities, but I'm at a loss.
>
> Both 4.8.3 machines were created from same template, just different host
> names and IP addresses.
>
> One machine works perfectly fine (upgradedns finishes in ~2 seconds or
> less), other one needs 5 minutes per entry (times 20+... yeah, forever).
>
> What I already checked:
> obviously connection between both  boxes exists (replication works fine for
> example)
> both machines are VM's running inside same hypervisor,
>
> Right now both DC's use each other as DNS (so DC1 -> DC2 and DC2 -> DC1). I
> tried changing it in whatever way, but resulstts were the same, DC2 works
> prefectly, DC1 is unable to complete this job in reasonable time.
>
> My smb.conf is pretty basic (standard what was created during join) + added
> secure dns updates.
>
> On the machine with slow dns update kerberos ticket is obtained without
> issues, but for whatever reason it just takes time, as if machine was
> timing out on something.
>
> Also, there are no errors, and each timeout is roughly 250-300 seconds..
>
> Regards,
> Kacper




More information about the samba mailing list