[Samba] Invalid zone operation IsSigned ERROR
rschiefer at suturehealth.com
rschiefer at suturehealth.com
Tue May 22 15:28:43 UTC 2018
Versions:
Samba 4.3.11-Ubuntu
Ubuntu: 16.04 and 14.04
NOT using bind for DNS.
3 Domain Controllers:
dc-1
dc-2
identity-c01
Using the DNS tool on Windows, or the command:
samba-tool dns query localhost xxxx.com <http://xxxx.com> @ ALL -U xxxx
causes the queried samba service to crash with the following output in the
syslog:
May 22 15:17:54 dc-1 samba[1115]: [2018/05/22 15:17:54.590059, 0]
../source4/rpc_server/dnsserver/dcerpc_dnsserver.c:1086(dnsserver_query_zone
)
May 22 15:17:56 dc-1 samba[1115]: dnsserver: Invalid zone operation
IsSigneddnsserver: Invalid zone operation IsSigneddnsserver: Invalid zone
operation IsSigneddnsserver: Invalid zone operation
IsSigned===============================================================
May 22 15:17:56 dc-1 samba[1115]: [2018/05/22 15:17:56.225586, 0]
../lib/util/fault.c:79(fault_report)
May 22 15:17:56 dc-1 samba[1115]: INTERNAL ERROR: Signal 11 in pid 1115
(4.3.11-Ubuntu)
May 22 15:17:56 dc-1 samba[1115]: Please read the Trouble-Shooting section
of the Samba HOWTO
May 22 15:17:56 dc-1 samba[1115]: [2018/05/22 15:17:56.225615, 0]
../lib/util/fault.c:81(fault_report)
May 22 15:17:56 dc-1 samba[1115]:
===============================================================
May 22 15:17:56 dc-1 samba[1115]: [2018/05/22 15:17:56.225640, 0]
../lib/util/fault.c:151(smb_panic_default)
May 22 15:17:56 dc-1 samba[1115]: PANIC: internal error
May 22 15:18:02 dc-1 samba[1091]: [2018/05/22 15:18:02.683480, 0]
../source4/smbd/process_standard.c:127(standard_child_pipe_handler)
May 22 15:18:02 dc-1 samba[1091]: Child 1115 (rpc) terminated with signal
6
May 22 15:18:08 dc-1 smbd[1256]: [2018/05/22 15:18:08.872383, 1]
../source3/rpc_server/rpc_ncacn_np.c:773(make_external_rpc_pipe)
To me this points to a corrupt record in DNS. Does anyone have any
suggestions on how I can clean up the DNS records when querying the service
crashes it?
For what it's worth, we have snapshots of dc-1 and dc-2 that are not
corrupt, but if we bring identity-c01 online, it replicates the corrupt
records down to dc-1 and dc-2, causing this failure to propagate across all
domain controllers.
Thanks for any help or suggestions.
Robb
More information about the samba
mailing list