[Samba] Internal DNS migrate to Bind9_DLZ

Wed Oct 31 15:10:15 UTC 2018

On Wed, 31 Oct 2018 14:52:28 +0100
L.P.H. van Belle <belle at bazuin.nl> wrote:

> Hai, 
>  
> I've checked out the log you send and i re-read the complete thread. 
>  
> Based on thats done and what i did see in you logs now, looks like a
> * (wildcard)  entry is giving the problem. But i am not sure of that,
> the wildcard bugs should be fixed, when i look in bugzilla.  (#10435
> #12952 ) I've forwarded the mail to Rowland also before we go throw
> things at you again. ;-) I've snaped the parts i think where the
> interesting parts in this mail, but maybe Rowland notices more. 
> Last, have you tried with the bind config at port 53  in stead of
> 5353. Please note, RedHat is not my cookie so any Centos/Red Hat
> people here, comments are usefull.. last remove this part from you
> named.conf
> 
> # Root Servers
> # (Required for recursive DNS queries)
> zone "." {
> type hint;
> file "named.root";
> };
> 
> # localhost zone
> zone "localhost" {
> type master;
> file "master/localhost.zone";
> };
> 
> # 127.0.0. zone.
> zone "0.0.127.in-addr.arpa" {
> type master;
> file "master/0.0.127.zone";
> };
> 
> These zones are also in
> DC=RootDNSServers,CN=MicrosoftDNS,DC=DomainDnsZones,DC=<domain>,DC=corp

They may be, but they are not Samba dns zones and are not causing the
problem, as proof I have them in my setup without problem.

> 
> The log parts. 
> 
> 31-Oct-2018 13:26:56.585 processing statistics channel 127.0.0.1#8653
> 31-Oct-2018 13:26:56.585 statistics channel listening on
> 127.0.0.1#8653 31-Oct-2018 13:26:56.585 using default UDP/IPv4 port
> range: [1024, 65535] 31-Oct-2018 13:26:56.585 using default UDP/IPv6
> port range: [1024, 65535] 31-Oct-2018 13:26:56.589 no IPv6 interfaces
> found 31-Oct-2018 13:26:56.589 listening on IPv4 interface lo,
> 127.0.0.1#5353 31-Oct-2018 13:26:56.590 clientmgr @0x7f4bcc691010:
> create .. 
> 31-Oct-2018 13:26:56.607 listening on IPv4 interface ens192, <IP>#5353
> ..
> 31-Oct-2018 13:26:56.617 generating session key for dynamic DNS
> 31-Oct-2018 13:26:56.618 sizing zone task pool based on 3 zones
> 31-Oct-2018 13:26:56.619 decrement_reference: delete from rbt:
> 0x7f4bcc6acc70 . 31-Oct-2018 13:26:56.620 Loading 'AD DNS Zone' using
> driver dlopen 31-Oct-2018 13:26:56.620 Loading SDLZ driver.
> --
> 31-Oct-2018 13:26:56.754 samba_dlz: dn: @ROOTDSE
> 31-Oct-2018 13:26:56.754 samba_dlz: configurationNamingContext:
> CN=Configuration,DC=<domain>,DC=corp 31-Oct-2018 13:26:56.754
> samba_dlz: defaultNamingContext: DC=<domain>,DC=corp 31-Oct-2018
> 13:26:56.754 samba_dlz: schemaNamingContext:
> CN=Schema,CN=Configuration,DC=<domain>,DC=corp and then it starts the
> fail. 
>  
> 31-Oct-2018 13:26:56.758 samba_dlz: 
> 31-Oct-2018 13:26:56.758 samba_dlz: ldb: ldb_asprintf/set_errstring:
> No such Base DN: CN=Directory Service,CN=Windows
> NT,CN=Services,CN=Configuration,DC=<domain>,DC=corp

Have you checked if the supposedly missing DN's are actually not there
in AD ? 

> 31-Oct-2018
> 13:26:56.758 samba_dlz: ldb: ldb_trace_response: DONE 31-Oct-2018
> 13:26:56.758 samba_dlz: error: 32 31-Oct-2018 13:26:56.758 samba_dlz:
> msg: No such Base DN: CN=Directory Service,CN=Windows
> NT,CN=Services,CN=Configuration,DC=<domain>,DC=corp 31-Oct-2018
> 13:26:56.758 samba_dlz: 31-Oct-2018 13:26:56.763 samba_dlz: dn:
> @PARTITION 31-Oct-2018 13:26:56.763 samba_dlz: replicateEntries:
> @ATTRIBUTES 31-Oct-2018 13:26:56.763 samba_dlz: replicateEntries:
> @INDEXLIST 31-Oct-2018 13:26:56.763 samba_dlz: replicateEntries:
> @OPTIONS 31-Oct-2018 13:26:56.763 samba_dlz: partition:
> CN=SCHEMA,CN=CONFIGURATION,DC=<domain>,DC=CORP:sam.ldb.d/CN=SCHE
> 31-Oct-2018 13:26:56.763 samba_dlz:
> MA,CN=CONFIGURATION,DC=<domain>,DC=CORP.ldb 31-Oct-2018 13:26:56.763
> samba_dlz: partition:
> CN=CONFIGURATION,DC=<domain>,DC=CORP:sam.ldb.d/CN=CONFIGURATION,
> 31-Oct-2018 13:26:56.764 samba_dlz:  DC=<domain>,DC=CORP.ldb
> 31-Oct-2018 13:26:56.764 samba_dlz: partition:
> DC=<domain>,DC=CORP:sam.ldb.d/DC=<domain>,DC=CORP.ldb 31-Oct-2018
> 13:26:56.764 samba_dlz: partition:
> DC=DOMAINDNSZONES,DC=<domain>,DC=CORP:sam.ldb.d/DC=DOMAINDNSZONE
> 31-Oct-2018 13:26:56.764 samba_dlz:  S,DC=<domain>,DC=CORP.ldb
> 31-Oct-2018 13:26:56.764 samba_dlz: partition:
> DC=FORESTDNSZONES,DC=<domain>,DC=CORP:sam.ldb.d/DC=FORESTDNSZONE
> 31-Oct-2018 13:26:56.764 samba_dlz:  S,DC=<domain>,DC=CORP.ldb
> 31-Oct-2018 13:26:56.777 samba_dlz: Initial schema load needed, as we
> have no existing schema, seq_num: 1 31-Oct-2018 13:26:56.921
> samba_dlz: schema_fsmo_init: we are master[no] updates allowed[no]
> 31-Oct-2018 13:26:56.776 samba_dlz: ldb: ldb_trace_response: ENTRY
> 31-Oct-2018 13:26:56.776 samba_dlz: dn: DC=<domain>,DC=corp
> 31-Oct-2018 13:26:56.776 samba_dlz: objectSid:
> S-1-5-21-123456789-115225906-12345679   ( i've changed this SID for
> you. ) 31-Oct-2018 13:26:56.776 samba_dlz: 31-Oct-2018 13:26:56.921
> samba_dlz: schema_fsmo_init: we are master[no] updates allowed[no]
> 
> 31-Oct-2018 13:26:57.154 samba_dlz: ldb: ldb_trace_response: ENTRY
> 31-Oct-2018 13:26:57.154 samba_dlz: dn: CN=NTDS
> Settings,CN=XXX002AAAAA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=<domain>,DC=corp
> 31-Oct-2018 13:26:57.154 samba_dlz: msDS-Behavior-Version: 4 
> 31-Oct-2018 13:26:57.158 samba_dlz: started for DN DC=<domain>,DC=corp
> 31-Oct-2018 13:26:57.158 SDLZ driver loaded successfully.
> 31-Oct-2018 13:26:57.158 DLZ driver loaded successfully.
> 31-Oct-2018 13:26:57.158 samba_dlz: starting configure
>  
> 31-Oct-2018 13:26:57.218 samba_dlz: ldb: ldb_asprintf/set_errstring:
> No such Base DN:
> DC=*,DC=<domain>.corp,CN=MicrosoftDNS,DC=DomainDnsZones,DC=<domain>,DC=corp
> 31-Oct-2018 13:26:57.218 samba_dlz: ldb: ldb_trace_response: DONE
> 31-Oct-2018 13:26:57.218 samba_dlz: error: 32 31-Oct-2018
> 13:26:57.218 samba_dlz: msg: No such Base DN:
> DC=*,DC=<domain>.corp,CN=MicrosoftDNS,DC=DomainDnsZones,DC=<domain>,DC=corp
> 31-Oct-2018 13:26:57.482 samba_dlz: ldb: ldb_trace_request: SEARCH
> 31-Oct-2018 13:26:57.482 samba_dlz:  dn:
> DC=*,DC=<domain>.corp,CN=MicrosoftDNS,DC=ForestDnsZones,DC=<domain>,DC=corp
> 31-Oct-2018 13:26:57.482 samba_dlz:  scope: base 31-Oct-2018
> 13:26:57.482 samba_dlz:  expr:
> (&(objectClass=dnsNode)(!(dNSTombstoned=TRUE))) 31-Oct-2018
> 13:26:57.482 samba_dlz:  attr: dnsRecord 31-Oct-2018 13:26:57.482
> samba_dlz:  attr: dNSTombstoned 31-Oct-2018 13:26:57.482 samba_dlz:
> control: <NONE> 31-Oct-2018 13:26:57.485 samba_dlz: 31-Oct-2018
> 13:26:57.485 samba_dlz: ldb: ldb_asprintf/set_errstring: No such Base
> DN:
> DC=*,DC=<domain>.corp,CN=MicrosoftDNS,DC=ForestDnsZones,DC=<domain>,DC=corp
> 31-Oct-2018 13:26:57.485 samba_dlz: ldb: ldb_trace_response: DONE
> 31-Oct-2018 13:26:57.485 samba_dlz: error: 32 31-Oct-2018
> 13:26:57.486 samba_dlz: msg: No such Base DN:
> DC=*,DC=<domain>.corp,CN=MicrosoftDNS,DC=ForestDnsZones,DC=<domain>,DC=corp
> 31-Oct-2018 13:26:57.486 samba_dlz: 31-Oct-2018 13:26:57.488
> samba_dlz: 31-Oct-2018 13:26:57.488 samba_dlz: ldb:
> ldb_asprintf/set_errstring: No such Base DN:
> DC=<domain>.corp,CN=MicrosoftDNS,DC=ForestDnsZones,DC=<domain>,DC=corp
> 31-Oct-2018 13:26:57.488 samba_dlz: ldb: ldb_trace_response: DONE
> 31-Oct-2018 13:26:57.488 samba_dlz: error: 32 31-Oct-2018
> 13:26:57.488 samba_dlz: msg: No such Base DN:
> DC=<domain>.corp,CN=MicrosoftDNS,DC=ForestDnsZones,DC=<domain>,DC=corp
> 31-Oct-2018 13:26:57.488 samba_dlz: 31-Oct-2018 13:26:57.494
> samba_dlz: 31-Oct-2018 13:26:57.494 zone <domain>.corp/NONE: loaded;
> checking validity 31-Oct-2018 13:26:57.494 zone <domain>.corp/NONE:
> has 0 SOA records 31-Oct-2018 13:26:57.494 zone <domain>.corp/NONE:
> has no NS records 31-Oct-2018 13:26:57.494 samba_dlz: 

Where are the SOA & NS records for your domain ?
Are they actually there, but Bind isn't finding them ?

If the records are not there, I would run samba_upgradedns and uograde
to the internal dns server, then run it again and upgrade to bind9,
this should recreate all the dns records.

Rowland