[Samba] Internal DNS migrate to Bind9_DLZ

Eben Victor eben.victor at gmail.com
Wed Oct 31 16:36:52 UTC 2018 

Hello Rowland,

I have already checked and the DN's are in AD, see attached.

SOA:
<domain>.corp.    3600    IN    SOA    psad102zadprh.<domain>.corp. . 9766
3600 600 86400 3600

See below NS, but the 1st NS (zatprdc001) doesn't exsit, and I cannot find
it anywhere.
NS:
<domain>.corp.    3600    IN    NS    zatprdc001.<domain>.corp.
<domain>.corp.    3600    IN    NS    psad102zadprh.<domain>.corp.
<domain>.corp.    3600    IN    NS    prdc001zacprh.<domain>.corp.
<domain>.corp.    3600    IN    NS    prdc001zafsrh.<domain>.corp.
<domain>.corp.    3600    IN    NS    prdc001zatcrh.<domain>.corp.
<domain>.corp.    3600    IN    NS    prdc002zacprh.<domain>.corp.
<domain>.corp.    3600    IN    NS    prdc003zacprh.<domain>.corp.
<domain>.corp.    3600    IN    NS    psad101zatcrh.<domain>.corp.

We did rebuild all our DC's to RHEL7.
We demoted on the DC being rebuild, then removed any and all records we
could find in AD/DNS. Rebuild the new server and rejoined.

Kind Regards

On Wed, Oct 31, 2018 at 5:10 PM Rowland Penny via samba <
samba at lists.samba.org> wrote:

> On Wed, 31 Oct 2018 14:52:28 +0100
> L.P.H. van Belle <belle at bazuin.nl> wrote:
>
> > Hai,
> >
> > I've checked out the log you send and i re-read the complete thread.
> >
> > Based on thats done and what i did see in you logs now, looks like a
> > * (wildcard)  entry is giving the problem. But i am not sure of that,
> > the wildcard bugs should be fixed, when i look in bugzilla.  (#10435
> > #12952 ) I've forwarded the mail to Rowland also before we go throw
> > things at you again. ;-) I've snaped the parts i think where the
> > interesting parts in this mail, but maybe Rowland notices more.
> > Last, have you tried with the bind config at port 53  in stead of
> > 5353. Please note, RedHat is not my cookie so any Centos/Red Hat
> > people here, comments are usefull.. last remove this part from you
> > named.conf
> >
> > # Root Servers
> > # (Required for recursive DNS queries)
> > zone "." {
> > type hint;
> > file "named.root";
> > };
> >
> > # localhost zone
> > zone "localhost" {
> > type master;
> > file "master/localhost.zone";
> > };
> >
> > # 127.0.0. zone.
> > zone "0.0.127.in-addr.arpa" {
> > type master;
> > file "master/0.0.127.zone";
> > };
> >
> > These zones are also in
> > DC=RootDNSServers,CN=MicrosoftDNS,DC=DomainDnsZones,DC=<domain>,DC=corp
>
> They may be, but they are not Samba dns zones and are not causing the
> problem, as proof I have them in my setup without problem.
>
> >
> > The log parts.
> >
> > 31-Oct-2018 13:26:56.585 processing statistics channel 127.0.0.1#8653
> > 31-Oct-2018 13:26:56.585 statistics channel listening on
> > 127.0.0.1#8653 31-Oct-2018 13:26:56.585 using default UDP/IPv4 port
> > range: [1024, 65535] 31-Oct-2018 13:26:56.585 using default UDP/IPv6
> > port range: [1024, 65535] 31-Oct-2018 13:26:56.589 no IPv6 interfaces
> > found 31-Oct-2018 13:26:56.589 listening on IPv4 interface lo,
> > 127.0.0.1#5353 31-Oct-2018 13:26:56.590 clientmgr @0x7f4bcc691010:
> > create ..
> > 31-Oct-2018 13:26:56.607 listening on IPv4 interface ens192, <IP>#5353
> > ..
> > 31-Oct-2018 13:26:56.617 generating session key for dynamic DNS
> > 31-Oct-2018 13:26:56.618 sizing zone task pool based on 3 zones
> > 31-Oct-2018 13:26:56.619 decrement_reference: delete from rbt:
> > 0x7f4bcc6acc70 . 31-Oct-2018 13:26:56.620 Loading 'AD DNS Zone' using
> > driver dlopen 31-Oct-2018 13:26:56.620 Loading SDLZ driver.
> > --
> > 31-Oct-2018 13:26:56.754 samba_dlz: dn: @ROOTDSE
> > 31-Oct-2018 13:26:56.754 samba_dlz: configurationNamingContext:
> > CN=Configuration,DC=<domain>,DC=corp 31-Oct-2018 13:26:56.754
> > samba_dlz: defaultNamingContext: DC=<domain>,DC=corp 31-Oct-2018
> > 13:26:56.754 samba_dlz: schemaNamingContext:
> > CN=Schema,CN=Configuration,DC=<domain>,DC=corp and then it starts the
> > fail.
> >
> > 31-Oct-2018 13:26:56.758 samba_dlz:
> > 31-Oct-2018 13:26:56.758 samba_dlz: ldb: ldb_asprintf/set_errstring:
> > No such Base DN: CN=Directory Service,CN=Windows
> > NT,CN=Services,CN=Configuration,DC=<domain>,DC=corp
>
> Have you checked if the supposedly missing DN's are actually not there
> in AD ?
>
>
> > 31-Oct-2018
> > 13:26:56.758 samba_dlz: ldb: ldb_trace_response: DONE 31-Oct-2018
> > 13:26:56.758 samba_dlz: error: 32 31-Oct-2018 13:26:56.758 samba_dlz:
> > msg: No such Base DN: CN=Directory Service,CN=Windows
> > NT,CN=Services,CN=Configuration,DC=<domain>,DC=corp 31-Oct-2018
> > 13:26:56.758 samba_dlz: 31-Oct-2018 13:26:56.763 samba_dlz: dn:
> > @PARTITION 31-Oct-2018 13:26:56.763 samba_dlz: replicateEntries:
> > @ATTRIBUTES 31-Oct-2018 13:26:56.763 samba_dlz: replicateEntries:
> > @INDEXLIST 31-Oct-2018 13:26:56.763 samba_dlz: replicateEntries:
> > @OPTIONS 31-Oct-2018 13:26:56.763 samba_dlz: partition:
> > CN=SCHEMA,CN=CONFIGURATION,DC=<domain>,DC=CORP:sam.ldb.d/CN=SCHE
> > 31-Oct-2018 13:26:56.763 samba_dlz:
> > MA,CN=CONFIGURATION,DC=<domain>,DC=CORP.ldb 31-Oct-2018 13:26:56.763
> > samba_dlz: partition:
> > CN=CONFIGURATION,DC=<domain>,DC=CORP:sam.ldb.d/CN=CONFIGURATION,
> > 31-Oct-2018 13:26:56.764 samba_dlz:  DC=<domain>,DC=CORP.ldb
> > 31-Oct-2018 13:26:56.764 samba_dlz: partition:
> > DC=<domain>,DC=CORP:sam.ldb.d/DC=<domain>,DC=CORP.ldb 31-Oct-2018
> > 13:26:56.764 samba_dlz: partition:
> > DC=DOMAINDNSZONES,DC=<domain>,DC=CORP:sam.ldb.d/DC=DOMAINDNSZONE
> > 31-Oct-2018 13:26:56.764 samba_dlz:  S,DC=<domain>,DC=CORP.ldb
> > 31-Oct-2018 13:26:56.764 samba_dlz: partition:
> > DC=FORESTDNSZONES,DC=<domain>,DC=CORP:sam.ldb.d/DC=FORESTDNSZONE
> > 31-Oct-2018 13:26:56.764 samba_dlz:  S,DC=<domain>,DC=CORP.ldb
> > 31-Oct-2018 13:26:56.777 samba_dlz: Initial schema load needed, as we
> > have no existing schema, seq_num: 1 31-Oct-2018 13:26:56.921
> > samba_dlz: schema_fsmo_init: we are master[no] updates allowed[no]
> > 31-Oct-2018 13:26:56.776 samba_dlz: ldb: ldb_trace_response: ENTRY
> > 31-Oct-2018 13:26:56.776 samba_dlz: dn: DC=<domain>,DC=corp
> > 31-Oct-2018 13:26:56.776 samba_dlz: objectSid:
> > S-1-5-21-123456789-115225906-12345679   ( i've changed this SID for
> > you. ) 31-Oct-2018 13:26:56.776 samba_dlz: 31-Oct-2018 13:26:56.921
> > samba_dlz: schema_fsmo_init: we are master[no] updates allowed[no]
> >
> > 31-Oct-2018 13:26:57.154 samba_dlz: ldb: ldb_trace_response: ENTRY
> > 31-Oct-2018 13:26:57.154 samba_dlz: dn: CN=NTDS
> >
> Settings,CN=XXX002AAAAA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=<domain>,DC=corp
> > 31-Oct-2018 13:26:57.154 samba_dlz: msDS-Behavior-Version: 4
> > 31-Oct-2018 13:26:57.158 samba_dlz: started for DN DC=<domain>,DC=corp
> > 31-Oct-2018 13:26:57.158 SDLZ driver loaded successfully.
> > 31-Oct-2018 13:26:57.158 DLZ driver loaded successfully.
> > 31-Oct-2018 13:26:57.158 samba_dlz: starting configure
> >
> > 31-Oct-2018 13:26:57.218 samba_dlz: ldb: ldb_asprintf/set_errstring:
> > No such Base DN:
> >
> DC=*,DC=<domain>.corp,CN=MicrosoftDNS,DC=DomainDnsZones,DC=<domain>,DC=corp
> > 31-Oct-2018 13:26:57.218 samba_dlz: ldb: ldb_trace_response: DONE
> > 31-Oct-2018 13:26:57.218 samba_dlz: error: 32 31-Oct-2018
> > 13:26:57.218 samba_dlz: msg: No such Base DN:
> >
> DC=*,DC=<domain>.corp,CN=MicrosoftDNS,DC=DomainDnsZones,DC=<domain>,DC=corp
> > 31-Oct-2018 13:26:57.482 samba_dlz: ldb: ldb_trace_request: SEARCH
> > 31-Oct-2018 13:26:57.482 samba_dlz:  dn:
> >
> DC=*,DC=<domain>.corp,CN=MicrosoftDNS,DC=ForestDnsZones,DC=<domain>,DC=corp
> > 31-Oct-2018 13:26:57.482 samba_dlz:  scope: base 31-Oct-2018
> > 13:26:57.482 samba_dlz:  expr:
> > (&(objectClass=dnsNode)(!(dNSTombstoned=TRUE))) 31-Oct-2018
> > 13:26:57.482 samba_dlz:  attr: dnsRecord 31-Oct-2018 13:26:57.482
> > samba_dlz:  attr: dNSTombstoned 31-Oct-2018 13:26:57.482 samba_dlz:
> > control: <NONE> 31-Oct-2018 13:26:57.485 samba_dlz: 31-Oct-2018
> > 13:26:57.485 samba_dlz: ldb: ldb_asprintf/set_errstring: No such Base
> > DN:
> >
> DC=*,DC=<domain>.corp,CN=MicrosoftDNS,DC=ForestDnsZones,DC=<domain>,DC=corp
> > 31-Oct-2018 13:26:57.485 samba_dlz: ldb: ldb_trace_response: DONE
> > 31-Oct-2018 13:26:57.485 samba_dlz: error: 32 31-Oct-2018
> > 13:26:57.486 samba_dlz: msg: No such Base DN:
> >
> DC=*,DC=<domain>.corp,CN=MicrosoftDNS,DC=ForestDnsZones,DC=<domain>,DC=corp
> > 31-Oct-2018 13:26:57.486 samba_dlz: 31-Oct-2018 13:26:57.488
> > samba_dlz: 31-Oct-2018 13:26:57.488 samba_dlz: ldb:
> > ldb_asprintf/set_errstring: No such Base DN:
> > DC=<domain>.corp,CN=MicrosoftDNS,DC=ForestDnsZones,DC=<domain>,DC=corp
> > 31-Oct-2018 13:26:57.488 samba_dlz: ldb: ldb_trace_response: DONE
> > 31-Oct-2018 13:26:57.488 samba_dlz: error: 32 31-Oct-2018
> > 13:26:57.488 samba_dlz: msg: No such Base DN:
> > DC=<domain>.corp,CN=MicrosoftDNS,DC=ForestDnsZones,DC=<domain>,DC=corp
> > 31-Oct-2018 13:26:57.488 samba_dlz: 31-Oct-2018 13:26:57.494
> > samba_dlz: 31-Oct-2018 13:26:57.494 zone <domain>.corp/NONE: loaded;
> > checking validity 31-Oct-2018 13:26:57.494 zone <domain>.corp/NONE:
> > has 0 SOA records 31-Oct-2018 13:26:57.494 zone <domain>.corp/NONE:
> > has no NS records 31-Oct-2018 13:26:57.494 samba_dlz:
>
> Where are the SOA & NS records for your domain ?
> Are they actually there, but Bind isn't finding them ?
>
> If the records are not there, I would run samba_upgradedns and uograde
> to the internal dns server, then run it again and upgrade to bind9,
> this should recreate all the dns records.
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


-- 
Eben Victor
Cell:  +27 82 759 5266
Email: eben.victor at gmail.com
-------------- next part --------------
[root at prdc002zacprh samba]# ldbsearch -H private/sam.ldb -b 'CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=<domain>,DC=corp'
# record 1
dn: CN=Recycle Bin Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=<domain>,DC=corp
objectClass: top
objectClass: msDS-OptionalFeature
cn: Recycle Bin Feature
instanceType: 4
whenCreated: 20150416065542.0Z
whenChanged: 20150416065542.0Z
uSNCreated: 1725
uSNChanged: 1725
showInAdvancedViewOnly: TRUE
name: Recycle Bin Feature
objectGUID: 9b4c6178-9b71-4c4e-95ad-6eea6791ad1c
systemFlags: -1946157056
objectCategory: CN=ms-DS-Optional-Feature,CN=Schema,CN=Configuration,DC=vodade
 alers,DC=corp
msDS-OptionalFeatureGUID: 766ddcd8-acd0-445e-f3b9-a7f9b6744f2a
msDS-OptionalFeatureFlags: 1
msDS-RequiredForestBehaviorVersion: 4
distinguishedName: CN=Recycle Bin Feature,CN=Optional Features,CN=Directory Se
 rvice,CN=Windows NT,CN=Services,CN=Configuration,DC=<domain>,DC=corp

# record 2
dn: CN=Query-Policies,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=<domain>,DC=corp
objectClass: top
objectClass: container
cn: Query-Policies
instanceType: 4
whenCreated: 20150416065542.0Z
whenChanged: 20150416065542.0Z
uSNCreated: 1726
uSNChanged: 1726
showInAdvancedViewOnly: TRUE
name: Query-Policies
objectGUID: 6ebd7b46-bc38-4c30-8e1b-58d3fdd2f50f
objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=<domain>,DC=corp
distinguishedName: CN=Query-Policies,CN=Directory Service,CN=Windows NT,CN=Ser
 vices,CN=Configuration,DC=<domain>,DC=corp

# record 3
dn: CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=<domain>,DC=corp
objectClass: top
objectClass: container
cn: Optional Features
instanceType: 4
whenCreated: 20150416065542.0Z
whenChanged: 20150416065542.0Z
uSNCreated: 1724
uSNChanged: 1724
showInAdvancedViewOnly: TRUE
name: Optional Features
objectGUID: e921bbd1-9623-467e-b989-e25381e259ec
objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=<domain>,DC=corp
distinguishedName: CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=
 Services,CN=Configuration,DC=<domain>,DC=corp

# record 4
dn: CN=Default Query Policy,CN=Query-Policies,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=<domain>,DC=corp
objectClass: top
objectClass: queryPolicy
cn: Default Query Policy
instanceType: 4
whenCreated: 20150416065542.0Z
whenChanged: 20150416065542.0Z
uSNCreated: 1727
uSNChanged: 1727
showInAdvancedViewOnly: TRUE
name: Default Query Policy
objectGUID: 3ca2ee22-1ab8-4257-9098-88a3dc35ab90
objectCategory: CN=Query-Policy,CN=Schema,CN=Configuration,DC=<domain>,DC=c
 orp
lDAPAdminLimits: MaxValRange=1500
lDAPAdminLimits: MaxReceiveBuffer=10485760
lDAPAdminLimits: MaxDatagramRecv=4096
lDAPAdminLimits: MaxPoolThreads=4
lDAPAdminLimits: MaxResultSetSize=262144
lDAPAdminLimits: MaxTempTableSize=10000
lDAPAdminLimits: MaxQueryDuration=120
lDAPAdminLimits: MaxPageSize=1000
lDAPAdminLimits: MaxNotificationPerConn=5
lDAPAdminLimits: MaxActiveQueries=20
lDAPAdminLimits: MaxConnIdleTime=900
lDAPAdminLimits: InitRecvTimeout=120
lDAPAdminLimits: MaxConnections=5000
distinguishedName: CN=Default Query Policy,CN=Query-Policies,CN=Directory Serv
 ice,CN=Windows NT,CN=Services,CN=Configuration,DC=<domain>,DC=corp

# record 5
dn: CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=<domain>,DC=corp
objectClass: top
objectClass: nTDSService
cn: Directory Service
instanceType: 4
whenCreated: 20150416065542.0Z
whenChanged: 20150416065542.0Z
uSNCreated: 1723
tombstoneLifetime: 180
uSNChanged: 1723
showInAdvancedViewOnly: TRUE
name: Directory Service
objectGUID: 638831d2-9190-40ee-b566-248ad6f781fd
objectCategory: CN=NTDS-Service,CN=Schema,CN=Configuration,DC=<domain>,DC=c
 orp
sPNMappings: host=alerter,appmgmt,cisvc,clipsrv,browser,dhcp,dnscache,replicat
 or,eventlog,eventsystem,policyagent,oakley,dmserver,dns,mcsvc,fax,msiserver,i
 as,messenger,netlogon,netman,netdde,netddedsm,nmagent,plugplay,protectedstora
 ge,rasman,rpclocator,rpc,rpcss,remoteaccess,rsvp,samss,scardsvr,scesrv,seclog
 on,scm,dcom,cifs,spooler,snmp,schedule,tapisrv,trksvr,trkwks,ups,time,wins,ww
 w,http,w3svc,iisadmin,msdtc
msDS-Other-Settings: DisableVLVSupport=0
msDS-Other-Settings: DynamicObjectMinTTL=900
msDS-Other-Settings: DynamicObjectDefaultTTL=86400
distinguishedName: CN=Directory Service,CN=Windows NT,CN=Services,CN=Configura
 tion,DC=<domain>,DC=corp

# returned 5 records
# 5 entries
# 0 referrals

More information about the samba mailing list