[Samba] Internal DNS migrate to Bind9_DLZ

Wed Jan 16 12:13:52 UTC 2019

Hello Roland/Louis & All,

All the best for the new year.

Sorry to bring this up again.
I finally managed to give some more attention to this issue of mine.

I've set up a new test domain server, and I managed to seamless migrate
from SAMBA_INTERNAL to BIND9_DLZ and the other way again.
With a little help of new software we purchased, I exported all data from
production and imported the data on the new test domain, before the import
I changed the test system back to SAMBA_INTENRAL.
As soon as the imported completed I tried to migrate back to BIND9_DLZ and
got the same errors as I'm getting in production.

....
16-Jan-2019 14:13:22.279 generating session key for dynamic DNS
16-Jan-2019 14:13:22.279 sizing zone task pool based on 3 zones
16-Jan-2019 14:13:22.280 Loading 'AD DNS Zone' using driver dlopen
16-Jan-2019 14:13:22.472 samba_dlz: started for DN
DC=samdom,DC=example,DC=com
16-Jan-2019 14:13:22.472 samba_dlz: starting configure
16-Jan-2019 14:13:22.474 samba_dlz: configured writeable zone '
samdom.example.com'
16-Jan-2019 14:13:22.475 dns_rdata_fromtext: buffer-0x7f944d595da0:1: near
eof: unexpected end of input
16-Jan-2019 14:13:22.475 Failed to put rr
16-Jan-2019 14:13:22.476 zone _msdcs.samdom.example.com/NONE: has 0 SOA
records
16-Jan-2019 14:13:22.476 zone _msdcs.samdom.example.com/NONE: has no NS
records
16-Jan-2019 14:13:22.476 samba_dlz: Failed to configure zone '_
msdcs.samdom.example.com'
16-Jan-2019 14:13:22.476 loading configuration: bad zone
16-Jan-2019 14:13:22.476 exiting (due to fatal error)
16-Jan-2019 14:13:22.476 samba_dlz: shutting down
....

Could this be that my current data in production is corrupt somewhere?
We have been running sernet-samba pacakges from version 4 until
4.9.4-SerNet-RedHat-11.el7

Is there anything specific I can check in the DB?

Kind Regards

On Thu, Nov 1, 2018 at 5:26 PM L.P.H. van Belle via samba <
samba at lists.samba.org> wrote:

> Hai,
>
> > >
> > > have rejoined all my DC's with new names, see below.
> > >;; ANSWER SECTION:
> > ><domain>.corp.    3600    IN    NS    psad101zatcrh.<domain>.corp. ->
> New
> > >rebuild, new hostname, RHEL6 to RHEL7 upgrade
> ....
> > >
> > > Led me to believe this is your problem. However, you say it works on
> > > one DC, but not with multiple DC's.
> .....
> That one DC that works, im betting, that is the only one that has its
> original hostname.
> Can you verify that?
>
> > >
> > > You have mentioned that you demoted DC's, removed all data for the
> > > deleted DC from AD and then rejoined it again with a newer
> > version of
> > > Samba using the same DC name etc.
> > >
> > > I wonder if this could be your problem ?
>
> Im betting this the source of your problem.
>
> This exactly why i dont support 2 things on a AD DC server.
> 1) changing its hostname
> 2) changing its domainname
> Its always troubles, its so easy to forget 1 small thing and that ends up
> in a big problem.
> ( story of my life )
>
> And IP change, hmm, not my favorit but possible with much less problems.
>
> I suggest, remove 1 server completely from the domain .
> Re-install the server, a clean setup or go check you hostname changes in
> /etc/ /var
> But i would go for a clean install.
>
> Check/Do the folling.
> - Remove all the DNS objects ( A / PTR  and any other record or CNAME of
> that server )
> - Remove all the AD objects that are linked with this server.
>
> ( if no clean install )
> - clear the files out of folder /var/cache/samba /var/lib/samba from any
> files
>
> Reboot the server, and check all you logs for errors, solved them before
> you join the domain.
>
> Now join the domain again.
> Transfer all FSMO roles to this server.
>
> Repeat for next server, but leave the FSMO roles where they are now.
> Now check if you problem still exists.
>
> This ^^^^^ is what i personaly would do.
>
> Greetz,
>
> Louis
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

-- 
Eben Victor
Cell:  +27 82 759 5266
Email: eben.victor at gmail.com