[Samba] Internal DNS migrate to Bind9_DLZ

Denis Cardon dcardon at tranquil.it
Wed Jan 16 13:43:51 UTC 2019


Hi Eben,
>
> Sorry to bring this up again.
> I finally managed to give some more attention to this issue of mine.
>
> I've set up a new test domain server, and I managed to seamless migrate
> from SAMBA_INTERNAL to BIND9_DLZ and the other way again.
> With a little help of new software we purchased, I exported all data from
> production and imported the data on the new test domain, before the import
> I changed the test system back to SAMBA_INTENRAL.

I am curious, what is the software you are talking about?

> As soon as the imported completed I tried to migrate back to BIND9_DLZ and
> got the same errors as I'm getting in production.
>
> ....
> 16-Jan-2019 14:13:22.279 generating session key for dynamic DNS
> 16-Jan-2019 14:13:22.279 sizing zone task pool based on 3 zones
> 16-Jan-2019 14:13:22.280 Loading 'AD DNS Zone' using driver dlopen
> 16-Jan-2019 14:13:22.472 samba_dlz: started for DN
> DC=samdom,DC=example,DC=com
> 16-Jan-2019 14:13:22.472 samba_dlz: starting configure
> 16-Jan-2019 14:13:22.474 samba_dlz: configured writeable zone '
> samdom.example.com'
> 16-Jan-2019 14:13:22.475 dns_rdata_fromtext: buffer-0x7f944d595da0:1: near
> eof: unexpected end of input
> 16-Jan-2019 14:13:22.475 Failed to put rr
> 16-Jan-2019 14:13:22.476 zone _msdcs.samdom.example.com/NONE: has 0 SOA
> records
> 16-Jan-2019 14:13:22.476 zone _msdcs.samdom.example.com/NONE: has no NS
> records
> 16-Jan-2019 14:13:22.476 samba_dlz: Failed to configure zone '_
> msdcs.samdom.example.com'
> 16-Jan-2019 14:13:22.476 loading configuration: bad zone
> 16-Jan-2019 14:13:22.476 exiting (due to fatal error)
> 16-Jan-2019 14:13:22.476 samba_dlz: shutting down
> ....
>
> Could this be that my current data in production is corrupt somewhere?
> We have been running sernet-samba pacakges from version 4 until
> 4.9.4-SerNet-RedHat-11.el7
>
> Is there anything specific I can check in the DB?

like it is written in the logs here above, you are missing the NS and 
SOA field in your DNS partition. Internal DNS doesn't care about it but 
Bind-DLZ is less forgiving. You could try something like below (adapt 
accordingly):

samba-tool dns add srvads testdca.lan @ SOA "srvads.testdca.lan 
hostmaster.testdca.lan. 2 900 600 86400 3600" -P
samba-tool dns add srvads testdca.lan @ NS srvads.testdca.lan -P

For the SOA record, the syntax of the text string is : nameserver, 
email, serial, refresh, retry, expire, minimumttl

Cheers,

Denis


>
> Kind Regards
>
> On Thu, Nov 1, 2018 at 5:26 PM L.P.H. van Belle via samba <
> samba at lists.samba.org> wrote:
>
>> Hai,
>>
>>>>
>>>> have rejoined all my DC's with new names, see below.
>>>> ;; ANSWER SECTION:
>>>> <domain>.corp.    3600    IN    NS    psad101zatcrh.<domain>.corp. ->
>> New
>>>> rebuild, new hostname, RHEL6 to RHEL7 upgrade
>> ....
>>>>
>>>> Led me to believe this is your problem. However, you say it works on
>>>> one DC, but not with multiple DC's.
>> .....
>> That one DC that works, im betting, that is the only one that has its
>> original hostname.
>> Can you verify that?
>>
>>>>
>>>> You have mentioned that you demoted DC's, removed all data for the
>>>> deleted DC from AD and then rejoined it again with a newer
>>> version of
>>>> Samba using the same DC name etc.
>>>>
>>>> I wonder if this could be your problem ?
>>
>> Im betting this the source of your problem.
>>
>> This exactly why i dont support 2 things on a AD DC server.
>> 1) changing its hostname
>> 2) changing its domainname
>> Its always troubles, its so easy to forget 1 small thing and that ends up
>> in a big problem.
>> ( story of my life )
>>
>> And IP change, hmm, not my favorit but possible with much less problems.
>>
>> I suggest, remove 1 server completely from the domain .
>> Re-install the server, a clean setup or go check you hostname changes in
>> /etc/ /var
>> But i would go for a clean install.
>>
>> Check/Do the folling.
>> - Remove all the DNS objects ( A / PTR  and any other record or CNAME of
>> that server )
>> - Remove all the AD objects that are linked with this server.
>>
>> ( if no clean install )
>> - clear the files out of folder /var/cache/samba /var/lib/samba from any
>> files
>>
>> Reboot the server, and check all you logs for errors, solved them before
>> you join the domain.
>>
>> Now join the domain again.
>> Transfer all FSMO roles to this server.
>>
>> Repeat for next server, but leave the FSMO roles where they are now.
>> Now check if you problem still exists.
>>
>> This ^^^^^ is what i personaly would do.
>>
>> Greetz,
>>
>> Louis
>>
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>
>

-- 
Denis Cardon
Tranquil IT Systems
Les Espaces Jules Verne, bâtiment A
12 avenue Jules Verne
44230 Saint SĂ©bastien sur Loire
tel : +33 (0) 2.40.97.57.55
http://www.tranquil.it

Samba install wiki for Frenchies : https://dev.tranquil.it
WAPT, software deployment made easy : https://wapt.fr



More information about the samba mailing list