[Samba] DLZ Backend DNS Hosed
Matthew Delfino
mdelfino.list.samba at knockinc.com
Wed Jun 19 05:20:26 UTC 2019
I bought myself some time by recovering from backups. But now I'm back to the beginning of my problem: My DNS Updates are failing.
> # tail -f /var/log/syslog
> Jun 19 00:03:54 hyperion samba: task[dnsupdate][1408]: /usr/sbin/samba_dnsupdate: File "/usr/sbin/samba_dnsupdate", line 324, in check_dns_name
> Jun 19 00:03:54 hyperion samba: task[dnsupdate][1408]: [2019/06/19 00:03:54.111392, 0] ../../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
> Jun 19 00:03:54 hyperion samba: task[dnsupdate][1408]: /usr/sbin/samba_dnsupdate: raise Exception("Unable to contact a working DNS server while looking for %s as %s" % (d, normalised_name))
> Jun 19 00:03:54 hyperion samba: task[dnsupdate][1408]: [2019/06/19 00:03:54.111459, 0] ../../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
> Jun 19 00:03:54 hyperion samba: task[dnsupdate][1408]: /usr/sbin/samba_dnsupdate: Exception: Unable to contact a working DNS server while looking for NS samdom.mydomain.net hyperion.samdom.mydomain.net as samdom.mydomain.net.
> Jun 19 00:03:54 hyperion samba: task[dnsupdate][1408]: [2019/06/19 00:03:54.174939, 0] ../../source4/dsdb/dns/dns_update.c:331(dnsupdate_nameupdate_done)
> Jun 19 00:03:54 hyperion samba: task[dnsupdate][1408]: dnsupdate_nameupdate_done: Failed DNS update with exit code 1
> Jun 19 00:09:16 hyperion systemd[1]: Starting Cleanup of Temporary Directories...
> Jun 19 00:09:16 hyperion systemd-tmpfiles[3341]: [/usr/lib/tmpfiles.d/var.conf:14] Duplicate line for path "/var/log", ignoring.
> Jun 19 00:09:17 hyperion systemd[1]: Started Cleanup of Temporary Directories.
> Jun 19 00:13:54 hyperion samba: task[dnsupdate][1408]: [2019/06/19 00:13:54.224346, 0] ../../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
> Jun 19 00:13:54 hyperion samba: task[dnsupdate][1408]: /usr/sbin/samba_dnsupdate: Traceback (most recent call last):
> Jun 19 00:13:54 hyperion samba: task[dnsupdate][1408]: [2019/06/19 00:13:54.224592, 0] ../../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
> Jun 19 00:13:54 hyperion samba: task[dnsupdate][1408]: /usr/sbin/samba_dnsupdate: File "/usr/sbin/samba_dnsupdate", line 320, in check_dns_name
> Jun 19 00:13:54 hyperion samba: task[dnsupdate][1408]: [2019/06/19 00:13:54.224686, 0] ../../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
> Jun 19 00:13:54 hyperion samba: task[dnsupdate][1408]: /usr/sbin/samba_dnsupdate: ans = check_one_dns_name(normalised_name, d.type, d)
> Jun 19 00:13:54 hyperion samba: task[dnsupdate][1408]: [2019/06/19 00:13:54.226397, 0] ../../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
> Jun 19 00:13:54 hyperion samba: task[dnsupdate][1408]: /usr/sbin/samba_dnsupdate: File "/usr/sbin/samba_dnsupdate", line 296, in check_one_dns_name
> Jun 19 00:13:54 hyperion samba: task[dnsupdate][1408]: [2019/06/19 00:13:54.226465, 0] ../../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
> Jun 19 00:13:54 hyperion samba: task[dnsupdate][1408]: /usr/sbin/samba_dnsupdate: ans = resolver.query(name, name_type)
> Jun 19 00:13:54 hyperion samba: task[dnsupdate][1408]: [2019/06/19 00:13:54.226528, 0] ../../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
> Jun 19 00:13:54 hyperion samba: task[dnsupdate][1408]: /usr/sbin/samba_dnsupdate: File "/usr/lib/python3/dist-packages/dns/resolver.py", line 821, in query
> Jun 19 00:13:54 hyperion samba: task[dnsupdate][1408]: [2019/06/19 00:13:54.226592, 0] ../../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
> Jun 19 00:13:54 hyperion samba: task[dnsupdate][1408]: /usr/sbin/samba_dnsupdate: raise NoNameservers
> Jun 19 00:13:54 hyperion samba: task[dnsupdate][1408]: [2019/06/19 00:13:54.226654, 0] ../../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
> Jun 19 00:13:54 hyperion samba: task[dnsupdate][1408]: /usr/sbin/samba_dnsupdate: dns.resolver.NoNameservers
> Jun 19 00:13:54 hyperion samba: task[dnsupdate][1408]: [2019/06/19 00:13:54.226733, 0] ../../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
> Jun 19 00:13:54 hyperion samba: task[dnsupdate][1408]: /usr/sbin/samba_dnsupdate:
> Jun 19 00:13:54 hyperion samba: task[dnsupdate][1408]: [2019/06/19 00:13:54.226916, 0] ../../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
> Jun 19 00:13:54 hyperion samba: task[dnsupdate][1408]: /usr/sbin/samba_dnsupdate: During handling of the above exception, another exception occurred:
> Jun 19 00:13:54 hyperion samba: task[dnsupdate][1408]: [2019/06/19 00:13:54.226996, 0] ../../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
> Jun 19 00:13:54 hyperion samba: task[dnsupdate][1408]: /usr/sbin/samba_dnsupdate:
> Jun 19 00:13:54 hyperion samba: task[dnsupdate][1408]: [2019/06/19 00:13:54.227077, 0] ../../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
> Jun 19 00:13:54 hyperion samba: task[dnsupdate][1408]: /usr/sbin/samba_dnsupdate: Traceback (most recent call last):
> Jun 19 00:13:54 hyperion samba: task[dnsupdate][1408]: [2019/06/19 00:13:54.227142, 0] ../../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
> Jun 19 00:13:54 hyperion samba: task[dnsupdate][1408]: /usr/sbin/samba_dnsupdate: File "/usr/sbin/samba_dnsupdate", line 851, in <module>
> Jun 19 00:13:54 hyperion samba: task[dnsupdate][1408]: [2019/06/19 00:13:54.227205, 0] ../../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
> Jun 19 00:13:54 hyperion samba: task[dnsupdate][1408]: /usr/sbin/samba_dnsupdate: elif not check_dns_name(d):
> Jun 19 00:13:54 hyperion samba: task[dnsupdate][1408]: [2019/06/19 00:13:54.227267, 0] ../../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
> Jun 19 00:13:54 hyperion samba: task[dnsupdate][1408]: /usr/sbin/samba_dnsupdate: File "/usr/sbin/samba_dnsupdate", line 324, in check_dns_name
> Jun 19 00:13:54 hyperion samba: task[dnsupdate][1408]: [2019/06/19 00:13:54.227328, 0] ../../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
> Jun 19 00:13:54 hyperion samba: task[dnsupdate][1408]: /usr/sbin/samba_dnsupdate: raise Exception("Unable to contact a working DNS server while looking for %s as %s" % (d, normalised_name))
> Jun 19 00:13:54 hyperion samba: task[dnsupdate][1408]: [2019/06/19 00:13:54.227392, 0] ../../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
> Jun 19 00:13:54 hyperion samba: task[dnsupdate][1408]: /usr/sbin/samba_dnsupdate: Exception: Unable to contact a working DNS server while looking for NS samdom.mydomain.net hyperion.samdom.mydomain.net as samdom.mydomain.net.
> Jun 19 00:13:54 hyperion samba: task[dnsupdate][1408]: [2019/06/19 00:13:54.299788, 0] ../../source4/dsdb/dns/dns_update.c:331(dnsupdate_nameupdate_done)
> Jun 19 00:13:54 hyperion samba: task[dnsupdate][1408]: dnsupdate_nameupdate_done: Failed DNS update with exit code 1
> # samba_dnsupdate --verbos --all-names
> IPs: ['192.168.123.202']
> force update: A hyperion.samdom.mydomain.net 192.168.123.202
> force update: NS samdom.mydomain.net hyperion.samdom.mydomain.net
> force update: NS _msdcs.samdom.mydomain.net hyperion.samdom.mydomain.net
> force update: A samdom.mydomain.net 192.168.123.202
> force update: SRV _ldap._tcp.samdom.mydomain.net hyperion.samdom.mydomain.net 389
> force update: SRV _ldap._tcp.dc._msdcs.samdom.mydomain.net hyperion.samdom.mydomain.net 389
> force update: SRV _ldap._tcp.02418c22-7df8-4ea3-aee8-ad1ce0c03cd8.domains._msdcs.samdom.mydomain.net hyperion.samdom.mydomain.net 389
> force update: SRV _kerberos._tcp.samdom.mydomain.net hyperion.samdom.mydomain.net 88
> force update: SRV _kerberos._udp.samdom.mydomain.net hyperion.samdom.mydomain.net 88
> force update: SRV _kerberos._tcp.dc._msdcs.samdom.mydomain.net hyperion.samdom.mydomain.net 88
> force update: SRV _kpasswd._tcp.samdom.mydomain.net hyperion.samdom.mydomain.net 464
> force update: SRV _kpasswd._udp.samdom.mydomain.net hyperion.samdom.mydomain.net 464
> force update: CNAME 6b121b6c-7bbe-48fb-8c71-915e1bb3920f._msdcs.samdom.mydomain.net hyperion.samdom.mydomain.net
> force update: SRV _ldap._tcp.Default-First-Site-Name._sites.samdom.mydomain.net hyperion.samdom.mydomain.net 389
> force update: SRV _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.samdom.mydomain.net hyperion.samdom.mydomain.net 389
> force update: SRV _kerberos._tcp.Default-First-Site-Name._sites.samdom.mydomain.net hyperion.samdom.mydomain.net 88
> force update: SRV _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.samdom.mydomain.net hyperion.samdom.mydomain.net 88
> force update: A gc._msdcs.samdom.mydomain.net 192.168.123.202
> force update: SRV _gc._tcp.samdom.mydomain.net hyperion.samdom.mydomain.net 3268
> force update: SRV _ldap._tcp.gc._msdcs.samdom.mydomain.net hyperion.samdom.mydomain.net 3268
> force update: SRV _gc._tcp.Default-First-Site-Name._sites.samdom.mydomain.net hyperion.samdom.mydomain.net 3268
> force update: SRV _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.samdom.mydomain.net hyperion.samdom.mydomain.net 3268
> force update: A DomainDnsZones.samdom.mydomain.net 192.168.123.202
> force update: SRV _ldap._tcp.DomainDnsZones.samdom.mydomain.net hyperion.samdom.mydomain.net 389
> force update: SRV _ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.samdom.mydomain.net hyperion.samdom.mydomain.net 389
> force update: A ForestDnsZones.samdom.mydomain.net 192.168.123.202
> force update: SRV _ldap._tcp.ForestDnsZones.samdom.mydomain.net hyperion.samdom.mydomain.net 389
> force update: SRV _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.samdom.mydomain.net hyperion.samdom.mydomain.net 389
> 28 DNS updates and 0 DNS deletes needed
> Traceback (most recent call last):
> File "/usr/sbin/samba_dnsupdate", line 886, in <module>
> creds = get_credentials(lp)
> File "/usr/sbin/samba_dnsupdate", line 204, in get_credentials
> get_krb5_rw_dns_server(creds, sub_vars['DNSDOMAIN'] + '.')
> File "/usr/sbin/samba_dnsupdate", line 161, in get_krb5_rw_dns_server
> rw_dns_servers = get_possible_rw_dns_server(creds, domain)
> File "/usr/sbin/samba_dnsupdate", line 136, in get_possible_rw_dns_server
> ans_soa = check_one_dns_name(domain, 'SOA')
> File "/usr/sbin/samba_dnsupdate", line 296, in check_one_dns_name
> ans = resolver.query(name, name_type)
> File "/usr/lib/python3/dist-packages/dns/resolver.py", line 821, in query
> raise NoNameservers
> dns.resolver.NoNameservers
So, while my backup got me to a place where DNS sort of works again, there's still some problem in there and I would really appreeciate some help from the experts on what might be causing this / how I can fix it.
Thanks,
Matthew
From: Matthew Delfino via samba <samba at lists.samba.org>
To: "samba at lists.samba.org" <samba at lists.samba.org>
Sent: 6/18/2019 10:00 PM
Subject: [Samba] DLZ Backend DNS Hosed
Hello,
I'm in trouble here with what appears to be a total meltdown of my DNS on my Domain Controllers.
I only have two DCs right now and I cannot resolve anything on either of them. I am on Ubuntu 16.04 with a compiled version of Samba 4.10.4.
I also have a compiled version of BIND 9.10.3-P4-Ubuntu <id:ebd72b3>
# service bind9 status
● bind9.service - BIND Domain Name Server
Loaded: loaded (/lib/systemd/system/bind9.service; enabled; vendor preset: enabled)
Drop-In: /run/systemd/generator/bind9.service.d
└─50-insserv.conf-$named.conf
Active: failed (Result: exit-code) since Tue 2019-06-18 21:14:39 CDT; 27min ago
Docs: man:named(8)
Process: 28347 ExecStop=/usr/sbin/rndc stop (code=exited, status=1/FAILURE)
Process: 28329 ExecStart=/usr/sbin/named -f $OPTIONS (code=exited, status=1/FAILURE)
Main PID: 28329 (code=exited, status=1/FAILURE)
Jun 18 21:14:39 cordelia named[28329]: samba_dlz: starting configure
Jun 18 21:14:39 cordelia named[28329]: zone mydomain.com/NONE: has no NS records
Jun 18 21:14:39 cordelia named[28329]: samba_dlz: Failed to configure zone 'mydomain.com'
Jun 18 21:14:39 cordelia named[28329]: loading configuration: bad zone
Jun 18 21:14:39 cordelia named[28329]: exiting (due to fatal error)
Jun 18 21:14:39 cordelia systemd[1]: bind9.service: Main process exited, code=exited, status=1/FAILURE
Jun 18 21:14:39 cordelia rndc[28347]: rndc: connect failed: 127.0.0.1#953: connection refused
Jun 18 21:14:39 cordelia systemd[1]: bind9.service: Control process exited, code=exited status=1
Jun 18 21:14:39 cordelia systemd[1]: bind9.service: Unit entered failed state.
Jun 18 21:14:39 cordelia systemd[1]: bind9.service: Failed with result 'exit-code'.
It appears that somehow I lost my NS records for one of my zones. It seems that I cannot get BIND up long enough to edit anything.
I've been able to delete my non-essential zones with samba-tool:
# samba-tool dns zonedelete localhost mydomain.com
# samba-tool dns zonedelete localhost 7.168.192.in-addr.arpa
# samba-tool dns zonedelete localhost 3.168.192.in-addr.arpa
# samba-tool dns zonedelete localhost 2.168.192.in-addr.arpa
# samba-tool dns zonedelete localhost 11.168.192.in-addr.arpa
# samba-tool dns zonedelete localhost 5.168.192.in-addr.arpa
But now my error is "zone _msdcs.samdom.mydomain.net/NONE: has no NS records" and I am real nervous to delete that zone.
Does anyone know what I can do to get my samba DC to have NS records that my BIND DNS server will understand and therefore load?
Thanks,
Matthew
© 2019 KNOCK, inc. All rights reserved. KNOCK is a registered trademark of KNOCK, inc. This message and any attachments contain information, which is confidential and/or privileged. If you are not the intended recipient, please refrain from any disclosure, copying, distribution or use of this information. Please be aware that such actions are prohibited. If you have received this transmission in error, kindly notify the sender by e-mail. Your cooperation is appreciated.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
© 2019 KNOCK, inc. All rights reserved. KNOCK is a registered trademark of KNOCK, inc. This message and any attachments contain information, which is confidential and/or privileged. If you are not the intended recipient, please refrain from any disclosure, copying, distribution or use of this information. Please be aware that such actions are prohibited. If you have received this transmission in error, kindly notify the sender by e-mail. Your cooperation is appreciated.
More information about the samba
mailing list