[Samba] DLZ Backend DNS Hosed
L.P.H. van Belle
belle at bazuin.nl
Fri Jun 21 10:15:38 UTC 2019
No, this is not needed.
Solution here in this is simple.
search primary.domain.tld # optional extra search domains after the primary.
nameserver IP_AD-DC_OF_THIS_SERVER_FIRST
nameserver IP_AD-DC_others
Run : samba_upgradedns --dns-backend=BIND9_DLZ
And your done, all needed records are fixed/updated.
This goes wrong if the IP of the running server isnt the first and/or if search is setup wrong.
So always keep ip of the server itself as first, yes i know about islanding dns but that wont happen
If you setup correct and DONT use 127.0.0.1 because that is NOT the name of the server.
Stimple trick.
HOSTNAME="$(hostname -s)"
PRIMARYDNSDOMAIN="$(hostname -d)"
FQDN="$(hostname -f)"
Netbiosname in smb.conf = echo "${HOSTNAME^^}"
To be added if its not there in /etc/hosts:
echo "$(hostname -i) $(hostname -f) $(hostname -s)"
ONLY one line should exist for the hostname add any alias as CNAME in the dns.
Resolv.conf :
echo "nameserver $(hostname -i)"
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Denis Cardon via samba
> Verzonden: vrijdag 21 juni 2019 10:30
> Aan: Matthew Delfino; samba at lists.samba.org
> Onderwerp: Re: [Samba] DLZ Backend DNS Hosed
>
> Hi Matthew,
>
> > # samba-tool dns add localhost samdom.mycompany.net
> samdom.mycompany.net NS umbriel.samdom.mycompany.net -U"Administrator"
> > Password for [ORBITAL\Administrator]:
> > ERROR(runtime): uncaught exception - (1383,
> 'WERR_INTERNAL_DB_ERROR')
> > File
> "/usr/lib/python3/dist-packages/samba/netcmd/__init__.py",
> line 185, in _run
> > return self.run(*args, **kwargs)
> > File
> "/usr/lib/python3/dist-packages/samba/netcmd/dns.py", line 944, in run
> > raise e
> > File
> "/usr/lib/python3/dist-packages/samba/netcmd/dns.py", line 940, in run
> > 0, server, zone, name, add_rec_buf, None)
>
> Like you have figured out, in more recent version of Bind-DLZ it is
> required to have a NS field for it to start. Please try with the
> following command line syntax to add it:
>
> samba-tool dns add umbriel samdom.mycompany.net @ NS
> umbriel.samdom.mycompany.net -P
>
> For you DNS field update, if you get some TSIG error, you may
> try to add
> the DNS entries directly in the local database.
>
> samba_dnsupdate --verbose --use-samba-tool
>
> Cheers,
>
> Denis
>
> >
> >
> > Then, I remember my "samba_upgradedns
> --dns-backend=BIND9_DLZ" sword, plus 7 against DNS problems!
> Unsheathed by Matthew like Andúril by Aragorn:
> >
> >
> >
> > # samba_upgradedns --dns-backend=BIND9_DLZ
> > Reading domain information
> > DNS accounts already exist
> > No zone file /var/lib/samba/bind-dns/dns/SAMDOM.MYCOMPANY.NET.zone
> > DNS records will be automatically created
> > DNS partitions already exist
> > dns-umbriel account already exists
> > See /var/lib/samba/bind-dns/named.conf for an example
> configuration include file for BIND
> > and /var/lib/samba/bind-dns/named.txt for further
> documentation required for secure DNS updates
> > Finished upgrading DNS
> >
> >
> > Take that, DNS problems! Right? Oh.... no... it didn't help
> AT ALL. Same results on every test.
> >
> >
> > I'm feeling lonely here.
> >
> >
> >
> > Thanks,
> > Matthew
> >
> >
> >
> > From: Matthew Delfino via samba <samba at lists.samba.org>
> > To: L.P.H. van Belle <belle at bazuin.nl>,
> "samba at lists.samba.org" <samba at lists.samba.org>
> > Sent: 6/20/2019 1:40 PM
> > Subject: Re: [Samba] DLZ Backend DNS Hosed
> >
> > And, BTW, right now, I am able to see my problem via the
> following 3 ways...
> >
> > 1) Through Windows DNS Manager, I cannot add, change or
> delete any DNS records from:
> >
> > mycompany.loc
> > samdom.mycompany.net
> > mycompany.net
> >
> > I *can* add, change and delete DNS records from:
> >
> > _msdcs.samdom.mycompany.net
> > mycompany.com
> > 7.168.192.in-addr.arpa
> > 5.168.192.in-addr.arpa
> > 3.168.192.in-addr.arpa
> > 2.168.192.in-addr.arpa
> > 11.168.192.in-addr.arpa
> >
> > 2) Running the following command always ends with an error:
> >
> > # samba_dnsupdate --verbos --all-names
> > IPs: ['192.168.3.203']
> > force update: A umbriel.samdom.mycompany.net 192.168.3.203
> > force update: NS samdom.mycompany.net umbriel.samdom.mycompany.net
> > force update: NS _msdcs.samdom.mycompany.net
> umbriel.samdom.mycompany.net
> > force update: A samdom.mycompany.net 192.168.3.203
> > force update: SRV _ldap._tcp.samdom.mycompany.net
> umbriel.samdom.mycompany.net 389
> > force update: SRV _ldap._tcp.dc._msdcs.samdom.mycompany.net
> umbriel.samdom.mycompany.net 389
> > force update: SRV
> _ldap._tcp.02418c22-7df8-4ea3-aee8-ad1ce0c03cd8.domains._msdcs
> .samdom.mycompany.net umbriel.samdom.mycompany.net 389
> > force update: SRV _kerberos._tcp.samdom.mycompany.net
> umbriel.samdom.mycompany.net 88
> > force update: SRV _kerberos._udp.samdom.mycompany.net
> umbriel.samdom.mycompany.net 88
> > force update: SRV
> _kerberos._tcp.dc._msdcs.samdom.mycompany.net
> umbriel.samdom.mycompany.net 88
> > force update: SRV _kpasswd._tcp.samdom.mycompany.net
> umbriel.samdom.mycompany.net 464
> > force update: SRV _kpasswd._udp.samdom.mycompany.net
> umbriel.samdom.mycompany.net 464
> > force update: CNAME
> a51ac937-a293-485a-b851-252be672c41f._msdcs.samdom.mycompany.n
> et umbriel.samdom.mycompany.net
> > force update: SRV
> _ldap._tcp.Default-First-Site-Name._sites.samdom.mycompany.net
> umbriel.samdom.mycompany.net 389
> > force update: SRV
> _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.samdom.myc
> ompany.net umbriel.samdom.mycompany.net 389
> > force update: SRV
> _kerberos._tcp.Default-First-Site-Name._sites.samdom.mycompany
> .net umbriel.samdom.mycompany.net 88
> > force update: SRV
> _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.samdom
> .mycompany.net umbriel.samdom.mycompany.net 88
> > force update: A gc._msdcs.samdom.mycompany.net 192.168.3.203
> > force update: SRV _gc._tcp.samdom.mycompany.net
> umbriel.samdom.mycompany.net 3268
> > force update: SRV _ldap._tcp.gc._msdcs.samdom.mycompany.net
> umbriel.samdom.mycompany.net 3268
> > force update: SRV
> _gc._tcp.Default-First-Site-Name._sites.samdom.mycompany.net
> umbriel.samdom.mycompany.net 3268
> > force update: SRV
> _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.samdom.myc
> ompany.net umbriel.samdom.mycompany.net 3268
> > force update: A DomainDnsZones.samdom.mycompany.net 192.168.3.203
> > force update: SRV
> _ldap._tcp.DomainDnsZones.samdom.mycompany.net
> umbriel.samdom.mycompany.net 389
> > force update: SRV
> _ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.samdo
> m.mycompany.net umbriel.samdom.mycompany.net 389
> > force update: A ForestDnsZones.samdom.mycompany.net 192.168.3.203
> > force update: SRV
> _ldap._tcp.ForestDnsZones.samdom.mycompany.net
> umbriel.samdom.mycompany.net 389
> > force update: SRV
> _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.samdo
> m.mycompany.net umbriel.samdom.mycompany.net 389
> > 28 DNS updates and 0 DNS deletes needed
> > Traceback (most recent call last):
> > File "/usr/sbin/samba_dnsupdate", line 886, in <module>
> > creds = get_credentials(lp)
> > File "/usr/sbin/samba_dnsupdate", line 204, in get_credentials
> > get_krb5_rw_dns_server(creds, sub_vars['DNSDOMAIN'] + '.')
> > File "/usr/sbin/samba_dnsupdate", line 161, in
> get_krb5_rw_dns_server
> > rw_dns_servers = get_possible_rw_dns_server(creds, domain)
> > File "/usr/sbin/samba_dnsupdate", line 136, in
> get_possible_rw_dns_server
> > ans_soa = check_one_dns_name(domain, 'SOA')
> > File "/usr/sbin/samba_dnsupdate", line 296, in check_one_dns_name
> > ans = resolver.query(name, name_type)
> > File "/usr/lib/python3/dist-packages/dns/resolver.py",
> line 821, in query
> > raise NoNameservers
> > dns.resolver.NoNameservers
> >
> > 3) We have a mail server that occasionally rejects
> passwords from end users. This is the problem end users see
> that started the whole investigation.
> >
> > Also, this may be obvious from the output of your script,
> but in case it's not... we do not have DHCP server running on
> our DCs, nor do we have any sort of dynamic dhcp setup. It's
> just Samba and BIND (and kerberos, and ntp...).
> >
> > Thank you!
> > Matthew
> >
> >
> >
> >
> > From: Matthew Delfino via samba <samba at lists.samba.org>
> > To: L.P.H. van Belle <belle at bazuin.nl>,
> "samba at lists.samba.org" <samba at lists.samba.org>
> > Sent: 6/20/2019 1:00 PM
> > Subject: Re: [Samba] DLZ Backend DNS Hosed
> >
> > Nice shell script, Louis. Here are the results:
> >
> >
> >
> > Collected config --- 2019-06-20-12:46 -----------
> >
> >
> > Hostname: umbriel
> > DNS Domain: samdom.mycompany.net
> > FQDN: umbriel.samdom.mycompany.net
> > ipaddress: 192.168.3.203
> >
> >
> > -----------
> >
> >
> > Samba is running as an AD DC
> >
> >
> > -----------
> > Checking file: /etc/os-release
> >
> >
> > NAME="Ubuntu"
> > VERSION="16.04.6 LTS (Xenial Xerus)"
> > ID=ubuntu
> > ID_LIKE=debian
> > PRETTY_NAME="Ubuntu 16.04.6 LTS"
> > VERSION_ID="16.04"
> > HOME_URL="http://www.ubuntu.com/"
> > SUPPORT_URL="http://help.ubuntu.com/"
> > BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/"
> > VERSION_CODENAME=xenial
> > UBUNTU_CODENAME=xenial
> >
> >
> > -----------
> >
> >
> >
> >
> > This computer is running Ubuntu 16.04.6 LTS x86_64
> >
> >
> > -----------
> > running command : ip a
> > 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state
> UNKNOWN group default qlen 1
> > link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> > inet 127.0.0.1/8 scope host lo
> > inet6 ::1/128 scope host
> > 2: ens32: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
> pfifo_fast state UP group default qlen 1000
> > link/ether 00:50:56:a5:50:b3 brd ff:ff:ff:ff:ff:ff
> > inet 192.168.3.203/24 brd 192.168.3.255 scope global ens32
> > inet6 fe80::250:56ff:fea5:50b3/64 scope link
> >
> >
> > -----------
> > Checking file: /etc/hosts
> >
> >
> > 127.0.0.1 localhost
> > 192.168.3.203 umbriel.samdom.mycompany.net umbriel
> >
> >
> > # The following lines are desirable for IPv6 capable hosts
> > ::1 localhost ip6-localhost ip6-loopback
> > ff02::1 ip6-allnodes
> > ff02::2 ip6-allrouters
> >
> >
> > -----------
> >
> >
> > Checking file: /etc/resolv.conf
> >
> >
> > # Dynamic resolv.conf(5) file for glibc resolver(3)
> generated by resolvconf(8)
> > # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE
> OVERWRITTEN
> > nameserver 192.168.3.201
> > nameserver 192.168.3.202
> > search samdom.mycompany.net mycompany.net mycompany.com
> >
> >
> > -----------
> >
> >
> > Checking file: /etc/krb5.conf
> >
> >
> > [logging]
> > default = FILE:/var/log/krb5libs.log
> > kdc = FILE:/var/log/krb5kdc.log
> > admin_server = FILE:/var/log/kadmin.log
> >
> >
> > [libdefaults]
> > default_realm = SAMDOM.MYCOMPANY.NET
> > dns_lookup_realm = false
> > dns_lookup_kdc = true
> > ticket_lifetime = 24h
> > renew_lifetime = 7d
> > forwardable = true
> >
> >
> > -----------
> >
> >
> > Checking file: /etc/nsswitch.conf
> >
> >
> > # /etc/nsswitch.conf
> > #
> > # Example configuration of GNU Name Service Switch functionality.
> > # If you have the `glibc-doc-reference' and `info' packages
> installed, try:
> > # `info libc "Name Service Switch"' for information about this file.
> >
> >
> > passwd: compat
> > group: compat
> > shadow: compat
> > gshadow: files
> >
> >
> > hosts: files dns
> > networks: files
> >
> >
> > protocols: db files
> > services: db files
> > ethers: db files
> > rpc: db files
> >
> >
> > netgroup: nis
> >
> >
> > -----------
> >
> >
> > Checking file: /etc/samba/smb.conf
> >
> >
> > # Global parameters
> > [global]
> > netbios name = UMBRIEL
> > realm = SAMDOM.MYCOMPANY.NET
> > server role = active directory domain controller
> > #server services = -dns
> > server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
> drepl, winbindd, ntp_signd, kcc, dnsupdate
> > workgroup = SAMDOM
> > idmap_ldb:use rfc2307 = yes
> > #dns forwarder = 8.8.4.4
> > #dns forwarder = 8.8.8.8
> > allow dns updates = disabled
> > dsdb:schema update allowed = true
> > printcap name = /dev/null
> > load printers = no
> > printing = bsd
> > ldap server require strong auth = no
> > ldap ssl = start tls
> > tls enabled = yes
> > tls keyfile = tls/myKey.pem
> > tls certfile = tls/umbriel_samdom_mycompany_net.pem
> > tls cafile = tls/umbriel_samdom_mycompany_net.ca-bundle.pem
> > #log file = /var/log/samba/%a.%M.log
> > max log size = 2048
> > log level = 1 auth_audit:3
> > apply group policies = yes
> > mdns name = mdns
> >
> >
> > [netlogon]
> > path = /var/lib/samba/sysvol/samdom.mycompany.net/scripts
> > read only = No
> >
> >
> > [sysvol]
> > path = /var/lib/samba/sysvol
> > read only = No
> >
> >
> > -----------
> >
> >
> > Detected bind DLZ enabled..
> > Checking file: /etc/bind/named.conf
> >
> >
> > // This is the primary configuration file for the BIND DNS
> server named.
> > //
> > // Please read /usr/share/doc/bind9/README.Debian.gz for
> information on the
> > // structure of BIND configuration files in Debian,
> *BEFORE* you customize
> > // this configuration file.
> > //
> > // If you are just adding zones, please do that in
> /etc/bind/named.conf.local
> >
> >
> > include "/etc/bind/named.conf.options";
> > include "/etc/bind/named.conf.local";
> > include "/etc/bind/named.conf.default-zones";
> > include "/var/lib/samba/bind-dns/named.conf";
> >
> >
> > -----------
> >
> >
> > Checking file: /etc/bind/named.conf.options
> >
> >
> > options {
> >
> >
> > auth-nxdomain yes;
> > directory "/var/cache/bind";
> > dnssec-validation auto;
> > empty-zones-enable no;
> > managed-keys-directory "/var/cache/bind/";
> > notify yes; // Not recommended.
> > tkey-gssapi-keytab "/var/lib/samba/bind-dns/dns.keytab";
> // For Dynamic DNS
> >
> >
> > allow-query {
> > any;
> > };
> >
> >
> > allow-recursion {
> > any;
> > };
> >
> > allow-transfer {
> > 192.168.3.47; // DNS2
> > 192.168.3.48; // DNS1
> > 192.168.5.47; // Opal
> > 192.168.5.48; // Pyrite
> > 192.168.0.8; // DNS3
> > 192.168.0.9; // DNS4
> > };
> >
> >
> > also-notify {
> > 192.168.3.47; // DNS2
> > 192.168.3.48; // DNS1
> > 192.168.5.47; // Opal
> > 192.168.5.48; // Pyrite
> > 192.168.0.8; // DNS3
> > 192.168.0.9; // DNS4
> > };
> >
> >
> > allow-notify {
> > 192.168.3.47; // DNS2
> > 192.168.3.48; // DNS1
> > 192.168.5.47; // Opal
> > 192.168.5.48; // Pyrite
> > 192.168.0.8; // DNS3
> > 192.168.0.9; // DNS4
> > };
> >
> >
> > forwarders {
> > 9.9.9.9;
> > 1.1.1.1;
> > 8.8.8.8;
> > 8.8.4.4;
> > };
> > };
> >
> >
> > -----------
> >
> >
> > Checking file: /etc/bind/named.conf.local
> >
> >
> > //
> > // Do any local configuration here
> > //
> >
> >
> > // Consider adding the 1918 zones here, if they are not used in your
> > // organization
> > //include "/etc/bind/zones.rfc1918";
> >
> >
> > -----------
> >
> >
> > Checking file: /etc/bind/named.conf.default-zones
> >
> >
> > // prime the server with knowledge of the root servers
> > zone "." {
> > type hint;
> > file "/etc/bind/db.root";
> > };
> >
> >
> > // be authoritative for the localhost forward and reverse
> zones, and for
> > // broadcast zones as per RFC 1912
> >
> >
> > zone "localhost" {
> > type master;
> > file "/etc/bind/db.local";
> > };
> >
> >
> > zone "7.in-addr.arpa" {
> > type master;
> > file "/etc/bind/db.127";
> > };
> >
> >
> > zone "0.in-addr.arpa" {
> > type master;
> > file "/etc/bind/db.0";
> > };
> >
> >
> > zone "255.in-addr.arpa" {
> > type master;
> > file "/etc/bind/db.255";
> > };
> >
> >
> > -----------
> >
> >
> > Samba DNS zone list: 10 zone(s) found
> >
> >
> > pszZoneName : mycompany.com
> > Flags : DNS_RPC_ZONE_DSINTEGRATED
> DNS_RPC_ZONE_UPDATE_SECURE
> > ZoneType : DNS_ZONE_TYPE_PRIMARY
> > Version : 50
> > dwDpFlags : DNS_DP_AUTOCREATED
> DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED
> > pszDpFqdn : DomainDnsZones.samdom.mycompany.net
> >
> >
> > pszZoneName : 7.168.192.in-addr.arpa
> > Flags : DNS_RPC_ZONE_DSINTEGRATED
> DNS_RPC_ZONE_UPDATE_SECURE
> > ZoneType : DNS_ZONE_TYPE_PRIMARY
> > Version : 50
> > dwDpFlags : DNS_DP_AUTOCREATED
> DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED
> > pszDpFqdn : DomainDnsZones.samdom.mycompany.net
> >
> >
> > pszZoneName : 3.168.192.in-addr.arpa
> > Flags : DNS_RPC_ZONE_DSINTEGRATED
> DNS_RPC_ZONE_UPDATE_SECURE
> > ZoneType : DNS_ZONE_TYPE_PRIMARY
> > Version : 50
> > dwDpFlags : DNS_DP_AUTOCREATED
> DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED
> > pszDpFqdn : DomainDnsZones.samdom.mycompany.net
> >
> >
> > pszZoneName : 2.168.192.in-addr.arpa
> > Flags : DNS_RPC_ZONE_DSINTEGRATED
> DNS_RPC_ZONE_UPDATE_SECURE
> > ZoneType : DNS_ZONE_TYPE_PRIMARY
> > Version : 50
> > dwDpFlags : DNS_DP_AUTOCREATED
> DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED
> > pszDpFqdn : DomainDnsZones.samdom.mycompany.net
> >
> >
> > pszZoneName : 11.168.192.in-addr.arpa
> > Flags : DNS_RPC_ZONE_DSINTEGRATED
> DNS_RPC_ZONE_UPDATE_SECURE
> > ZoneType : DNS_ZONE_TYPE_PRIMARY
> > Version : 50
> > dwDpFlags : DNS_DP_AUTOCREATED
> DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED
> > pszDpFqdn : DomainDnsZones.samdom.mycompany.net
> >
> >
> > pszZoneName : mycompany.loc
> > Flags : DNS_RPC_ZONE_DSINTEGRATED
> DNS_RPC_ZONE_UPDATE_SECURE
> > ZoneType : DNS_ZONE_TYPE_PRIMARY
> > Version : 50
> > dwDpFlags : DNS_DP_AUTOCREATED
> DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED
> > pszDpFqdn : DomainDnsZones.samdom.mycompany.net
> >
> >
> > pszZoneName : samdom.mycompany.net
> > Flags : DNS_RPC_ZONE_DSINTEGRATED
> DNS_RPC_ZONE_UPDATE_SECURE
> > ZoneType : DNS_ZONE_TYPE_PRIMARY
> > Version : 50
> > dwDpFlags : DNS_DP_AUTOCREATED
> DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED
> > pszDpFqdn : DomainDnsZones.samdom.mycompany.net
> >
> >
> > pszZoneName : 5.168.192.in-addr.arpa
> > Flags : DNS_RPC_ZONE_DSINTEGRATED
> DNS_RPC_ZONE_UPDATE_SECURE
> > ZoneType : DNS_ZONE_TYPE_PRIMARY
> > Version : 50
> > dwDpFlags : DNS_DP_AUTOCREATED
> DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED
> > pszDpFqdn : DomainDnsZones.samdom.mycompany.net
> >
> >
> > pszZoneName : mycompany.net
> > Flags : DNS_RPC_ZONE_DSINTEGRATED
> DNS_RPC_ZONE_UPDATE_SECURE
> > ZoneType : DNS_ZONE_TYPE_PRIMARY
> > Version : 50
> > dwDpFlags : DNS_DP_AUTOCREATED
> DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED
> > pszDpFqdn : DomainDnsZones.samdom.mycompany.net
> >
> >
> > pszZoneName : _msdcs.samdom.mycompany.net
> > Flags : DNS_RPC_ZONE_DSINTEGRATED
> DNS_RPC_ZONE_UPDATE_SECURE
> > ZoneType : DNS_ZONE_TYPE_PRIMARY
> > Version : 50
> > dwDpFlags : DNS_DP_AUTOCREATED
> DNS_DP_FOREST_DEFAULT DNS_DP_ENLISTED
> > pszDpFqdn : ForestDnsZones.samdom.mycompany.net
> >
> >
> > Samba DNS zone list Automated check :
> > zone : mycompany.com ok, no Bind flat-files found
> > -----------
> > zone : 7.168.192.in-addr.arpa ok, no Bind flat-files found
> > -----------
> > zone : 3.168.192.in-addr.arpa ok, no Bind flat-files found
> > -----------
> > zone : 2.168.192.in-addr.arpa ok, no Bind flat-files found
> > -----------
> > zone : 11.168.192.in-addr.arpa ok, no Bind flat-files found
> > -----------
> > zone : mycompany.loc ok, no Bind flat-files found
> > -----------
> > zone : samdom.mycompany.net ok, no Bind flat-files found
> > -----------
> > zone : 5.168.192.in-addr.arpa ok, no Bind flat-files found
> > -----------
> > zone : mycompany.net ok, no Bind flat-files found
> > -----------
> > zone : _msdcs.samdom.mycompany.net ok, no Bind flat-files found
> > -----------
> >
> >
> > Installed packages:
> > ii acl 2.2.52-3
> amd64 Access control list utilities
> > ii attr 1:2.4.47-2
> amd64 Utilities for
> manipulating filesystem extended attributes
> > hi bind9
> 1:9.10.3.dfsg.P4-8ubuntu1.12 amd64
> Internet Domain Name Server
> > ii bind9-doc
> 1:9.10.3.dfsg.P4-8ubuntu1.14 all
> Documentation for BIND
> > ii bind9-host
> 1:9.10.3.dfsg.P4-8ubuntu1.12 amd64
> Version of 'host' bundled with BIND 9.X
> > ii bind9utils
> 1:9.10.3.dfsg.P4-8ubuntu1.12 amd64
> Utilities for BIND
> > ii krb5-config 2.3
> all Configuration files for
> Kerberos Version 5
> > ii krb5-locales
> 1.13.2+dfsg-5ubuntu2.1 all
> Internationalization support for MIT Kerberos
> > ii krb5-multidev
> 1.13.2+dfsg-5ubuntu2.1 amd64
> Development files for MIT Kerberos without Heimdal conflict
> > ii krb5-user
> 1.13.2+dfsg-5ubuntu2.1 amd64 Basic
> programs to authenticate using MIT Kerberos
> > ii libacl1:amd64 2.2.52-3
> amd64 Access control list
> shared library
> > ii libacl1-dev 2.2.52-3
> amd64 Access control list
> static libraries and headers
> > ii libattr1:amd64 1:2.4.47-2
> amd64 Extended attribute
> shared library
> > ii libattr1-dev:amd64 1:2.4.47-2
> amd64 Extended attribute
> static libraries and headers
> > ii libbind9-140:amd64
> 1:9.10.3.dfsg.P4-8ubuntu1.12 amd64 BIND9
> Shared Library used by BIND
> > ii libgssapi-krb5-2:amd64
> 1.13.2+dfsg-5ubuntu2.1 amd64 MIT
> Kerberos runtime libraries - krb5 GSS-API Mechanism
> > ii libkrb5-26-heimdal:amd64
> 1.7~git20150920+dfsg-4ubuntu1.16.04.1 amd64
> Heimdal Kerberos - libraries
> > ii libkrb5-3:amd64
> 1.13.2+dfsg-5ubuntu2.1 amd64 MIT
> Kerberos runtime libraries
> > ii libkrb5-dev
> 1.13.2+dfsg-5ubuntu2.1 amd64
> Headers and development libraries for MIT Kerberos
> > ii libkrb5support0:amd64
> 1.13.2+dfsg-5ubuntu2.1 amd64 MIT
> Kerberos runtime libraries - Support library
> >
> >
> > -----------
> >
> >
> >
> >
> > From: L.P.H. van Belle via samba <samba at lists.samba.org>
> > To: "samba at lists.samba.org" <samba at lists.samba.org>
> > Sent: 6/19/2019 1:48 AM
> > Subject: Re: [Samba] DLZ Backend DNS Hosed
> >
> > Hai,
> >
> >
> > For bind, please to add this for bind if you use bind_DLZ.
> > How : systemctl edit bind9, or create the file manualy and
> run systemctl daemon-reload after.
> > The edit command already does the reload.
> >
> > # /etc/systemd/system/bind9.service.d/override.conf
> > [Service]
> > ExecReload=
> >
> >
> > But same for you. ;-) as the other list message today.
> ([Samba] Reverse DNS)
> > Can you run this for me on the DC's.
> >
> https://raw.githubusercontent.com/thctlo/samba4/master/samba-c
> ollect-debug-info.sh
> > And post the output
> >
> > It tells me almost all i need to know to help you fix this.
> >
> > Greetz,
> >
> > Louis
> >
> >> -----Oorspronkelijk bericht-----
> >> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> >> Matthew Delfino via samba
> >> Verzonden: woensdag 19 juni 2019 5:00
> >> Aan: samba at lists.samba.org
> >> Onderwerp: [Samba] DLZ Backend DNS Hosed
> >>
> >>
> >> Hello,
> >>
> >>
> >> I'm in trouble here with what appears to be a total meltdown
> >> of my DNS on my Domain Controllers.
> >>
> >>
> >> I only have two DCs right now and I cannot resolve anything
> >> on either of them. I am on Ubuntu 16.04 with a compiled
> >> version of Samba 4.10.4.
> >>
> >>
> >> I also have a compiled version of BIND 9.10.3-P4-Ubuntu
> <id:ebd72b3>
> >>
> >>
> >> # service bind9 status
> >> ??? bind9.service - BIND Domain Name Server
> >> Loaded: loaded (/lib/systemd/system/bind9.service;
> >> enabled; vendor preset: enabled)
> >> Drop-In: /run/systemd/generator/bind9.service.d
> >> ??????50-insserv.conf-$named.conf
> >> Active: failed (Result: exit-code) since Tue 2019-06-18
> >> 21:14:39 CDT; 27min ago
> >> Docs: man:named(8)
> >> Process: 28347 ExecStop=/usr/sbin/rndc stop (code=exited,
> >> status=1/FAILURE)
> >> Process: 28329 ExecStart=/usr/sbin/named -f $OPTIONS
> >> (code=exited, status=1/FAILURE)
> >> Main PID: 28329 (code=exited, status=1/FAILURE)
> >>
> >>
> >> Jun 18 21:14:39 cordelia named[28329]: samba_dlz: starting
> configure
> >> Jun 18 21:14:39 cordelia named[28329]: zone
> >> mydomain.com/NONE: has no NS records
> >> Jun 18 21:14:39 cordelia named[28329]: samba_dlz: Failed to
> >> configure zone 'mydomain.com'
> >> Jun 18 21:14:39 cordelia named[28329]: loading
> configuration: bad zone
> >> Jun 18 21:14:39 cordelia named[28329]: exiting (due to fatal error)
> >> Jun 18 21:14:39 cordelia systemd[1]: bind9.service: Main
> >> process exited, code=exited, status=1/FAILURE
> >> Jun 18 21:14:39 cordelia rndc[28347]: rndc: connect failed:
> >> 127.0.0.1#953: connection refused
> >> Jun 18 21:14:39 cordelia systemd[1]: bind9.service: Control
> >> process exited, code=exited status=1
> >> Jun 18 21:14:39 cordelia systemd[1]: bind9.service: Unit
> >> entered failed state.
> >> Jun 18 21:14:39 cordelia systemd[1]: bind9.service: Failed
> >> with result 'exit-code'.
> >>
> >>
> >> It appears that somehow I lost my NS records for one of my
> >> zones. It seems that I cannot get BIND up long enough to edit
> >> anything.
> >>
> >>
> >> I've been able to delete my non-essential zones with samba-tool:
> >>
> >>
> >>
> >> # samba-tool dns zonedelete localhost mydomain.com
> >> # samba-tool dns zonedelete localhost 7.168.192.in-addr.arpa
> >> # samba-tool dns zonedelete localhost 3.168.192.in-addr.arpa
> >> # samba-tool dns zonedelete localhost 2.168.192.in-addr.arpa
> >> # samba-tool dns zonedelete localhost 11.168.192.in-addr.arpa
> >> # samba-tool dns zonedelete localhost 5.168.192.in-addr.arpa
> >>
> >>
> >> But now my error is "zone _msdcs.samdom.mydomain.net/NONE:
> >> has no NS records" and I am real nervous to delete that zone.
> >>
> >>
> >> Does anyone know what I can do to get my samba DC to have NS
> >> records that my BIND DNS server will understand and therefore load?
> >>
> >>
> >>
> >> Thanks,
> >> Matthew
> >>
> >>
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
> >
> >
> > © 2019 KNOCK, inc. All rights reserved. KNOCK is a
> registered trademark of KNOCK, inc. This message and any
> attachments contain information, which is confidential and/or
> privileged. If you are not the intended recipient, please
> refrain from any disclosure, copying, distribution or use of
> this information. Please be aware that such actions are
> prohibited. If you have received this transmission in error,
> kindly notify the sender by e-mail. Your cooperation is appreciated.
> >
>
> --
> Denis Cardon
> Tranquil IT
> 12 avenue Jules Verne (Bat. A)
> 44230 Saint Sébastien sur Loire (FRANCE)
> tel : +33 (0) 240 975 755
> http://www.tranquil.it
>
> Tranquil IT recrute! https://www.tranquil.it/nous-rejoindre/
> Samba install wiki for Frenchies : https://dev.tranquil.it
> WAPT, software deployment made easy : https://wapt.fr
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list