[Samba] Problem after deleting a DNS zone
Sergio Belkin
sebelk at gmail.com
Thu Jun 27 13:32:42 UTC 2019
El jue., 27 jun. 2019 07:41, Rowland penny via samba <samba at lists.samba.org>
escribió:
> On 27/06/2019 11:22, Sergio Belkin wrote:
> > El mié., 26 jun. 2019 a las 15:11, Rowland penny via samba
> > (<samba at lists.samba.org <mailto:samba at lists.samba.org>>) escribió:
> >
> > On 26/06/2019 18:59, Sergio Belkin via samba wrote:
> > > El mié., 26 jun. 2019 a las 14:48, Rowland penny via samba (<
> > > samba at lists.samba.org <mailto:samba at lists.samba.org>>) escribió:
> > >
> > >> On 26/06/2019 18:36, Sergio Belkin via samba wrote:
> > >>> I've seen this behaviour:
> > >>>
> > >>> 1. Create a new DNS zone,eg: example.com <http://example.com>
> > >> Where did you create the zone ?
> > >>> 2. Create a independent DNS server that is now authoritative to
> > >> example.com <http://example.com>
> > >> This sounds like you recreated the 'example.com
> > <http://example.com>' zone again on another
> > >> DNS server that is external to the Samba AD DC
> > >>> 3. On samba delete the example.com <http://example.com> zone
> > with samba-tool samba-tool dns
> > >>> delete.....
> > >>>
> > >>> The result is that using samba as DNS server it does not resolve
> > >> example.com <http://example.com>
> > >>> through recursive query and fails
> > >> It wouldn't resolve 'example.com <http://example.com>' would
> > it, you have just deleted all
> > >> the zone records.
> > >>> Am I the only one with issue? I've found a workaround runninf:
> > >>>
> > >>> samba-tool dbcheck --cross-ncs --fix and then restarting the
> > service
> > >>>
> > >>> but it would nice that that was fixed. Or is there a proper way
> of
> > >> deleting
> > >>> zones that I don't know?
> > >> No, you are deleting the zone in the correct way, providing it
> > isn't the
> > >> AD dns domain. Your DC's should be authoritative for the AD dns
> > domain
> > >> and forward anything unknown to an external DNS server.
> > >>
> > >> Rowland
> > >>
> > >>
> > > So is this a bug? it would be great is someone try to reproduce
> > it...
> > > Greets
> > >
> > I do not think so, it might help if you answered the question I
> > asked,
> > where did you create the zone and I suppose why ?
> >
> >
> > Sorry! I overlooked it. I've created the zone on Samba server, because
> > I needed to replicate temporarily
> >
> >
> > What is your AD dns domain ?
> >
> >
> > Let's say is another-example.com <http://another-example.com>
> >
> >
> > What dns server are you using ? the internal dns server or Bind9 ?
> >
> >
> > I'm using the SAMBA4 server as DNS server. It's the internal dns server.
> >
> Then I do not see what your problem is:
>
> You have a Samba AD DC in the 'another-example.com' dns domain.
>
> You added a zone called 'example.com'
>
> You created a new DNS server for the 'example.com' dns domain
>
> You deleted the 'example.com' zone from the AD DC.
>
> At this point, unless you forward unknown dns queries to a DNS server
> that knows the 'example.com' dns domain, queries such as 'nslookup
> acomputer.example.com' will fail because your AD DC knows nothing about
> the 'example.com' dns domain.
>
I use google dns as fowarder to resolve anything else. It is as is SAMBA
would say: "I had data of example.com zone, but I haven't it now. I can't
do nothing. Bye." :)
The expected I think is that it passes the query to forward unknown domains.
In fact the problem is gone away if I run samba-tool dbcheck --cross-ncs
--fix
If i misunderstood something, please let me to know it.
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
> 000000000000000000000haf
>
More information about the samba
mailing list