[Samba] Issues with bind9 dlz
Rob Thoman
emailthomasrob at gmail.com
Sat May 4 14:11:40 UTC 2019
Hi,
We migrated the domain to AD on a ubuntu 18.04 box with samba 4.7.6. The
DNS backend is DLZ
We are seeing DNS issues as per below
When using dnsupdate we get the following error. The server can resolve the
hostname(itself)
added interface eth0 ip=192.168.117.10 bcast=192.168.117.255
netmask=255.255.255.0
IPs: ['192.168.117.10']
need cache add: A server5.intdom.group 192.168.117.10
Looking for DNS entry A server5.intdom.group 192.168.117.10 as
server5.intdom.group.
Traceback (most recent call last):
File "/usr/sbin/samba_dnsupdate", line 827, in <module>
elif not check_dns_name(d):
File "/usr/sbin/samba_dnsupdate", line 317, in check_dns_name
raise Exception("Timeout while waiting to contact a working DNS server
while looking for %s as %s" % (d, normalised_na$
Exception: Timeout while waiting to contact a working DNS server while
looking for A server5.intdom.group 192.168.117.10 $
;; connection timed out; no servers could be reached
;; connection timed out; no servers could be reached
;; connection timed out; no servers could be reached
service bind9 status
May 04 13:50:40 server5-new named[2079]: sizing zone task pool based on 5
zones
May 04 13:50:40 server5-new named[2079]: Loading 'AD DNS Zone' using driver
dlopen
May 04 13:50:40 server5-new named[2079]: dlz_dlopen failed to open library
'/usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9$
May 04 13:50:40 server5-new named[2079]: dlz_dlopen of 'AD DNS Zone' failed
May 04 13:50:40 server5-new named[2079]: SDLZ driver failed to load.
May 04 13:50:40 server5-new named[2079]: DLZ driver failed to load.
May 04 13:50:40 server5-new named[2079]: loading configuration: failure
May 04 13:50:40 server5-new named[2079]: exiting (due to fatal error)
May 04 13:50:40 server5-new systemd[1]: bind9.service: Main process exited,
code=exited, status=1/FAILURE
May 04 13:50:40 server5-new systemd[1]: bind9.service: Failed with result
'exit-code'.
/etc/bind/name.conf has the following
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
include "/var/lib/samba/private/named.conf";
named.conf.options has
dnssec-validation auto;
tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
The following in /var/lib/samba/private/named.conf
dlz "AD DNS Zone" {
# For BIND 9.8.x
# database "dlopen /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9.so";
# For BIND 9.9.x
# database "dlopen
/usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_9.so";
# For BIND 9.10.x
# database "dlopen
/usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_10.so";
# For BIND 9.11.x
database "dlopen
/usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_11.so";
};
/etc/krb5.conf has
[libdefaults]
default_realm = intdom.GROUP
dns_lookup_realm = false
dns_lookup_kdc = true
[realms]
intdom.GROUP = {
kdc = server5
admin_server = server5
}
/etc/resolv.conf has
nameserver 192.168.117.10
search intdom.group
smb.conf has
[global]
workgroup = intdom
realm = intdom.GROUP
netbios name = server5
server role = active directory domain controller
idmap_ldb:use rfc2307 = yes
log file = /var/log/samba/log.%m
log level = 4
acl allow execute always = True
server services = -dns
allow dns updates = nonsecure
Any suggestions?
We tried changing the DNS to Samba Internal and then vice versa but the
same results
Thank you
RT
More information about the samba
mailing list