[Samba] bind9 refuses to start -> zone has no NS records
Benedikt Kaleß
benedikt.kaless at forumZFD.de
Thu Apr 30 12:28:13 UTC 2020
Thanks for the tip. I have still "zone has no NS records"
This is the output (anonymized) of the script -- sorry, I will post it
directly next time ;)
Collected config --- 2020-04-30-15:25 -----------
Hostname: addc-jor02
DNS Domain: example.com
FQDN: addc-jor02.example.com
ipaddress: 192.168.40.24
-----------
Kerberos SRV _kerberos._tcp.example.com record verified ok, sample output:
Server: 192.168.168.48
Address: 192.168.168.48#53
_kerberos._tcp.example.com service = 0 100 88 addc-ho-1.example.com.
_kerberos._tcp.example.com service = 0 100 88 addc-jor01.example.com.
_kerberos._tcp.example.com service = 0 100 88 addc-lbn1.example.com.
_kerberos._tcp.example.com service = 0 100 88 addc-ho-hos1.example.com.
Samba is not being run as a DC or a Unix domain member.
-----------
Checking file: /etc/os-release
PRETTY_NAME="Debian GNU/Linux 10 (buster)"
NAME="Debian GNU/Linux"
VERSION_ID="10"
VERSION="10 (buster)"
VERSION_CODENAME=buster
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="https://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"
-----------
This computer is running Debian 10.3 x86_64
-----------
running command : ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
state UP group default qlen 1000
link/ether 52:54:00:9d:c7:c1 brd ff:ff:ff:ff:ff:ff
inet 192.168.40.24/24 brd 192.168.40.255 scope global ens3
inet6 fe80::5054:ff:fe9d:c7c1/64 scope link
-----------
Checking file: /etc/hosts
127.0.0.1 localhost
192.168.40.24 addc-jor02.example.com addc-jor02
# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
-----------
Checking file: /etc/resolv.conf
domain example.com
search example.com.
#nameserver 192.168.40.22
#nameserver 192.168.168.46
nameserver 192.168.168.48
-----------
Checking file: /etc/krb5.conf
[libdefaults]
default_realm = example.com
dns_lookup_realm = false
dns_lookup_kdc = true
-----------
Checking file: /etc/nsswitch.conf
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.
passwd: files systemd
group: files systemd
shadow: files
gshadow: files
hosts: files dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
-----------
Warning, does not exist
-----------
Installed packages:
ii krb5-config 2.6
all Configuration files for Kerberos Version 5
ii krb5-locales 1.17-3
all internationalization support for MIT Kerberos
ii libacl1:amd64 2.2.53-4
amd64 access control list - shared library
ii libattr1:amd64 1:2.4.48-4
amd64 extended attribute handling - shared library
ii libgssapi-krb5-2:amd64 1.17-3
amd64 MIT Kerberos runtime libraries - krb5 GSS-API Mechanism
ii libkrb5-26-heimdal:amd64 7.5.0+dfsg-3
amd64 Heimdal Kerberos - libraries
ii libkrb5-3:amd64 1.17-3
amd64 MIT Kerberos runtime libraries
ii libkrb5support0:amd64 1.17-3
amd64 MIT Kerberos runtime libraries - Support library
ii libwbclient0:amd64 99:4.11.8-7
amd64 Glue package for sernet-samba-libs.
ii sernet-samba 99:4.11.8-7
amd64 SMB/CIFS file, print, and login server for Unix
ii sernet-samba-ad 99:4.11.8-7
amd64 Samba Active Directory Domain Controller
ii sernet-samba-client 99:4.11.8-7
amd64 a LanManager-like simple client for Unix
ii sernet-samba-common 99:4.11.8-7
all Samba common files used by both the server and the client
ii sernet-samba-keyring 1.9
all GnuPG archive keys of the SerNet Samba archive
ii sernet-samba-libs:amd64 99:4.11.8-7
amd64 Samba common library files used by both the server and the
client
ii sernet-samba-libsmbclient0:amd64 99:4.11.8-7
amd64 Shared library that allows applications to talk to SMB servers
ii sernet-samba-winbind 99:4.11.8-7
amd64 Samba nameservice integration server
-----------
Am 30.04.20 um 14:17 schrieb L.P.H. van Belle via samba:
> Try this.
>
> systemctl edit bind9
> #/etc/systemd/system/bind9.service.d/override.conf
> [Service]
> ExecReload=
>
> sytemctl edit samba-ad-dc.service
> #/etc/systemd/system/samba-ad-dc.service.d/override.conf
> [Unit]
> After=network.target network-online.target bind9.service
>
> systemctl daemon-reload
>
> systemctl restart bind9 samba-ad-dc
>
> If that does not work, then, can you run this script:
> https://github.com/thctlo/samba4/raw/master/samba-collect-debug-info.sh
>
> Anonimize where needed, shows all i want to know.
> At least, its a good start ;-)
>
> Greetz,
>
> Louis
>
> > -----Oorspronkelijk bericht-----
> > Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> > Benedikt Kaleß via samba
> > Verzonden: donderdag 30 april 2020 14:09
> > Aan: samba at lists.samba.org >> samba
> > Onderwerp: [Samba] bind9 refuses to start -> zone has no NS records
> >
> > Hi,
> >
> > I have to add a second DC to a Zone.
> > I use the sernet packages Version 4.11 on a debian 10 host.
> >
> > The bind refuses to start:
> >
> > root at addc-zone02:~# systemctl status bind9
> > ??? bind9.service - BIND Domain Name Server
> > Loaded: loaded (/lib/systemd/system/bind9.service;
> > enabled; vendor preset: enabled)
> > Active: failed (Result: exit-code) since Thu 2020-04-30
> > 14:51:58 EEST; 5s ago
> > Docs: man:named(8)
> > Process: 3733 ExecStart=/usr/sbin/named $OPTIONS
> > (code=exited, status=1/FAILURE)
> > Tasks: 0 (limit: 4701)
> > Memory: 624.0K
> > CGroup: /system.slice/bind9.service
> >
> > Apr 30 14:51:58 addc-zone02 named[3734]: Loading 'AD DNS
> > Zone' using driver dlopen
> > Apr 30 14:51:58 addc-zone02 named[3734]: samba_dlz: started
> > for DN DC=example,DC=com
> > Apr 30 14:51:58 addc-zone02 named[3734]: samba_dlz: starting configure
> > Apr 30 14:51:58 addc-zone02 named[3734]: zone
> > 21.168.192.in-addr.arpa/NONE: has no NS records
> > Apr 30 14:51:58 addc-zone02 named[3734]: samba_dlz: Failed to
> > configure zone '21.168.192.in-addr.arpa'
> > Apr 30 14:51:58 addc-zone02 named[3734]: loading
> > configuration: bad zone
> > Apr 30 14:51:58 addc-zone02 named[3734]: exiting (due to fatal error)
> > Apr 30 14:51:58 addc-zone02 systemd[1]: bind9.service:
> > Control process exited, code=exited, status=1/FAILURE
> > Apr 30 14:51:58 addc-zone02 systemd[1]: bind9.service: Failed
> > with result 'exit-code'.
> > Apr 30 14:51:58 addc-zone02 systemd[1]: Failed to start BIND
> > Domain Name Server.
> >
> > 21.168.192.in-addr.arpa is an empty zone and I deleted that
> > zone with the Windows DNS tool.
> >
> > I have another DC where bind9 is running. I copied
> > /etc/bind/named.conf.options and /etc/bind/named.conf.local
> > I also double checked permissions in /var/lib/samba/bind-dns
> > and /var/lib/samba/private
> >
> > Any tips are welcome. How can I start bind9 or where should I
> > look for errors?
> >
> > Best
> > Benedikt
> >
> > --
> > forumZFD
> > Entschieden für Frieden|Committed to Peace
> >
> > Benedikt Kaleß
> > Leiter Team IT|Head team IT
> >
> > Forum Ziviler Friedensdienst e.V.|Forum Civil Peace Service
> > Am Kölner Brett 8 | 50825 Köln | Germany
> >
> > Tel 0221 91273233 | Fax 0221 91273299 |
> > http://www.forumZFD.de
> >
> > Vorstand nach § 26 BGB, einzelvertretungsberechtigt|Executive Board:
> > Oliver Knabe (Vorsitz|Chair), Sonja Wiekenberg-Mlalandle,
> > Alexander Mauz
> > VR 17651 Amtsgericht Köln
> >
> > Spenden|Donations: IBAN DE37 3702 0500 0008 2401 01 BIC BFSWDE33XXX
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
> >
>
>
--
forumZFD
Entschieden für Frieden|Committed to Peace
Benedikt Kaleß
Leiter Team IT|Head team IT
Forum Ziviler Friedensdienst e.V.|Forum Civil Peace Service
Am Kölner Brett 8 | 50825 Köln | Germany
Tel 0221 91273233 | Fax 0221 91273299 |
http://www.forumZFD.de
Vorstand nach § 26 BGB, einzelvertretungsberechtigt|Executive Board:
Oliver Knabe (Vorsitz|Chair), Sonja Wiekenberg-Mlalandle, Alexander Mauz
VR 17651 Amtsgericht Köln
Spenden|Donations: IBAN DE37 3702 0500 0008 2401 01 BIC BFSWDE33XXX
More information about the samba
mailing list