[Samba] bind9 refuses to start -> zone has no NS records
L.P.H. van Belle
belle at bazuin.nl
Thu Apr 30 12:40:54 UTC 2020
See in between below, base config. ... Thumps up..
Only minor parts.. Untill the end.. ;-)
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Benedikt Kaleß via samba
> Verzonden: donderdag 30 april 2020 14:28
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] bind9 refuses to start -> zone has no
> NS records
>
> Thanks for the tip. I have still "zone has no NS records"
>
> This is the output (anonymized) of the script -- sorry, I will post it
> directly next time ;)
>
> Collected config --- 2020-04-30-15:25 -----------
>
> Hostname: addc-jor02
> DNS Domain: example.com
> FQDN: addc-jor02.example.com
> ipaddress: 192.168.40.24
>
> -----------
>
> Kerberos SRV _kerberos._tcp.example.com record verified ok,
> sample output:
> Server: 192.168.168.48
> Address: 192.168.168.48#53
>
> _kerberos._tcp.example.com service = 0 100 88
> addc-ho-1.example.com.
> _kerberos._tcp.example.com service = 0 100 88
> addc-jor01.example.com.
> _kerberos._tcp.example.com service = 0 100 88
> addc-lbn1.example.com.
> _kerberos._tcp.example.com service = 0 100 88
> addc-ho-hos1.example.com.
> Samba is not being run as a DC or a Unix domain member.
>
> -----------
> Checking file: /etc/os-release
>
> PRETTY_NAME="Debian GNU/Linux 10 (buster)"
> NAME="Debian GNU/Linux"
> VERSION_ID="10"
> VERSION="10 (buster)"
> VERSION_CODENAME=buster
> ID=debian
> HOME_URL="https://www.debian.org/"
> SUPPORT_URL="https://www.debian.org/support"
> BUG_REPORT_URL="https://bugs.debian.org/"
>
> -----------
>
>
> This computer is running Debian 10.3 x86_64
>
> -----------
> running command : ip a
> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
> group default qlen 1000
> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> inet 127.0.0.1/8 scope host lo
> inet6 ::1/128 scope host
> 2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
> state UP group default qlen 1000
> link/ether 52:54:00:9d:c7:c1 brd ff:ff:ff:ff:ff:ff
> inet 192.168.40.24/24 brd 192.168.40.255 scope global ens3
> inet6 fe80::5054:ff:fe9d:c7c1/64 scope link
>
> -----------
> Checking file: /etc/hosts
>
> 127.0.0.1 localhost
> 192.168.40.24 addc-jor02.example.com addc-jor02
>
> # The following lines are desirable for IPv6 capable hosts
> ::1 localhost ip6-localhost ip6-loopback
> ff02::1 ip6-allnodes
> ff02::2 ip6-allrouters
>
> -----------
>
>
Minor change here :
> Checking file: /etc/resolv.conf
>
> domain example.com < remove this line, search replaces it already only 1 rules, the last..
> search example.com. < remove the last .
> #nameserver 192.168.40.22
> #nameserver 192.168.168.46
> nameserver 192.168.168.48
Add optional the other AD-DC's.
>
> -----------
>
> Checking file: /etc/krb5.conf
>
> [libdefaults]
> default_realm = example.com < I assumt this is original in CAPS ;-)
> dns_lookup_realm = false
> dns_lookup_kdc = true
>
> -----------
>
> Checking file: /etc/nsswitch.conf
>
> # /etc/nsswitch.conf
> #
> # Example configuration of GNU Name Service Switch functionality.
> # If you have the `glibc-doc-reference' and `info' packages
> installed, try:
> # `info libc "Name Service Switch"' for information about this file.
>
> passwd: files systemd
> group: files systemd
> shadow: files
> gshadow: files
>
> hosts: files dns
> networks: files
>
> protocols: db files
> services: db files
> ethers: db files
> rpc: db files
>
> netgroup: nis
>
> -----------
My script output misses idmap.conf, but thats ok, most probely not needed.
> Warning, does not exist
>
> -----------
>
The Samba need also :
Where is bind ?
>From the AD-DC here im using with bind9
ii acl 2.2.53-4 amd64 access control list - utilities
ii attr 1:2.4.48-4 amd64 utilities for manipulating filesystem extended attributes
ii bind9 1:9.11.5.P4+dfsg-5.1 amd64 Internet Domain Name Server
ii bind9-host 1:9.11.5.P4+dfsg-5.1 amd64 DNS lookup utility (deprecated)
ii bind9utils 1:9.11.5.P4+dfsg-5.1 amd64 Utilities for BIND
ii xattr 0.9.6-1 amd64 tool for manipulating filesystem extended attributes
Check/install where these are?
apt install acl attr xattr bind9 bind9utils
>
> Installed packages:
> ii krb5-config 2.6
> all Configuration files for Kerberos Version 5
> ii krb5-locales 1.17-3
> all internationalization support for MIT Kerberos
> ii libacl1:amd64 2.2.53-4
> amd64 access control list - shared library
> ii libattr1:amd64 1:2.4.48-4
> amd64 extended attribute handling - shared library
> ii libgssapi-krb5-2:amd64 1.17-3
> amd64 MIT Kerberos runtime libraries - krb5 GSS-API Mechanism
> ii libkrb5-26-heimdal:amd64 7.5.0+dfsg-3
> amd64 Heimdal Kerberos - libraries
> ii libkrb5-3:amd64 1.17-3
> amd64 MIT Kerberos runtime libraries
> ii libkrb5support0:amd64 1.17-3
> amd64 MIT Kerberos runtime libraries - Support library
> ii libwbclient0:amd64 99:4.11.8-7
> amd64 Glue package for sernet-samba-libs.
> ii sernet-samba 99:4.11.8-7
> amd64 SMB/CIFS file, print, and login server for Unix
> ii sernet-samba-ad 99:4.11.8-7
> amd64 Samba Active Directory Domain Controller
> ii sernet-samba-client 99:4.11.8-7
> amd64 a LanManager-like simple client for Unix
> ii sernet-samba-common 99:4.11.8-7
> all Samba common files used by both the server and the client
> ii sernet-samba-keyring 1.9
> all GnuPG archive keys of the SerNet Samba archive
> ii sernet-samba-libs:amd64 99:4.11.8-7
> amd64 Samba common library files used by both the
> server and the
> client
> ii sernet-samba-libsmbclient0:amd64 99:4.11.8-7
> amd64 Shared library that allows applications to talk
> to SMB servers
> ii sernet-samba-winbind 99:4.11.8-7
> amd64 Samba nameservice integration server
>
> -----------
>
> Am 30.04.20 um 14:17 schrieb L.P.H. van Belle via samba:
> > Try this.
> >
> > systemctl edit bind9
> > #/etc/systemd/system/bind9.service.d/override.conf
> > [Service]
> > ExecReload=
> >
> > sytemctl edit samba-ad-dc.service
> > #/etc/systemd/system/samba-ad-dc.service.d/override.conf
> > [Unit]
> > After=network.target network-online.target bind9.service
> >
> > systemctl daemon-reload
> >
> > systemctl restart bind9 samba-ad-dc
> >
> > If that does not work, then, can you run this script:
> >
> https://github.com/thctlo/samba4/raw/master/samba-collect-debu
> g-info.sh
> >
> > Anonimize where needed, shows all i want to know.
> > At least, its a good start ;-)
> >
> > Greetz,
> >
> > Louis
> >
> > > -----Oorspronkelijk bericht-----
> > > Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> > > Benedikt Kaleß via samba
> > > Verzonden: donderdag 30 april 2020 14:09
> > > Aan: samba at lists.samba.org >> samba
> > > Onderwerp: [Samba] bind9 refuses to start -> zone has no
> NS records
> > >
> > > Hi,
> > >
> > > I have to add a second DC to a Zone.
> > > I use the sernet packages Version 4.11 on a debian 10 host.
> > >
> > > The bind refuses to start:
> > >
> > > root at addc-zone02:~# systemctl status bind9
> > > ??? bind9.service - BIND Domain Name Server
> > > Loaded: loaded (/lib/systemd/system/bind9.service;
> > > enabled; vendor preset: enabled)
> > > Active: failed (Result: exit-code) since Thu 2020-04-30
> > > 14:51:58 EEST; 5s ago
> > > Docs: man:named(8)
> > > Process: 3733 ExecStart=/usr/sbin/named $OPTIONS
> > > (code=exited, status=1/FAILURE)
> > > Tasks: 0 (limit: 4701)
> > > Memory: 624.0K
> > > CGroup: /system.slice/bind9.service
> > >
> > > Apr 30 14:51:58 addc-zone02 named[3734]: Loading 'AD DNS
> > > Zone' using driver dlopen
> > > Apr 30 14:51:58 addc-zone02 named[3734]: samba_dlz: started
> > > for DN DC=example,DC=com
> > > Apr 30 14:51:58 addc-zone02 named[3734]: samba_dlz:
> starting configure
> > > Apr 30 14:51:58 addc-zone02 named[3734]: zone
> > > 21.168.192.in-addr.arpa/NONE: has no NS records
> > > Apr 30 14:51:58 addc-zone02 named[3734]: samba_dlz: Failed to
> > > configure zone '21.168.192.in-addr.arpa'
> > > Apr 30 14:51:58 addc-zone02 named[3734]: loading
> > > configuration: bad zone
> > > Apr 30 14:51:58 addc-zone02 named[3734]: exiting (due to
> fatal error)
> > > Apr 30 14:51:58 addc-zone02 systemd[1]: bind9.service:
> > > Control process exited, code=exited, status=1/FAILURE
> > > Apr 30 14:51:58 addc-zone02 systemd[1]: bind9.service: Failed
> > > with result 'exit-code'.
> > > Apr 30 14:51:58 addc-zone02 systemd[1]: Failed to start BIND
> > > Domain Name Server.
> > >
> > > 21.168.192.in-addr.arpa is an empty zone and I deleted that
> > > zone with the Windows DNS tool.
> > >
> > > I have another DC where bind9 is running. I copied
> > > /etc/bind/named.conf.options and /etc/bind/named.conf.local
> > > I also double checked permissions in /var/lib/samba/bind-dns
> > > and /var/lib/samba/private
> > >
> > > Any tips are welcome. How can I start bind9 or where should I
> > > look for errors?
> > >
> > > Best
> > > Benedikt
> > >
> > > --
> > > forumZFD
> > > Entschieden für Frieden|Committed to Peace
> > >
> > > Benedikt Kaleß
> > > Leiter Team IT|Head team IT
> > >
> > > Forum Ziviler Friedensdienst e.V.|Forum Civil Peace Service
> > > Am Kölner Brett 8 | 50825 Köln | Germany
> > >
> > > Tel 0221 91273233 | Fax 0221 91273299 |
> > > http://www.forumZFD.de
> > >
> > > Vorstand nach § 26 BGB,
> einzelvertretungsberechtigt|Executive Board:
> > > Oliver Knabe (Vorsitz|Chair), Sonja Wiekenberg-Mlalandle,
> > > Alexander Mauz
> > > VR 17651 Amtsgericht Köln
> > >
> > > Spenden|Donations: IBAN DE37 3702 0500 0008 2401 01 BIC
> BFSWDE33XXX
> > >
> > >
> > > --
> > > To unsubscribe from this list go to the following URL and read the
> > > instructions: https://lists.samba.org/mailman/options/samba
> > >
> >
> >
> --
> forumZFD
> Entschieden für Frieden|Committed to Peace
>
> Benedikt Kaleß
> Leiter Team IT|Head team IT
>
> Forum Ziviler Friedensdienst e.V.|Forum Civil Peace Service
> Am Kölner Brett 8 | 50825 Köln | Germany
>
> Tel 0221 91273233 | Fax 0221 91273299 |
> http://www.forumZFD.de
>
> Vorstand nach § 26 BGB, einzelvertretungsberechtigt|Executive Board:
> Oliver Knabe (Vorsitz|Chair), Sonja Wiekenberg-Mlalandle,
> Alexander Mauz
> VR 17651 Amtsgericht Köln
>
> Spenden|Donations: IBAN DE37 3702 0500 0008 2401 01 BIC BFSWDE33XXX
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list