[Samba] bind9 refuses to start -> zone has no NS records

Denis CARDON dcardon at tranquil.it
Thu Apr 30 12:56:08 UTC 2020 

Hi Benedikt,

> 
> I have to add a second DC to a Zone.
> I use the sernet packages Version 4.11 on a debian 10 host.
> 
> The bind refuses to start:
> 
> root at addc-zone02:~# systemctl status bind9
> ● bind9.service - BIND Domain Name Server
>     Loaded: loaded (/lib/systemd/system/bind9.service; enabled; vendor preset: enabled)
>     Active: failed (Result: exit-code) since Thu 2020-04-30 14:51:58 EEST; 5s ago
>       Docs: man:named(8)
>    Process: 3733 ExecStart=/usr/sbin/named $OPTIONS (code=exited, status=1/FAILURE)
>      Tasks: 0 (limit: 4701)
>     Memory: 624.0K
>     CGroup: /system.slice/bind9.service
> 
> Apr 30 14:51:58 addc-zone02 named[3734]: Loading 'AD DNS Zone' using driver dlopen
> Apr 30 14:51:58 addc-zone02 named[3734]: samba_dlz: started for DN DC=example,DC=com
> Apr 30 14:51:58 addc-zone02 named[3734]: samba_dlz: starting configure
> Apr 30 14:51:58 addc-zone02 named[3734]: zone 21.168.192.in-addr.arpa/NONE: has no NS records
> Apr 30 14:51:58 addc-zone02 named[3734]: samba_dlz: Failed to configure zone '21.168.192.in-addr.arpa'
> Apr 30 14:51:58 addc-zone02 named[3734]: loading configuration: bad zone
> Apr 30 14:51:58 addc-zone02 named[3734]: exiting (due to fatal error)
> Apr 30 14:51:58 addc-zone02 systemd[1]: bind9.service: Control process exited, code=exited, status=1/FAILURE
> Apr 30 14:51:58 addc-zone02 systemd[1]: bind9.service: Failed with result 'exit-code'.
> Apr 30 14:51:58 addc-zone02 systemd[1]: Failed to start BIND Domain Name Server.

you said that the zone is empty. It is not a problem per se but for some 
time Bind-DLZ has been a bit more strict and ask for a NS record for 
every zone. So you just have to create a NS field in your zone pointing 
to one of your DC and you should be fine. Internal DNS does not have 
this requirements.

samba-tool dns mydc 21.168.192.in-addr.arpa @ NS mydc.mydomain.lan. -P

Cheers,

Denis


> 
> 21.168.192.in-addr.arpa is an empty zone and I deleted that zone with the Windows DNS tool.
> 
> I have another DC where bind9 is running. I copied /etc/bind/named.conf.options and /etc/bind/named.conf.local
> I also double checked permissions in /var/lib/samba/bind-dns and /var/lib/samba/private
> 
> Any tips are welcome. How can I start bind9 or where should I look for errors?
> 
> Best
> Benedikt
>

More information about the samba mailing list