[Samba] bind9 refuses to start -> zone has no NS records

L.P.H. van Belle belle at bazuin.nl
Thu Apr 30 13:43:06 UTC 2020 

Now this looks all ok. Really wrong here. 

All you zones as far i can see are there. 

Just setup resolv.conf like this. And remove domain, its not needed anymore.. 

Now search order is important the first domain here is always the domain with the AD-DC in that zone. 
And add the other (if needed localy on the server) to search primary.dom.tld second.dom.tld dom.tld 

Like this : 
# /etc/resolv.conf
search zone-ad-dc-example.com example.com other.example.com 
nameserver 192.168.40.24
nameserver 192.168.168.48
nameserver 192.168.168.44

So if the AD-DC is in reverse zone  192.168.40 then lookup 
the named.example.conf zone and make sure that first in the search line 

man resolv.conf :  states : 
The domain and search keywords are mutually exclusive.  
If more than one instance of these keywords is present, the last instance wins.

In your case search.. So just remove domain, not needed. 

Then reboot the server. 
Check again, 

Run : dig NS $(hostname -d) 
dig NS $(hostname -d)
If its all ok, you should see ALL the NS records. 

Not ok, on the AD-DC. 
dig NS $(hostname -d) @$(hostname -i)

So that i suspect here. 
example.com, if you starting and it resolvs.. And the resolving errors.
.com is requested to locate example (in .com) and that tries to find the NS record.
But.. Most probley on an internet DNS server. 

Thats what i think


Greetz, 

Louis


 

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Benedikt Kaleß via samba
> Verzonden: donderdag 30 april 2020 15:19
> Aan: samba
> Onderwerp: Re: [Samba] bind9 refuses to start -> zone has no 
> NS records
> 
> Hi Denis,
> 
> thanks a lot!
> > you said that the zone is empty. It is not a problem per se 
> but for some 
> > time Bind-DLZ has been a bit more strict and ask for a NS 
> record for 
> > every zone. So you just have to create a NS field in your 
> zone pointing 
> > to one of your DC and you should be fine. Internal DNS does 
> not have 
> > this requirements.
> >
> > samba-tool dns mydc 21.168.192.in-addr.arpa @ NS 
> mydc.mydomain.lan. -P
> >
> There is something missing, right?
> 
> perhaps this way:
> 
> samba-tool dns add|update mydc 21.168.192.in-addr.arpa NS
> mydc.mydomain.lan -Uadministrator
> 
> -- 
> 
> forumZFD
> Entschieden für Frieden|Committed to Peace
> 
> Benedikt Kaleß
> Leiter Team IT|Head team IT
> 
> Forum Ziviler Friedensdienst e.V.|Forum Civil Peace Service
> Am Kölner Brett 8 | 50825 Köln | Germany  
> 
> Tel 0221 91273233 | Fax 0221 91273299 | 
> http://www.forumZFD.de 
> 
> Vorstand nach § 26 BGB, einzelvertretungsberechtigt|Executive Board:
> Oliver Knabe (Vorsitz|Chair), Sonja Wiekenberg-Mlalandle, 
> Alexander Mauz  
> VR 17651 Amtsgericht Köln
> 
> Spenden|Donations: IBAN DE37 3702 0500 0008 2401 01 BIC BFSWDE33XXX
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list