[Samba] tons of dns errors in log.samba

Adam Xu adam_xu at adagene.com.cn
Tue Dec 1 09:21:48 UTC 2020


Hi All

I try to use tcpdump to check the network packets. it shows a lot of 
requests like:

192.168.60.73.56606 > dc1.example.com.domain: 56064 update [1a] [3n] 
SOA? example.com. (102)

I don't know why so much domain members try to update the SOA record.

What are the possible causes of this situation?

在 2020/11/27 8:40, Adam Xu via samba 写道:
>
> 在 2020/11/26 17:59, Rowland penny via samba 写道:
>> On 26/11/2020 08:17, Adam Xu via samba wrote:
>>> Hi everybody
>>>
>>> any help?
>>>
>>> 在 2020/11/25 8:50, Adam Xu via samba 写道:
>>>> Hi samba devs
>>>>
>>>> My samba AD DC has worked for several years. I upgrade it from 4.6 
>>>> to 4.7 to 4.8 ....and now it's version is 4.12.10.
>>>>
>>>> My OS is centos7 and I use the sernet samba repo.
>>>>
>>>> Yesterday, I saw that my log.samba file was very large. tons of 
>>>> errors like:
>>>>
>>>> [2020/11/25 08:35:09.299194,  1] 
>>>> ../../source4/dns_server/dns_query.c:1141(dns_server_process_query_got_auth)
>>>>   dns_server_process_query_got_auth: Failed to add SOA record: 
>>>> WERR_DNS_ERROR_RCODE_FORMAT_ERROR
>>>> [2020/11/25 08:35:09.315638,  1] 
>>>> ../../source4/dns_server/dns_query.c:1141(dns_server_process_query_got_auth)
>>>>   dns_server_process_query_got_auth: Failed to add SOA record: 
>>>> WERR_DNS_ERROR_RCODE_FORMAT_ERROR
>>>> [2020/11/25 08:35:09.733265,  1] 
>>>> ../../source4/dns_server/dns_query.c:1141(dns_server_process_query_got_auth)
>>>>   dns_server_process_query_got_auth: Failed to add SOA record: 
>>>> WERR_DNS_ERROR_RCODE_FORMAT_ERROR
>>>> [2020/11/25 08:35:09.822746,  1] 
>>>> ../../source4/dns_server/dns_query.c:1141(dns_server_process_query_got_auth)
>>>>   dns_server_process_query_got_auth: Failed to add SOA record: 
>>>> WERR_DNS_ERROR_RCODE_FORMAT_ERROR
>>>>
>>>> about 3 log entries per second.
>>>>
>>>> here's the smb.conf file:
>>>>
>>>> [global]
>>>>     netbios name = DC1
>>>>     realm = EXAMPLE.COM
>>>>     workgroup = EXAMPLE
>>>>     dns forwarder = 119.29.29.29 8.8.4.4
>>>>     server role = active directory domain controller
>>>>     idmap_ldb:use rfc2307 = yes
>>>>     rpc server port = 49152
>>>>     rpc server port:netlogon = 49153
>>>>     rpc server port:drsuapi = 49154
>>>>     log level = 1 auth_json_audit:3@/var/log/samba/auth.log
>>>>     ntlm auth = mschapv2-and-ntlmv2-only
>>>>
>>>> [netlogon]
>>>>     path = /var/lib/samba/sysvol/adagene.cn/scripts
>>>>     read only = No
>>>>
>>>> [sysvol]
>>>>     path = /var/lib/samba/sysvol
>>>>     read only = No
>>>>
>>>> If I blocked the port 53, the error log will stop.
>>>>
>>>> although there are tons of dns errors, my AD works OK now.
>>>>
>>>> Can anyone tell me what causes so many error logs. Is that matters?
>>>>
>> It sounds like something is sending a malformed request and your dns 
>> server is rejecting it, have you recently added another DC ?
>
> yes, I added a RODC recently.  And I have 2 RW DCs and 1 RODC now.
>
> SOA record is dc1.example.com.
>
>>
>> Rowland
>>
>>
>>


More information about the samba mailing list