[Samba] tons of dns errors in log.samba
Andrew Bartlett
abartlet at samba.org
Tue Dec 1 17:39:31 UTC 2020
The error isn't about a zone update, it is about a failure to marshal a
packet:
/* If you have run out of forwarders, simply finish */
if (state->forwarders == NULL) {
werr2 = add_zone_authority_record(state->dns,
state,
state-
>question,
&state-
>nsrecs);
if (tevent_req_werror(req, werr2)) {
DBG_WARNING("Failed to add SOA record:
%s\n",
win_errstr(werr2));
return;
}
Now I've not looked into what can cause this, but look into your DNS
forwarders in the smb.conf.
Andrew Bartlett
On Tue, 2020-12-01 at 17:21 +0800, Adam Xu via samba wrote:
> Hi All
>
> I try to use tcpdump to check the network packets. it shows a lot of
> requests like:
>
> 192.168.60.73.56606 > dc1.example.com.domain: 56064 update [1a] [3n]
> SOA? example.com. (102)
>
> I don't know why so much domain members try to update the SOA record.
>
> What are the possible causes of this situation?
>
> 在 2020/11/27 8:40, Adam Xu via samba 写道:
> > 在 2020/11/26 17:59, Rowland penny via samba 写道:
> > > On 26/11/2020 08:17, Adam Xu via samba wrote:
> > > > Hi everybody
> > > >
> > > > any help?
> > > >
> > > > 在 2020/11/25 8:50, Adam Xu via samba 写道:
> > > > > Hi samba devs
> > > > >
> > > > > My samba AD DC has worked for several years. I upgrade it
> > > > > from 4.6
> > > > > to 4.7 to 4.8 ....and now it's version is 4.12.10.
> > > > >
> > > > > My OS is centos7 and I use the sernet samba repo.
> > > > >
> > > > > Yesterday, I saw that my log.samba file was very large. tons
> > > > > of
> > > > > errors like:
> > > > >
> > > > > [2020/11/25 08:35:09.299194, 1]
> > > > > ../../source4/dns_server/dns_query.c:1141(dns_server_process_
> > > > > query_got_auth)
> > > > > dns_server_process_query_got_auth: Failed to add SOA
> > > > > record:
> > > > > WERR_DNS_ERROR_RCODE_FORMAT_ERROR
> > > > > [2020/11/25 08:35:09.315638, 1]
> > > > > ../../source4/dns_server/dns_query.c:1141(dns_server_process_
> > > > > query_got_auth)
> > > > > dns_server_process_query_got_auth: Failed to add SOA
> > > > > record:
> > > > > WERR_DNS_ERROR_RCODE_FORMAT_ERROR
> > > > > [2020/11/25 08:35:09.733265, 1]
> > > > > ../../source4/dns_server/dns_query.c:1141(dns_server_process_
> > > > > query_got_auth)
> > > > > dns_server_process_query_got_auth: Failed to add SOA
> > > > > record:
> > > > > WERR_DNS_ERROR_RCODE_FORMAT_ERROR
> > > > > [2020/11/25 08:35:09.822746, 1]
> > > > > ../../source4/dns_server/dns_query.c:1141(dns_server_process_
> > > > > query_got_auth)
> > > > > dns_server_process_query_got_auth: Failed to add SOA
> > > > > record:
> > > > > WERR_DNS_ERROR_RCODE_FORMAT_ERROR
> > > > >
> > > > > about 3 log entries per second.
> > > > >
> > > > > here's the smb.conf file:
> > > > >
> > > > > [global]
> > > > > netbios name = DC1
> > > > > realm = EXAMPLE.COM
> > > > > workgroup = EXAMPLE
> > > > > dns forwarder = 119.29.29.29 8.8.4.4
> > > > > server role = active directory domain controller
> > > > > idmap_ldb:use rfc2307 = yes
> > > > > rpc server port = 49152
> > > > > rpc server port:netlogon = 49153
> > > > > rpc server port:drsuapi = 49154
> > > > > log level = 1 auth_json_audit:3@/var/log/samba/auth.log
> > > > > ntlm auth = mschapv2-and-ntlmv2-only
> > > > >
> > > > > [netlogon]
> > > > > path = /var/lib/samba/sysvol/adagene.cn/scripts
> > > > > read only = No
> > > > >
> > > > > [sysvol]
> > > > > path = /var/lib/samba/sysvol
> > > > > read only = No
> > > > >
> > > > > If I blocked the port 53, the error log will stop.
> > > > >
> > > > > although there are tons of dns errors, my AD works OK now.
> > > > >
> > > > > Can anyone tell me what causes so many error logs. Is that
> > > > > matters?
> > > > >
> > > It sounds like something is sending a malformed request and your
> > > dns
> > > server is rejecting it, have you recently added another DC ?
> >
> > yes, I added a RODC recently. And I have 2 RW DCs and 1 RODC now.
> >
> > SOA record is dc1.example.com.
> >
> > > Rowland
> > >
> > >
> > >
--
Andrew Bartlett (he/him) https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead, Catalyst IT https://catalyst.net.nz/services/samba
More information about the samba
mailing list