[Samba] tons of dns errors in log.samba

Adam Xu adam_xu at adagene.com.cn
Wed Dec 2 02:46:42 UTC 2020


在 2020/12/2 1:39, Andrew Bartlett via samba 写道:
> The error isn't about a zone update, it is about a failure to marshal a
> packet:
>
> 		/* If you have run out of forwarders, simply finish */
> 		if (state->forwarders == NULL) {
> 			werr2 = add_zone_authority_record(state->dns,
> 							  state,
> 							  state-
>> question,
> 							  &state-
>> nsrecs);
> 			if (tevent_req_werror(req, werr2)) {
> 				DBG_WARNING("Failed to add SOA record:
> %s\n",
> 					    win_errstr(werr2));
> 				return;
> 			}
>
> Now I've not looked into what can cause this, but look into your DNS
> forwarders in the smb.conf.

Hi Andrew

my forwarders is 8.8.4.4, it's google's dns. and I have found the 
clients that sending these dns requests.

there're 4 ovirt (an open source virt platform) nodes sending the 
requests. and I got a lot of nework packet errors in the ovirt nodes via 
tcpdump. just like:

10:30:40.436466 IP 192.168.49.195.domain > ovirt1.example.com.33625: 
8887 FormErr-$ 0/0/1 (40)

Is the cause of the problem  forwarders or the ovirt nodes?

>
> Andrew Bartlett
>
> On Tue, 2020-12-01 at 17:21 +0800, Adam Xu via samba wrote:
>> Hi All
>>
>> I try to use tcpdump to check the network packets. it shows a lot of
>> requests like:
>>
>> 192.168.60.73.56606 > dc1.example.com.domain: 56064 update [1a] [3n]
>> SOA? example.com. (102)
>>
>> I don't know why so much domain members try to update the SOA record.
>>
>> What are the possible causes of this situation?
>>
>> 在 2020/11/27 8:40, Adam Xu via samba 写道:
>>> 在 2020/11/26 17:59, Rowland penny via samba 写道:
>>>> On 26/11/2020 08:17, Adam Xu via samba wrote:
>>>>> Hi everybody
>>>>>
>>>>> any help?
>>>>>
>>>>> 在 2020/11/25 8:50, Adam Xu via samba 写道:
>>>>>> Hi samba devs
>>>>>>
>>>>>> My samba AD DC has worked for several years. I upgrade it
>>>>>> from 4.6
>>>>>> to 4.7 to 4.8 ....and now it's version is 4.12.10.
>>>>>>
>>>>>> My OS is centos7 and I use the sernet samba repo.
>>>>>>
>>>>>> Yesterday, I saw that my log.samba file was very large. tons
>>>>>> of
>>>>>> errors like:
>>>>>>
>>>>>> [2020/11/25 08:35:09.299194,  1]
>>>>>> ../../source4/dns_server/dns_query.c:1141(dns_server_process_
>>>>>> query_got_auth)
>>>>>>    dns_server_process_query_got_auth: Failed to add SOA
>>>>>> record:
>>>>>> WERR_DNS_ERROR_RCODE_FORMAT_ERROR
>>>>>> [2020/11/25 08:35:09.315638,  1]
>>>>>> ../../source4/dns_server/dns_query.c:1141(dns_server_process_
>>>>>> query_got_auth)
>>>>>>    dns_server_process_query_got_auth: Failed to add SOA
>>>>>> record:
>>>>>> WERR_DNS_ERROR_RCODE_FORMAT_ERROR
>>>>>> [2020/11/25 08:35:09.733265,  1]
>>>>>> ../../source4/dns_server/dns_query.c:1141(dns_server_process_
>>>>>> query_got_auth)
>>>>>>    dns_server_process_query_got_auth: Failed to add SOA
>>>>>> record:
>>>>>> WERR_DNS_ERROR_RCODE_FORMAT_ERROR
>>>>>> [2020/11/25 08:35:09.822746,  1]
>>>>>> ../../source4/dns_server/dns_query.c:1141(dns_server_process_
>>>>>> query_got_auth)
>>>>>>    dns_server_process_query_got_auth: Failed to add SOA
>>>>>> record:
>>>>>> WERR_DNS_ERROR_RCODE_FORMAT_ERROR
>>>>>>
>>>>>> about 3 log entries per second.
>>>>>>
>>>>>> here's the smb.conf file:
>>>>>>
>>>>>> [global]
>>>>>>      netbios name = DC1
>>>>>>      realm = EXAMPLE.COM
>>>>>>      workgroup = EXAMPLE
>>>>>>      dns forwarder = 119.29.29.29 8.8.4.4
>>>>>>      server role = active directory domain controller
>>>>>>      idmap_ldb:use rfc2307 = yes
>>>>>>      rpc server port = 49152
>>>>>>      rpc server port:netlogon = 49153
>>>>>>      rpc server port:drsuapi = 49154
>>>>>>      log level = 1 auth_json_audit:3@/var/log/samba/auth.log
>>>>>>      ntlm auth = mschapv2-and-ntlmv2-only
>>>>>>
>>>>>> [netlogon]
>>>>>>      path = /var/lib/samba/sysvol/adagene.cn/scripts
>>>>>>      read only = No
>>>>>>
>>>>>> [sysvol]
>>>>>>      path = /var/lib/samba/sysvol
>>>>>>      read only = No
>>>>>>
>>>>>> If I blocked the port 53, the error log will stop.
>>>>>>
>>>>>> although there are tons of dns errors, my AD works OK now.
>>>>>>
>>>>>> Can anyone tell me what causes so many error logs. Is that
>>>>>> matters?
>>>>>>
>>>> It sounds like something is sending a malformed request and your
>>>> dns
>>>> server is rejecting it, have you recently added another DC ?
>>> yes, I added a RODC recently.  And I have 2 RW DCs and 1 RODC now.
>>>
>>> SOA record is dc1.example.com.
>>>
>>>> Rowland
>>>>
>>>>
>>>>




More information about the samba mailing list