[Samba] tons of dns errors in log.samba
Adam Xu
adam_xu at adagene.com.cn
Wed Dec 2 02:46:42 UTC 2020
在 2020/12/2 1:39, Andrew Bartlett via samba 写道:
> The error isn't about a zone update, it is about a failure to marshal a
> packet:
>
> /* If you have run out of forwarders, simply finish */
> if (state->forwarders == NULL) {
> werr2 = add_zone_authority_record(state->dns,
> state,
> state-
>> question,
> &state-
>> nsrecs);
> if (tevent_req_werror(req, werr2)) {
> DBG_WARNING("Failed to add SOA record:
> %s\n",
> win_errstr(werr2));
> return;
> }
>
> Now I've not looked into what can cause this, but look into your DNS
> forwarders in the smb.conf.
Hi Andrew
my forwarders is 8.8.4.4, it's google's dns. and I have found the
clients that sending these dns requests.
there're 4 ovirt (an open source virt platform) nodes sending the
requests. and I got a lot of nework packet errors in the ovirt nodes via
tcpdump. just like:
10:30:40.436466 IP 192.168.49.195.domain > ovirt1.example.com.33625:
8887 FormErr-$ 0/0/1 (40)
Is the cause of the problem forwarders or the ovirt nodes?
>
> Andrew Bartlett
>
> On Tue, 2020-12-01 at 17:21 +0800, Adam Xu via samba wrote:
>> Hi All
>>
>> I try to use tcpdump to check the network packets. it shows a lot of
>> requests like:
>>
>> 192.168.60.73.56606 > dc1.example.com.domain: 56064 update [1a] [3n]
>> SOA? example.com. (102)
>>
>> I don't know why so much domain members try to update the SOA record.
>>
>> What are the possible causes of this situation?
>>
>> 在 2020/11/27 8:40, Adam Xu via samba 写道:
>>> 在 2020/11/26 17:59, Rowland penny via samba 写道:
>>>> On 26/11/2020 08:17, Adam Xu via samba wrote:
>>>>> Hi everybody
>>>>>
>>>>> any help?
>>>>>
>>>>> 在 2020/11/25 8:50, Adam Xu via samba 写道:
>>>>>> Hi samba devs
>>>>>>
>>>>>> My samba AD DC has worked for several years. I upgrade it
>>>>>> from 4.6
>>>>>> to 4.7 to 4.8 ....and now it's version is 4.12.10.
>>>>>>
>>>>>> My OS is centos7 and I use the sernet samba repo.
>>>>>>
>>>>>> Yesterday, I saw that my log.samba file was very large. tons
>>>>>> of
>>>>>> errors like:
>>>>>>
>>>>>> [2020/11/25 08:35:09.299194, 1]
>>>>>> ../../source4/dns_server/dns_query.c:1141(dns_server_process_
>>>>>> query_got_auth)
>>>>>> dns_server_process_query_got_auth: Failed to add SOA
>>>>>> record:
>>>>>> WERR_DNS_ERROR_RCODE_FORMAT_ERROR
>>>>>> [2020/11/25 08:35:09.315638, 1]
>>>>>> ../../source4/dns_server/dns_query.c:1141(dns_server_process_
>>>>>> query_got_auth)
>>>>>> dns_server_process_query_got_auth: Failed to add SOA
>>>>>> record:
>>>>>> WERR_DNS_ERROR_RCODE_FORMAT_ERROR
>>>>>> [2020/11/25 08:35:09.733265, 1]
>>>>>> ../../source4/dns_server/dns_query.c:1141(dns_server_process_
>>>>>> query_got_auth)
>>>>>> dns_server_process_query_got_auth: Failed to add SOA
>>>>>> record:
>>>>>> WERR_DNS_ERROR_RCODE_FORMAT_ERROR
>>>>>> [2020/11/25 08:35:09.822746, 1]
>>>>>> ../../source4/dns_server/dns_query.c:1141(dns_server_process_
>>>>>> query_got_auth)
>>>>>> dns_server_process_query_got_auth: Failed to add SOA
>>>>>> record:
>>>>>> WERR_DNS_ERROR_RCODE_FORMAT_ERROR
>>>>>>
>>>>>> about 3 log entries per second.
>>>>>>
>>>>>> here's the smb.conf file:
>>>>>>
>>>>>> [global]
>>>>>> netbios name = DC1
>>>>>> realm = EXAMPLE.COM
>>>>>> workgroup = EXAMPLE
>>>>>> dns forwarder = 119.29.29.29 8.8.4.4
>>>>>> server role = active directory domain controller
>>>>>> idmap_ldb:use rfc2307 = yes
>>>>>> rpc server port = 49152
>>>>>> rpc server port:netlogon = 49153
>>>>>> rpc server port:drsuapi = 49154
>>>>>> log level = 1 auth_json_audit:3@/var/log/samba/auth.log
>>>>>> ntlm auth = mschapv2-and-ntlmv2-only
>>>>>>
>>>>>> [netlogon]
>>>>>> path = /var/lib/samba/sysvol/adagene.cn/scripts
>>>>>> read only = No
>>>>>>
>>>>>> [sysvol]
>>>>>> path = /var/lib/samba/sysvol
>>>>>> read only = No
>>>>>>
>>>>>> If I blocked the port 53, the error log will stop.
>>>>>>
>>>>>> although there are tons of dns errors, my AD works OK now.
>>>>>>
>>>>>> Can anyone tell me what causes so many error logs. Is that
>>>>>> matters?
>>>>>>
>>>> It sounds like something is sending a malformed request and your
>>>> dns
>>>> server is rejecting it, have you recently added another DC ?
>>> yes, I added a RODC recently. And I have 2 RW DCs and 1 RODC now.
>>>
>>> SOA record is dc1.example.com.
>>>
>>>> Rowland
>>>>
>>>>
>>>>
More information about the samba
mailing list