[Samba] tons of dns errors in log.samba

Adam Xu adam_xu at adagene.com.cn
Wed Dec 2 09:04:55 UTC 2020


在 2020/12/2 10:46, Adam Xu via samba 写道:
>
> 在 2020/12/2 1:39, Andrew Bartlett via samba 写道:
>> The error isn't about a zone update, it is about a failure to marshal a
>> packet:
>>
>>         /* If you have run out of forwarders, simply finish */
>>         if (state->forwarders == NULL) {
>>             werr2 = add_zone_authority_record(state->dns,
>>                               state,
>>                               state-
>>> question,
>>                               &state-
>>> nsrecs);
>>             if (tevent_req_werror(req, werr2)) {
>>                 DBG_WARNING("Failed to add SOA record:
>> %s\n",
>>                         win_errstr(werr2));
>>                 return;
>>             }
>>
>> Now I've not looked into what can cause this, but look into your DNS
>> forwarders in the smb.conf.
>
> Hi Andrew
>
> my forwarders is 8.8.4.4, it's google's dns. and I have found the 
> clients that sending these dns requests.
>
> there're 4 ovirt (an open source virt platform) nodes sending the 
> requests. and I got a lot of nework packet errors in the ovirt nodes 
> via tcpdump. just like:
>
> 10:30:40.436466 IP 192.168.49.195.domain > ovirt1.example.com.33625: 
> 8887 FormErr-$ 0/0/1 (40)
>
> Is the cause of the problem  forwarders or the ovirt nodes?

And if I use a public dns, the error is gone. here's what tcpdump shows 
when the ovirt nodes use a public dns:

16:58:46.565681 IP ovirt1.example.com.34949 > pdns.dnspod.cn.domain: 
32203+ [1au] NS? . (40)
16:58:46.601864 IP pdns.dnspod.cn.domain > ovirt1.example.com.34949: 
32203 13/0/1 NS j.root-servers.net., NS k.root-servers.net., NS 
i.root-servers.net., NS a.root-servers.net., NS c.root-servers.net., NS 
b.root-servers.net., NS d.root-servers.net., NS l.root-servers.net., NS 
e.root-servers.net., NS m.root-servers.net., NS g.root-servers.net., NS 
f.root-servers.net., NS h.root-servers.net. (251)

you can see No FormErr returned.

>
>>
>> Andrew Bartlett
>>
>> On Tue, 2020-12-01 at 17:21 +0800, Adam Xu via samba wrote:
>>> Hi All
>>>
>>> I try to use tcpdump to check the network packets. it shows a lot of
>>> requests like:
>>>
>>> 192.168.60.73.56606 > dc1.example.com.domain: 56064 update [1a] [3n]
>>> SOA? example.com. (102)
>>>
>>> I don't know why so much domain members try to update the SOA record.
>>>
>>> What are the possible causes of this situation?
>>>
>>> 在 2020/11/27 8:40, Adam Xu via samba 写道:
>>>> 在 2020/11/26 17:59, Rowland penny via samba 写道:
>>>>> On 26/11/2020 08:17, Adam Xu via samba wrote:
>>>>>> Hi everybody
>>>>>>
>>>>>> any help?
>>>>>>
>>>>>> 在 2020/11/25 8:50, Adam Xu via samba 写道:
>>>>>>> Hi samba devs
>>>>>>>
>>>>>>> My samba AD DC has worked for several years. I upgrade it
>>>>>>> from 4.6
>>>>>>> to 4.7 to 4.8 ....and now it's version is 4.12.10.
>>>>>>>
>>>>>>> My OS is centos7 and I use the sernet samba repo.
>>>>>>>
>>>>>>> Yesterday, I saw that my log.samba file was very large. tons
>>>>>>> of
>>>>>>> errors like:
>>>>>>>
>>>>>>> [2020/11/25 08:35:09.299194,  1]
>>>>>>> ../../source4/dns_server/dns_query.c:1141(dns_server_process_
>>>>>>> query_got_auth)
>>>>>>>    dns_server_process_query_got_auth: Failed to add SOA
>>>>>>> record:
>>>>>>> WERR_DNS_ERROR_RCODE_FORMAT_ERROR
>>>>>>> [2020/11/25 08:35:09.315638,  1]
>>>>>>> ../../source4/dns_server/dns_query.c:1141(dns_server_process_
>>>>>>> query_got_auth)
>>>>>>>    dns_server_process_query_got_auth: Failed to add SOA
>>>>>>> record:
>>>>>>> WERR_DNS_ERROR_RCODE_FORMAT_ERROR
>>>>>>> [2020/11/25 08:35:09.733265,  1]
>>>>>>> ../../source4/dns_server/dns_query.c:1141(dns_server_process_
>>>>>>> query_got_auth)
>>>>>>>    dns_server_process_query_got_auth: Failed to add SOA
>>>>>>> record:
>>>>>>> WERR_DNS_ERROR_RCODE_FORMAT_ERROR
>>>>>>> [2020/11/25 08:35:09.822746,  1]
>>>>>>> ../../source4/dns_server/dns_query.c:1141(dns_server_process_
>>>>>>> query_got_auth)
>>>>>>>    dns_server_process_query_got_auth: Failed to add SOA
>>>>>>> record:
>>>>>>> WERR_DNS_ERROR_RCODE_FORMAT_ERROR
>>>>>>>
>>>>>>> about 3 log entries per second.
>>>>>>>
>>>>>>> here's the smb.conf file:
>>>>>>>
>>>>>>> [global]
>>>>>>>      netbios name = DC1
>>>>>>>      realm = EXAMPLE.COM
>>>>>>>      workgroup = EXAMPLE
>>>>>>>      dns forwarder = 119.29.29.29 8.8.4.4
>>>>>>>      server role = active directory domain controller
>>>>>>>      idmap_ldb:use rfc2307 = yes
>>>>>>>      rpc server port = 49152
>>>>>>>      rpc server port:netlogon = 49153
>>>>>>>      rpc server port:drsuapi = 49154
>>>>>>>      log level = 1 auth_json_audit:3@/var/log/samba/auth.log
>>>>>>>      ntlm auth = mschapv2-and-ntlmv2-only
>>>>>>>
>>>>>>> [netlogon]
>>>>>>>      path = /var/lib/samba/sysvol/adagene.cn/scripts
>>>>>>>      read only = No
>>>>>>>
>>>>>>> [sysvol]
>>>>>>>      path = /var/lib/samba/sysvol
>>>>>>>      read only = No
>>>>>>>
>>>>>>> If I blocked the port 53, the error log will stop.
>>>>>>>
>>>>>>> although there are tons of dns errors, my AD works OK now.
>>>>>>>
>>>>>>> Can anyone tell me what causes so many error logs. Is that
>>>>>>> matters?
>>>>>>>
>>>>> It sounds like something is sending a malformed request and your
>>>>> dns
>>>>> server is rejecting it, have you recently added another DC ?
>>>> yes, I added a RODC recently.  And I have 2 RW DCs and 1 RODC now.
>>>>
>>>> SOA record is dc1.example.com.
>>>>
>>>>> Rowland
>>>>>
>>>>>
>>>>>
>
>



More information about the samba mailing list