[Samba] WERR_DNS_ERROR_NAME_DOES_NOT_EXIST when samba_dnsupdate tries to add to _msdcs

Rowland penny rpenny at samba.org
Tue Feb 4 19:40:33 UTC 2020

On 04/02/2020 18:57, Rick Hollinbeck wrote:
> Thanks for your response, Rowland.
> As far as newer versions of Debian/Samba, I actually started with Ubuntu 18.04, which had
> Samba 4.7.
> But I ran into another problem trying to use it, so I backed off to an older version that I was
> hoping was more stable.
> See: https://bugzilla.samba.org/show_bug.cgi?id=13298
> Meanwhile, I did find out more about what was causing this error by looking at the source
> code.
> Apparently, samba was expecting _msdcs.office.example.com to be its own "zone" (not just
> part of the AD tree, like it is on the Windows Server side.)
> so it returned that error code.
> samba-tool dns zonelist dc2 -UAdministrator
> did not show it as a "zone" - same on the Windows servers.
> By temporarily adding a "zone" for it using:
> samba-tool dns zonecreate dc2 _msdcs.office.example.com -UAdministrator
> I got the error to go away, but this created a new unwanted entry in the AD hierarchy at the
> same level as "office.example.com",
> instead of using the existing AD entry that is under that node.
> Thanks for the link http://apt.van-belle.nl/
> Maybe I'll give 18.04 or Debian 10 another try to see if it works now.
> Should I jump on the bleeding edge with Samba 4.11 and Bind9 (version?)
> (I don't see any mention of the bugzilla bug getting addressed.)
> What versions of these would you recommend?
> (fyi I am also planning to add dhcpd to this server to eventually phase out my old Windows
> Servers.)

The problem is most likely because you came from a Windows 2003 domain 
which used a very different DNS setup. Samba expects the DNS records 
from a 2008R2 domain and unless you can fix this, your domain is never 
going to work correctly.

The problem is explained here:


Does anyone know how to do this on a Samba AD DC ????


More information about the samba mailing list