[Samba] tons of dns errors in log.samba

Rowland penny rpenny at samba.org
Thu Nov 26 09:59:19 UTC 2020 

On 26/11/2020 08:17, Adam Xu via samba wrote:
> Hi everybody
>
> any help?
>
> 在 2020/11/25 8:50, Adam Xu via samba 写道:
>> Hi samba devs
>>
>> My samba AD DC has worked for several years. I upgrade it from 4.6 to 
>> 4.7 to 4.8 ....and now it's version is 4.12.10.
>>
>> My OS is centos7 and I use the sernet samba repo.
>>
>> Yesterday, I saw that my log.samba file was very large. tons of 
>> errors like:
>>
>> [2020/11/25 08:35:09.299194,  1] 
>> ../../source4/dns_server/dns_query.c:1141(dns_server_process_query_got_auth)
>>   dns_server_process_query_got_auth: Failed to add SOA record: 
>> WERR_DNS_ERROR_RCODE_FORMAT_ERROR
>> [2020/11/25 08:35:09.315638,  1] 
>> ../../source4/dns_server/dns_query.c:1141(dns_server_process_query_got_auth)
>>   dns_server_process_query_got_auth: Failed to add SOA record: 
>> WERR_DNS_ERROR_RCODE_FORMAT_ERROR
>> [2020/11/25 08:35:09.733265,  1] 
>> ../../source4/dns_server/dns_query.c:1141(dns_server_process_query_got_auth)
>>   dns_server_process_query_got_auth: Failed to add SOA record: 
>> WERR_DNS_ERROR_RCODE_FORMAT_ERROR
>> [2020/11/25 08:35:09.822746,  1] 
>> ../../source4/dns_server/dns_query.c:1141(dns_server_process_query_got_auth)
>>   dns_server_process_query_got_auth: Failed to add SOA record: 
>> WERR_DNS_ERROR_RCODE_FORMAT_ERROR
>>
>> about 3 log entries per second.
>>
>> here's the smb.conf file:
>>
>> [global]
>>     netbios name = DC1
>>     realm = EXAMPLE.COM
>>     workgroup = EXAMPLE
>>     dns forwarder = 119.29.29.29 8.8.4.4
>>     server role = active directory domain controller
>>     idmap_ldb:use rfc2307 = yes
>>     rpc server port = 49152
>>     rpc server port:netlogon = 49153
>>     rpc server port:drsuapi = 49154
>>     log level = 1 auth_json_audit:3@/var/log/samba/auth.log
>>     ntlm auth = mschapv2-and-ntlmv2-only
>>
>> [netlogon]
>>     path = /var/lib/samba/sysvol/adagene.cn/scripts
>>     read only = No
>>
>> [sysvol]
>>     path = /var/lib/samba/sysvol
>>     read only = No
>>
>> If I blocked the port 53, the error log will stop.
>>
>> although there are tons of dns errors, my AD works OK now.
>>
>> Can anyone tell me what causes so many error logs. Is that matters?
>>
It sounds like something is sending a malformed request and your dns 
server is rejecting it, have you recently added another DC ?

Rowland

More information about the samba mailing list