[Samba] Bind9 issue
Robert Wooden
wdn2420systm at gmail.com
Wed Sep 30 14:55:10 UTC 2020
Louis,
(Un-sanitized)
root at dtdc1:~# systemctl status bind9
> ● bind9.service - BIND Domain Name Server
> Loaded: loaded (/lib/systemd/system/bind9.service; enabled; vendor
> preset: enabled)
> Active: active (running) since Wed 2020-09-30 07:19:21 CDT; 2h 26min ago
> Docs: man:named(8)
> Process: 375 ExecStart=/usr/sbin/named $OPTIONS (code=exited,
> status=0/SUCCESS)
> Main PID: 395 (named)
> Tasks: 5 (limit: 2249)
> Memory: 27.7M
> CGroup: /system.slice/bind9.service
> └─395 /usr/sbin/named -u bind
>
> Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving '
> dtdc1.ad.dtntwk.work/A/IN': 2001:500:2f::f#53
> Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving '
> dtdc1.ad.dtntwk.work/A/IN': 2001:503:c27::2:30#53
> Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving '
> dtdc1.ad.dtntwk.work/A/IN': 2001:500:2d::d#53
> Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving '
> dtdc1.ad.dtntwk.work/A/IN': 2001:500:9f::42#53
> Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving '
> dtdc1.ad.dtntwk.work/A/IN': 2001:500:200::b#53
> Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving '
> dtdc1.ad.dtntwk.work/A/IN': 2001:7fd::1#53
> Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving '
> dtdc1.ad.dtntwk.work/A/IN': 2001:500:2::c#53
> Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving '
> dtdc1.ad.dtntwk.work/A/IN': 2001:dc3::35#53
> Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving '
> dtdc1.ad.dtntwk.work/A/IN': 2001:500:12::d0d#53
> Sep 30 07:19:28 dtdc1 named[395]: resolver priming query complete
>
Add the log from this morning
> Sep 30 07:19:21 dtdc1 named[395]: starting BIND
> 9.11.5-P4-5.1+deb10u2-Debian (Extended Support Version) <id:998753c>
>
> Sep 30 07:19:21 dtdc1 named[395]: running on Linux x86_64 4.19.0-11-amd64
> #1 SMP Debian 4.19.146-1 (2020-09-17)
>
> Sep 30 07:19:21 dtdc1 named[395]: built with '--build=x86_64-linux-gnu'
> '--prefix=/usr' '--includedir=/usr/include' '--mandir=/usr/share/man'
> '--infodir=/usr/share/info' '--sysconfdir=/etc' '--localstatedir=/var'
> '--disable-silent-rules' '--libdir=/usr/lib/x86_64-linux-gnu'
> '--libexecdir=/usr/lib/x86_64-linux-gnu' '--disable-maintainer-mode'
> '--disable-dependency-tracking' '--libdir=/usr/lib/x86_64-linux-gnu'
> '--sysconfdir=/etc/bind' '--with-python=python3' '--localstatedir=/'
> '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared'
> '--enable-static' '--with-gost=no' '--with-openssl=/usr'
> '--with-gssapi=/usr' '--with-libidn2' '--with-libjson=/usr'
> '--with-lmdb=/usr' '--with-gnu-ld' '--with-geoip=/usr' '--with-atf=no'
> '--enable-ipv6' '--enable-rrl' '--enable-filter-aaaa'
> '--enable-native-pkcs11' '--with-pkcs11=/usr/lib/softhsm/libsofthsm2.so'
> '--with-randomdev=/dev/urandom' '--enable-dnstap'
> 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2
> -fdebug-prefix-map=/build/bind9-pbRECD/bind9-9.11.5.P4+dfsg=.
> -fstack-protector-strong -Wformat -Werror=format-security
> -fno-strict-aliasing -fno-delete-null-pointer-checks -DNO_VERSION_DATE
> -DDIG_SIGCHASE' 'LDFLAGS=-Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-Wdate-time
> -D_FORTIFY_SOURCE=2'
>
> Sep 30 07:19:21 dtdc1 named[395]: running as: named -u bind
>
> Sep 30 07:19:21 dtdc1 named[395]: compiled by GCC 8.3.0
>
> Sep 30 07:19:21 dtdc1 named[395]: compiled with OpenSSL version: OpenSSL
> 1.1.1d 10 Sep 2019
>
> Sep 30 07:19:21 dtdc1 named[395]: linked to OpenSSL version: OpenSSL
> 1.1.1d 10 Sep 2019
>
> Sep 30 07:19:21 dtdc1 named[395]: compiled with libxml2 version: 2.9.4
>
> Sep 30 07:19:21 dtdc1 named[395]: linked to libxml2 version: 20904
>
> Sep 30 07:19:21 dtdc1 named[395]: compiled with libjson-c version: 0.12.1
>
> Sep 30 07:19:21 dtdc1 named[395]: linked to libjson-c version: 0.12.1
>
> Sep 30 07:19:21 dtdc1 named[395]: threads support is enabled
>
> Sep 30 07:19:21 dtdc1 named[395]:
> ----------------------------------------------------
>
> Sep 30 07:19:21 dtdc1 named[395]: BIND 9 is maintained by Internet Systems
> Consortium,
>
> Sep 30 07:19:21 dtdc1 named[395]: Inc. (ISC), a non-profit 501(c)(3)
> public-benefit
>
> Sep 30 07:19:21 dtdc1 named[395]: corporation. Support and training for
> BIND 9 are
>
> Sep 30 07:19:21 dtdc1 named[395]: available at https://www.isc.org/support
>
> Sep 30 07:19:21 dtdc1 named[395]:
> ----------------------------------------------------
>
> Sep 30 07:19:21 dtdc1 named[395]: adjusted limit on open files from 524288
> to 1048576
>
> Sep 30 07:19:21 dtdc1 named[395]: found 2 CPUs, using 2 worker threads
>
> Sep 30 07:19:21 dtdc1 named[395]: using 1 UDP listener per interface
>
> Sep 30 07:19:21 dtdc1 named[395]: using up to 4096 sockets
>
> Sep 30 07:19:21 dtdc1 named[395]: loading configuration from
> '/etc/bind/named.conf'
>
> Sep 30 07:19:21 dtdc1 named[395]: reading built-in trust anchors from file
> '/etc/bind/bind.keys'
>
> Sep 30 07:19:21 dtdc1 named[395]: initializing GeoIP Country (IPv4) (type
> 1) DB
>
> Sep 30 07:19:21 dtdc1 named[395]: GEO-106FREE 20181108 Build
>
> Sep 30 07:19:21 dtdc1 named[395]: initializing GeoIP Country (IPv6) (type
> 12) DB
>
> Sep 30 07:19:21 dtdc1 named[395]: GEO-106FREE 20181108 Build
>
> Sep 30 07:19:21 dtdc1 named[395]: GeoIP City (IPv4) (type 2) DB not
> available
>
> Sep 30 07:19:21 dtdc1 named[395]: GeoIP City (IPv4) (type 6) DB not
> available
>
> Sep 30 07:19:21 dtdc1 named[395]: GeoIP City (IPv6) (type 30) DB not
> available
>
> Sep 30 07:19:21 dtdc1 named[395]: GeoIP City (IPv6) (type 31) DB not
> available
>
> Sep 30 07:19:21 dtdc1 named[395]: GeoIP Region (type 3) DB not available
>
> Sep 30 07:19:21 dtdc1 named[395]: GeoIP Region (type 7) DB not available
>
> Sep 30 07:19:21 dtdc1 named[395]: GeoIP ISP (type 4) DB not available
>
> Sep 30 07:19:21 dtdc1 named[395]: GeoIP Org (type 5) DB not available
>
> Sep 30 07:19:21 dtdc1 named[395]: GeoIP AS (type 9) DB not available
>
> Sep 30 07:19:21 dtdc1 named[395]: GeoIP Domain (type 11) DB not available
>
> Sep 30 07:19:21 dtdc1 named[395]: GeoIP NetSpeed (type 10) DB not available
>
> Sep 30 07:19:21 dtdc1 named[395]: using default UDP/IPv4 port range:
> [32768, 60999]
>
> Sep 30 07:19:21 dtdc1 named[395]: using default UDP/IPv6 port range:
> [32768, 60999]
>
> Sep 30 07:19:21 dtdc1 named[395]: listening on IPv4 interface lo,
> 127.0.0.1#53
>
> Sep 30 07:19:21 dtdc1 named[395]: listening on IPv4 interface enp1s0,
> 192.168.16.41#53
>
> Sep 30 07:19:21 dtdc1 named[395]: generating session key for dynamic DNS
>
> Sep 30 07:19:21 dtdc1 named[395]: sizing zone task pool based on 5 zones
>
> Sep 30 07:19:21 dtdc1 named[395]: set up managed keys zone for view
> _default, file 'managed-keys.bind'
>
> Sep 30 07:19:21 dtdc1 named[395]: command channel listening on
> 127.0.0.1#953
>
> Sep 30 07:19:21 dtdc1 named[395]: managed-keys-zone: loaded serial 7
>
> Sep 30 07:19:21 dtdc1 named[395]: zone 0.in-addr.arpa/IN: loaded serial 1
>
> Sep 30 07:19:21 dtdc1 named[395]: zone 127.in-addr.arpa/IN: loaded serial 1
>
> Sep 30 07:19:21 dtdc1 named[395]: zone 255.in-addr.arpa/IN: loaded serial 1
>
> Sep 30 07:19:21 dtdc1 named[395]: zone localhost/IN: loaded serial 2
>
> Sep 30 07:19:21 dtdc1 named[395]: all zones loaded
>
> Sep 30 07:19:21 dtdc1 named[395]: running
>
> Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving './NS/IN':
> 2001:7fe::53#53
>
> Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving '
> 0.us.pool.ntp.org/A/IN': 2001:7fe::53#53
>
> Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving './NS/IN':
> 2001:500:1::53#53
>
> Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving '
> 0.us.pool.ntp.org/A/IN': 2001:500:1::53#53
>
> Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving './NS/IN':
> 2001:503:ba3e::2:30#53
>
> Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving './NS/IN':
> 2001:500:a8::e#53
>
> Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving './NS/IN':
> 2001:500:2f::f#53
>
> Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving '
> 0.us.pool.ntp.org/A/IN': 2001:503:ba3e::2:30#53
>
> Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving '
> 0.us.pool.ntp.org/A/IN': 2001:500:a8::e#53
>
> Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving '
> 0.us.pool.ntp.org/A/IN': 2001:500:2f::f#53
>
> Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving './NS/IN':
> 2001:503:c27::2:30#53
>
> Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving './NS/IN':
> 2001:500:2d::d#53
>
> Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving './NS/IN':
> 2001:500:9f::42#53
>
> Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving './NS/IN':
> 2001:500:200::b#53
>
> Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving '
> 0.us.pool.ntp.org/A/IN': 2001:503:c27::2:30#53
>
> Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving './NS/IN':
> 2001:7fd::1#53
>
> Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving '
> 0.us.pool.ntp.org/AAAA/IN': 2001:7fe::53#53
>
> Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving '
> 0.us.pool.ntp.org/A/IN': 2001:500:2d::d#53
>
> Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving '
> 0.us.pool.ntp.org/AAAA/IN': 2001:500:1::53#53
>
> Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving '
> 0.us.pool.ntp.org/A/IN': 2001:500:9f::42#53
>
> Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving '
> 0.us.pool.ntp.org/AAAA/IN': 2001:503:ba3e::2:30#53
>
> Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving '
> 0.us.pool.ntp.org/A/IN': 2001:500:200::b#53
>
> Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving '
> 0.us.pool.ntp.org/AAAA/IN': 2001:500:a8::e#53
>
> Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving '
> 0.us.pool.ntp.org/A/IN': 2001:7fd::1#53
>
> Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving '
> 0.us.pool.ntp.org/AAAA/IN': 2001:500:2f::f#53
>
> Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving '
> 0.us.pool.ntp.org/A/IN': 2001:500:2::c#53
>
> Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving '
> 0.us.pool.ntp.org/AAAA/IN': 2001:503:c27::2:30#53
>
> Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving '
> 0.us.pool.ntp.org/A/IN': 2001:dc3::35#53
>
> Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving './NS/IN':
> 2001:500:2::c#53
>
> Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving '
> 0.us.pool.ntp.org/AAAA/IN': 2001:500:2d::d#53
>
> Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving './NS/IN':
> 2001:dc3::35#53
>
> Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving './NS/IN':
> 2001:500:12::d0d#53
>
> Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving '
> 0.us.pool.ntp.org/A/IN': 2001:500:12::d0d#53
>
> Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving '
> 0.us.pool.ntp.org/AAAA/IN': 2001:500:9f::42#53
>
> Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving '
> 0.us.pool.ntp.org/AAAA/IN': 2001:500:200::b#53
>
> Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving '
> 0.us.pool.ntp.org/AAAA/IN': 2001:7fd::1#53
>
> Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving '
> 0.us.pool.ntp.org/AAAA/IN': 2001:500:2::c#53
>
> Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving '
> 0.us.pool.ntp.org/AAAA/IN': 2001:dc3::35#53
>
> Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving '
> 0.us.pool.ntp.org/AAAA/IN': 2001:500:12::d0d#53
>
> Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving '
> dtdc1.ad.dtntwk.work/A/IN': 2001:7fe::53#53
>
> Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving '
> dtdc1.ad.dtntwk.work/A/IN': 2001:500:1::53#53
>
> Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving '
> dtdc1.ad.dtntwk.work/A/IN': 2001:503:ba3e::2:30#53
>
> Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving '
> dtdc1.ad.dtntwk.work/A/IN': 2001:500:a8::e#53
>
> Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving '
> dtdc1.ad.dtntwk.work/A/IN': 2001:500:2f::f#53
>
> Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving '
> dtdc1.ad.dtntwk.work/A/IN': 2001:503:c27::2:30#53
>
> Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving '
> dtdc1.ad.dtntwk.work/A/IN': 2001:500:2d::d#53
>
> Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving '
> dtdc1.ad.dtntwk.work/A/IN': 2001:500:9f::42#53
>
> Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving '
> dtdc1.ad.dtntwk.work/A/IN': 2001:500:200::b#53
>
> Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving '
> dtdc1.ad.dtntwk.work/A/IN': 2001:7fd::1#53
>
> Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving '
> dtdc1.ad.dtntwk.work/A/IN': 2001:500:2::c#53
>
> Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving '
> dtdc1.ad.dtntwk.work/A/IN': 2001:dc3::35#53
>
> Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving '
> dtdc1.ad.dtntwk.work/A/IN': 2001:500:12::d0d#53
>
> Sep 30 07:19:28 dtdc1 named[395]: resolver priming query complete
>
> (END
>
Anyones thoughts??
On Wed, Sep 30, 2020 at 9:43 AM Robert Wooden <wdn2420systm at gmail.com>
wrote:
> Rowland,
> To answer you first, my "example.com" registered host is a wildcat " *.
> example.com". Everything example.com returns my external ip address.
>
> Both bind9 and samba are running.
>
> Might add your "options" but for now, solving my problem, first.
>
> Louis, your answer in a few minutes.
>
> On Wed, Sep 30, 2020 at 8:09 AM Rowland penny via samba <
> samba at lists.samba.org> wrote:
>
>> On 30/09/2020 13:22, Robert Wooden via samba wrote:
>> > Yesterday I had an issue with Samba v 4.13.0.
>> >
>> > I cannot figure out why bind9 will not "host -t SRV _ldap._
>> > tcp.ad.dtntwk.work." or "host -t SRV _kerberos._udp.ad.dtntwk.work."
>> >
>> > root at dc1:~# host -t SRV _ldap._tcp.subdom.example.com.
>> Hmm, is 'subdom.example.com' really 'ad.dtntwk.work' ?
>> >> dc1.subdom.example.com has address 164.98.xxx.xxx
>> >>
>> > This ip address is my external ip provided from the ISP. It should be a
>> > local ip (192.168.0.xx)
>> How is your internal device getting an external IP ?
>> >
>> > root at dc1:~# cat /etc/bind/named.conf
>>
>> Your bind files are the same as mine, except I have these in 'options' :
>>
>> dnssec-enable no;
>> dnssec-lookaside no;
>> allow-transfer { none; };
>>
>> >> // rndc.key is installed by default on debian. Just a matter
>> of
>> >> enableing it.
>> >> include "/etc/bind/rndc.key";
>> >> controls {
>> >> inet 127.0.0.1 allow { localhost; } keys { rndc-key; };
>> >> // inet ::1 allow { ::1; } keys { rndc-key; };
>> >> };
>> I also do not have the rndc lines, they are not required.
>>
>> > And "dpkg-reconfigure krb5-user" will not reconfigure.
>> Strange.
>> >
>> > root at dc1:~# kinit administrator
>> >> kinit: Cannot find KDC for realm "SUBDOM.EXAMPLE.COM" while getting
>> >> initial credentials
>> Are Samba and Bind9 running ?
>>
>> Is 'subdom.example.com' a registered domain, or is 'example.com' the
>> registered domain ?
>>
>> Rowland
>>
>>
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
>
More information about the samba
mailing list