[Samba] Bind9 issue
L.P.H. van Belle
belle at bazuin.nl
Wed Sep 30 15:02:16 UTC 2020
Bind_DLZ is not loaded
Which makes sence if we see the errors..
Verify if this is loaded..
I have it in named.conf.local
// adding the dlopen ( Bind DLZ ) module for samba, beware, if you using bind9.9 then you need to change this manualy
include "/var/lib/samba/bind-dns/named.conf";
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Robert Wooden via samba
> Verzonden: woensdag 30 september 2020 16:55
> CC: SAMBA MailList
> Onderwerp: Re: [Samba] Bind9 issue
>
> Louis,
>
> (Un-sanitized)
>
> root at dtdc1:~# systemctl status bind9
> > ??? bind9.service - BIND Domain Name Server
> > Loaded: loaded (/lib/systemd/system/bind9.service;
> enabled; vendor
> > preset: enabled)
> > Active: active (running) since Wed 2020-09-30 07:19:21
> CDT; 2h 26min ago
> > Docs: man:named(8)
> > Process: 375 ExecStart=/usr/sbin/named $OPTIONS (code=exited,
> > status=0/SUCCESS)
> > Main PID: 395 (named)
> > Tasks: 5 (limit: 2249)
> > Memory: 27.7M
> > CGroup: /system.slice/bind9.service
> > ??????395 /usr/sbin/named -u bind
> >
> > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving '
> > dtdc1.ad.dtntwk.work/A/IN': 2001:500:2f::f#53
> > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving '
> > dtdc1.ad.dtntwk.work/A/IN': 2001:503:c27::2:30#53
> > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving '
> > dtdc1.ad.dtntwk.work/A/IN': 2001:500:2d::d#53
> > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving '
> > dtdc1.ad.dtntwk.work/A/IN': 2001:500:9f::42#53
> > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving '
> > dtdc1.ad.dtntwk.work/A/IN': 2001:500:200::b#53
> > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving '
> > dtdc1.ad.dtntwk.work/A/IN': 2001:7fd::1#53
> > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving '
> > dtdc1.ad.dtntwk.work/A/IN': 2001:500:2::c#53
> > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving '
> > dtdc1.ad.dtntwk.work/A/IN': 2001:dc3::35#53
> > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving '
> > dtdc1.ad.dtntwk.work/A/IN': 2001:500:12::d0d#53
> > Sep 30 07:19:28 dtdc1 named[395]: resolver priming query complete
> >
>
> Add the log from this morning
>
> > Sep 30 07:19:21 dtdc1 named[395]: starting BIND
> > 9.11.5-P4-5.1+deb10u2-Debian (Extended Support Version) <id:998753c>
> >
> > Sep 30 07:19:21 dtdc1 named[395]: running on Linux x86_64
> 4.19.0-11-amd64
> > #1 SMP Debian 4.19.146-1 (2020-09-17)
> >
> > Sep 30 07:19:21 dtdc1 named[395]: built with
> '--build=x86_64-linux-gnu'
> > '--prefix=/usr' '--includedir=/usr/include'
> '--mandir=/usr/share/man'
> > '--infodir=/usr/share/info' '--sysconfdir=/etc'
> '--localstatedir=/var'
> > '--disable-silent-rules' '--libdir=/usr/lib/x86_64-linux-gnu'
> > '--libexecdir=/usr/lib/x86_64-linux-gnu' '--disable-maintainer-mode'
> > '--disable-dependency-tracking' '--libdir=/usr/lib/x86_64-linux-gnu'
> > '--sysconfdir=/etc/bind' '--with-python=python3' '--localstatedir=/'
> > '--enable-threads' '--enable-largefile' '--with-libtool'
> '--enable-shared'
> > '--enable-static' '--with-gost=no' '--with-openssl=/usr'
> > '--with-gssapi=/usr' '--with-libidn2' '--with-libjson=/usr'
> > '--with-lmdb=/usr' '--with-gnu-ld' '--with-geoip=/usr'
> '--with-atf=no'
> > '--enable-ipv6' '--enable-rrl' '--enable-filter-aaaa'
> > '--enable-native-pkcs11'
> '--with-pkcs11=/usr/lib/softhsm/libsofthsm2.so'
> > '--with-randomdev=/dev/urandom' '--enable-dnstap'
> > 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2
> > -fdebug-prefix-map=/build/bind9-pbRECD/bind9-9.11.5.P4+dfsg=.
> > -fstack-protector-strong -Wformat -Werror=format-security
> > -fno-strict-aliasing -fno-delete-null-pointer-checks
> -DNO_VERSION_DATE
> > -DDIG_SIGCHASE' 'LDFLAGS=-Wl,-z,relro -Wl,-z,now'
> 'CPPFLAGS=-Wdate-time
> > -D_FORTIFY_SOURCE=2'
> >
> > Sep 30 07:19:21 dtdc1 named[395]: running as: named -u bind
> >
> > Sep 30 07:19:21 dtdc1 named[395]: compiled by GCC 8.3.0
> >
> > Sep 30 07:19:21 dtdc1 named[395]: compiled with OpenSSL
> version: OpenSSL
> > 1.1.1d 10 Sep 2019
> >
> > Sep 30 07:19:21 dtdc1 named[395]: linked to OpenSSL version: OpenSSL
> > 1.1.1d 10 Sep 2019
> >
> > Sep 30 07:19:21 dtdc1 named[395]: compiled with libxml2
> version: 2.9.4
> >
> > Sep 30 07:19:21 dtdc1 named[395]: linked to libxml2 version: 20904
> >
> > Sep 30 07:19:21 dtdc1 named[395]: compiled with libjson-c
> version: 0.12.1
> >
> > Sep 30 07:19:21 dtdc1 named[395]: linked to libjson-c
> version: 0.12.1
> >
> > Sep 30 07:19:21 dtdc1 named[395]: threads support is enabled
> >
> > Sep 30 07:19:21 dtdc1 named[395]:
> > ----------------------------------------------------
> >
> > Sep 30 07:19:21 dtdc1 named[395]: BIND 9 is maintained by
> Internet Systems
> > Consortium,
> >
> > Sep 30 07:19:21 dtdc1 named[395]: Inc. (ISC), a non-profit 501(c)(3)
> > public-benefit
> >
> > Sep 30 07:19:21 dtdc1 named[395]: corporation. Support and
> training for
> > BIND 9 are
> >
> > Sep 30 07:19:21 dtdc1 named[395]: available at
> https://www.isc.org/support
> >
> > Sep 30 07:19:21 dtdc1 named[395]:
> > ----------------------------------------------------
> >
> > Sep 30 07:19:21 dtdc1 named[395]: adjusted limit on open
> files from 524288
> > to 1048576
> >
> > Sep 30 07:19:21 dtdc1 named[395]: found 2 CPUs, using 2
> worker threads
> >
> > Sep 30 07:19:21 dtdc1 named[395]: using 1 UDP listener per interface
> >
> > Sep 30 07:19:21 dtdc1 named[395]: using up to 4096 sockets
> >
> > Sep 30 07:19:21 dtdc1 named[395]: loading configuration from
> > '/etc/bind/named.conf'
> >
> > Sep 30 07:19:21 dtdc1 named[395]: reading built-in trust
> anchors from file
> > '/etc/bind/bind.keys'
> >
> > Sep 30 07:19:21 dtdc1 named[395]: initializing GeoIP
> Country (IPv4) (type
> > 1) DB
> >
> > Sep 30 07:19:21 dtdc1 named[395]: GEO-106FREE 20181108 Build
> >
> > Sep 30 07:19:21 dtdc1 named[395]: initializing GeoIP
> Country (IPv6) (type
> > 12) DB
> >
> > Sep 30 07:19:21 dtdc1 named[395]: GEO-106FREE 20181108 Build
> >
> > Sep 30 07:19:21 dtdc1 named[395]: GeoIP City (IPv4) (type 2) DB not
> > available
> >
> > Sep 30 07:19:21 dtdc1 named[395]: GeoIP City (IPv4) (type 6) DB not
> > available
> >
> > Sep 30 07:19:21 dtdc1 named[395]: GeoIP City (IPv6) (type 30) DB not
> > available
> >
> > Sep 30 07:19:21 dtdc1 named[395]: GeoIP City (IPv6) (type 31) DB not
> > available
> >
> > Sep 30 07:19:21 dtdc1 named[395]: GeoIP Region (type 3) DB
> not available
> >
> > Sep 30 07:19:21 dtdc1 named[395]: GeoIP Region (type 7) DB
> not available
> >
> > Sep 30 07:19:21 dtdc1 named[395]: GeoIP ISP (type 4) DB not
> available
> >
> > Sep 30 07:19:21 dtdc1 named[395]: GeoIP Org (type 5) DB not
> available
> >
> > Sep 30 07:19:21 dtdc1 named[395]: GeoIP AS (type 9) DB not available
> >
> > Sep 30 07:19:21 dtdc1 named[395]: GeoIP Domain (type 11) DB
> not available
> >
> > Sep 30 07:19:21 dtdc1 named[395]: GeoIP NetSpeed (type 10)
> DB not available
> >
> > Sep 30 07:19:21 dtdc1 named[395]: using default UDP/IPv4 port range:
> > [32768, 60999]
> >
> > Sep 30 07:19:21 dtdc1 named[395]: using default UDP/IPv6 port range:
> > [32768, 60999]
> >
> > Sep 30 07:19:21 dtdc1 named[395]: listening on IPv4 interface lo,
> > 127.0.0.1#53
> >
> > Sep 30 07:19:21 dtdc1 named[395]: listening on IPv4
> interface enp1s0,
> > 192.168.16.41#53
> >
> > Sep 30 07:19:21 dtdc1 named[395]: generating session key
> for dynamic DNS
> >
> > Sep 30 07:19:21 dtdc1 named[395]: sizing zone task pool
> based on 5 zones
> >
> > Sep 30 07:19:21 dtdc1 named[395]: set up managed keys zone for view
> > _default, file 'managed-keys.bind'
> >
> > Sep 30 07:19:21 dtdc1 named[395]: command channel listening on
> > 127.0.0.1#953
> >
> > Sep 30 07:19:21 dtdc1 named[395]: managed-keys-zone: loaded serial 7
> >
> > Sep 30 07:19:21 dtdc1 named[395]: zone 0.in-addr.arpa/IN:
> loaded serial 1
> >
> > Sep 30 07:19:21 dtdc1 named[395]: zone 127.in-addr.arpa/IN:
> loaded serial 1
> >
> > Sep 30 07:19:21 dtdc1 named[395]: zone 255.in-addr.arpa/IN:
> loaded serial 1
> >
> > Sep 30 07:19:21 dtdc1 named[395]: zone localhost/IN: loaded serial 2
> >
> > Sep 30 07:19:21 dtdc1 named[395]: all zones loaded
> >
> > Sep 30 07:19:21 dtdc1 named[395]: running
> >
> > Sep 30 07:19:25 dtdc1 named[395]: network unreachable
> resolving './NS/IN':
> > 2001:7fe::53#53
> >
> > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving '
> > 0.us.pool.ntp.org/A/IN': 2001:7fe::53#53
> >
> > Sep 30 07:19:25 dtdc1 named[395]: network unreachable
> resolving './NS/IN':
> > 2001:500:1::53#53
> >
> > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving '
> > 0.us.pool.ntp.org/A/IN': 2001:500:1::53#53
> >
> > Sep 30 07:19:25 dtdc1 named[395]: network unreachable
> resolving './NS/IN':
> > 2001:503:ba3e::2:30#53
> >
> > Sep 30 07:19:25 dtdc1 named[395]: network unreachable
> resolving './NS/IN':
> > 2001:500:a8::e#53
> >
> > Sep 30 07:19:25 dtdc1 named[395]: network unreachable
> resolving './NS/IN':
> > 2001:500:2f::f#53
> >
> > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving '
> > 0.us.pool.ntp.org/A/IN': 2001:503:ba3e::2:30#53
> >
> > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving '
> > 0.us.pool.ntp.org/A/IN': 2001:500:a8::e#53
> >
> > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving '
> > 0.us.pool.ntp.org/A/IN': 2001:500:2f::f#53
> >
> > Sep 30 07:19:25 dtdc1 named[395]: network unreachable
> resolving './NS/IN':
> > 2001:503:c27::2:30#53
> >
> > Sep 30 07:19:25 dtdc1 named[395]: network unreachable
> resolving './NS/IN':
> > 2001:500:2d::d#53
> >
> > Sep 30 07:19:25 dtdc1 named[395]: network unreachable
> resolving './NS/IN':
> > 2001:500:9f::42#53
> >
> > Sep 30 07:19:25 dtdc1 named[395]: network unreachable
> resolving './NS/IN':
> > 2001:500:200::b#53
> >
> > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving '
> > 0.us.pool.ntp.org/A/IN': 2001:503:c27::2:30#53
> >
> > Sep 30 07:19:25 dtdc1 named[395]: network unreachable
> resolving './NS/IN':
> > 2001:7fd::1#53
> >
> > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving '
> > 0.us.pool.ntp.org/AAAA/IN': 2001:7fe::53#53
> >
> > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving '
> > 0.us.pool.ntp.org/A/IN': 2001:500:2d::d#53
> >
> > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving '
> > 0.us.pool.ntp.org/AAAA/IN': 2001:500:1::53#53
> >
> > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving '
> > 0.us.pool.ntp.org/A/IN': 2001:500:9f::42#53
> >
> > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving '
> > 0.us.pool.ntp.org/AAAA/IN': 2001:503:ba3e::2:30#53
> >
> > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving '
> > 0.us.pool.ntp.org/A/IN': 2001:500:200::b#53
> >
> > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving '
> > 0.us.pool.ntp.org/AAAA/IN': 2001:500:a8::e#53
> >
> > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving '
> > 0.us.pool.ntp.org/A/IN': 2001:7fd::1#53
> >
> > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving '
> > 0.us.pool.ntp.org/AAAA/IN': 2001:500:2f::f#53
> >
> > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving '
> > 0.us.pool.ntp.org/A/IN': 2001:500:2::c#53
> >
> > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving '
> > 0.us.pool.ntp.org/AAAA/IN': 2001:503:c27::2:30#53
> >
> > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving '
> > 0.us.pool.ntp.org/A/IN': 2001:dc3::35#53
> >
> > Sep 30 07:19:25 dtdc1 named[395]: network unreachable
> resolving './NS/IN':
> > 2001:500:2::c#53
> >
> > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving '
> > 0.us.pool.ntp.org/AAAA/IN': 2001:500:2d::d#53
> >
> > Sep 30 07:19:25 dtdc1 named[395]: network unreachable
> resolving './NS/IN':
> > 2001:dc3::35#53
> >
> > Sep 30 07:19:25 dtdc1 named[395]: network unreachable
> resolving './NS/IN':
> > 2001:500:12::d0d#53
> >
> > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving '
> > 0.us.pool.ntp.org/A/IN': 2001:500:12::d0d#53
> >
> > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving '
> > 0.us.pool.ntp.org/AAAA/IN': 2001:500:9f::42#53
> >
> > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving '
> > 0.us.pool.ntp.org/AAAA/IN': 2001:500:200::b#53
> >
> > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving '
> > 0.us.pool.ntp.org/AAAA/IN': 2001:7fd::1#53
> >
> > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving '
> > 0.us.pool.ntp.org/AAAA/IN': 2001:500:2::c#53
> >
> > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving '
> > 0.us.pool.ntp.org/AAAA/IN': 2001:dc3::35#53
> >
> > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving '
> > 0.us.pool.ntp.org/AAAA/IN': 2001:500:12::d0d#53
> >
> > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving '
> > dtdc1.ad.dtntwk.work/A/IN': 2001:7fe::53#53
> >
> > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving '
> > dtdc1.ad.dtntwk.work/A/IN': 2001:500:1::53#53
> >
> > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving '
> > dtdc1.ad.dtntwk.work/A/IN': 2001:503:ba3e::2:30#53
> >
> > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving '
> > dtdc1.ad.dtntwk.work/A/IN': 2001:500:a8::e#53
> >
> > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving '
> > dtdc1.ad.dtntwk.work/A/IN': 2001:500:2f::f#53
> >
> > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving '
> > dtdc1.ad.dtntwk.work/A/IN': 2001:503:c27::2:30#53
> >
> > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving '
> > dtdc1.ad.dtntwk.work/A/IN': 2001:500:2d::d#53
> >
> > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving '
> > dtdc1.ad.dtntwk.work/A/IN': 2001:500:9f::42#53
> >
> > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving '
> > dtdc1.ad.dtntwk.work/A/IN': 2001:500:200::b#53
> >
> > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving '
> > dtdc1.ad.dtntwk.work/A/IN': 2001:7fd::1#53
> >
> > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving '
> > dtdc1.ad.dtntwk.work/A/IN': 2001:500:2::c#53
> >
> > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving '
> > dtdc1.ad.dtntwk.work/A/IN': 2001:dc3::35#53
> >
> > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving '
> > dtdc1.ad.dtntwk.work/A/IN': 2001:500:12::d0d#53
> >
> > Sep 30 07:19:28 dtdc1 named[395]: resolver priming query complete
> >
> > (END
> >
>
> Anyones thoughts??
>
>
> On Wed, Sep 30, 2020 at 9:43 AM Robert Wooden <wdn2420systm at gmail.com>
> wrote:
>
> > Rowland,
> > To answer you first, my "example.com" registered host is a
> wildcat " *.
> > example.com". Everything example.com returns my external ip address.
> >
> > Both bind9 and samba are running.
> >
> > Might add your "options" but for now, solving my problem, first.
> >
> > Louis, your answer in a few minutes.
> >
> > On Wed, Sep 30, 2020 at 8:09 AM Rowland penny via samba <
> > samba at lists.samba.org> wrote:
> >
> >> On 30/09/2020 13:22, Robert Wooden via samba wrote:
> >> > Yesterday I had an issue with Samba v 4.13.0.
> >> >
> >> > I cannot figure out why bind9 will not "host -t SRV _ldap._
> >> > tcp.ad.dtntwk.work." or "host -t SRV
> _kerberos._udp.ad.dtntwk.work."
> >> >
> >> > root at dc1:~# host -t SRV _ldap._tcp.subdom.example.com.
> >> Hmm, is 'subdom.example.com' really 'ad.dtntwk.work' ?
> >> >> dc1.subdom.example.com has address 164.98.xxx.xxx
> >> >>
> >> > This ip address is my external ip provided from the ISP.
> It should be a
> >> > local ip (192.168.0.xx)
> >> How is your internal device getting an external IP ?
> >> >
> >> > root at dc1:~# cat /etc/bind/named.conf
> >>
> >> Your bind files are the same as mine, except I have these
> in 'options' :
> >>
> >> dnssec-enable no;
> >> dnssec-lookaside no;
> >> allow-transfer { none; };
> >>
> >> >> // rndc.key is installed by default on debian.
> Just a matter
> >> of
> >> >> enableing it.
> >> >> include "/etc/bind/rndc.key";
> >> >> controls {
> >> >> inet 127.0.0.1 allow { localhost; } keys
> { rndc-key; };
> >> >> // inet ::1 allow { ::1; } keys { rndc-key; };
> >> >> };
> >> I also do not have the rndc lines, they are not required.
> >>
> >> > And "dpkg-reconfigure krb5-user" will not reconfigure.
> >> Strange.
> >> >
> >> > root at dc1:~# kinit administrator
> >> >> kinit: Cannot find KDC for realm "SUBDOM.EXAMPLE.COM"
> while getting
> >> >> initial credentials
> >> Are Samba and Bind9 running ?
> >>
> >> Is 'subdom.example.com' a registered domain, or is
> 'example.com' the
> >> registered domain ?
> >>
> >> Rowland
> >>
> >>
> >>
> >>
> >> --
> >> To unsubscribe from this list go to the following URL and read the
> >> instructions: https://lists.samba.org/mailman/options/samba
> >>
> >
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list