[Samba] Strange Bind freezing

Nikita Druba admin at npo-lencor.ru
Thu Dec 2 05:32:11 UTC 2021 

Hi!

I wrote here 2 weeks ago with a problem with DCs SPN record for LDAP. We 
found strange value for userAccountControl for my DC. And this problem 
solved by migrating to new DC by adding new DC, moving fsmo roles and 
demoting old. Unfortunately online method not worked, I did it with 
stopped old DC.

After this actions some services working more fast and good. But I have 
one very strange problem. I will describe my configuration before the 
problem.

At all servers OS FreeBSD 12.2 and filesystem - zfs. Samba 4.13.14 runs 
in a jail with Bind 9.16.23 like backend. Also I have Bind 9.16.23 on 
another server, its working like secondary dns. Secondary Bind gets 
zones from DC by transferring with a tsig-key. Also, I have several 
subnetworks(loopback and 3 other), whom DC listen.

I have strange behaviour of Bind at new DC.

When I set in resolv.conf of new DC other dns server, for example - old 
DC or secondary Bind, all works fine. New DC successfully resolve any 
records by nslookup or host commands from himself or other host.

When I set in resolv.conf of new DC localhost or himself internal ip, 
Bind periodically freezing by the next regularity:

- Bind stops to reply for the requests for a ~5 minutes. After start 
working without service restart and freeze again.

- At the daytime(when employees in a office), in freezes after less 1 
minute work, at the night - after 10-15 minutes.

- If I change resolv.conf from secondary Bind to internal IP, then not 
need to restart Bind or Samba to start or stop periodically freezing. 
Just change nameserver record and wait. If it was freezed, when 
resolv.conf changing, then it will be in freeze state ~5 minutes after 
start freezing and after will work fine.

- If I change resolv.conf from secondary Bind to loopback, then NEED to 
restart Bind to start or stop freezing.

- When Bind freeze - it don't stopped service by a command and don't 
killed by default, only kill -9 work.

- Internal Samba DNS work fine and don't freeze, when resolv.conf look 
to localhost.

- Sometime Bind freeze not for all subnetworks. It can freeze for 
localhost and 2 subnetworks. In one last subnetwork DC Bind can 
successfully resolve any records from any subnetworks. But this 
situation I saw only one time and can't repeat it for now.

- No special Bind log records with "debug 50", in time or before of 
freezing. Its freezing after any messages. And all this messages I see 
in log, when Bind works without freezing.

- I tried to run bind with logging to terminal, but don't saw no 
additional information, when freeze. Terminal logs the same, like in log 
files.

- rndc freeze also.

More information about the samba mailing list