[Samba] Strange Bind freezing

Daniel O'Connor darius at dons.net.au
Thu Dec 2 06:50:49 UTC 2021



> On 2 Dec 2021, at 16:16, Nikita Druba via samba <samba at lists.samba.org> wrote:
> 
> I  forgot to add, that config of new DC jail, zfs, named and samba fully the same as old DC and very similar for several other my samba DCs. I tried to switch on Internal DNS and back. I also tried to disable all Bind options, that no refers in samba wiki. I do not understand, where else I can found some information, what here is wrong.

I would try ktrace'ing the bind process, eg...
sudo -u bind ktrace -f /tmp/named.ktr named -g <rest of options>

Then reproduce and sift through the trace looking for bad things..
sudo kdump -f /tmp/named.ktr

Unfortunately ktrace is pretty low level (since it traces syscalls) but you might get a hint.

> 
> 02.12.2021 6:32, Nikita Druba via samba пишет:
>> Hi!
>> 
>> I wrote here 2 weeks ago with a problem with DCs SPN record for LDAP. We found strange value for userAccountControl for my DC. And this problem solved by migrating to new DC by adding new DC, moving fsmo roles and demoting old. Unfortunately online method not worked, I did it with stopped old DC.
>> 
>> After this actions some services working more fast and good. But I have one very strange problem. I will describe my configuration before the problem.
>> 
>> At all servers OS FreeBSD 12.2 and filesystem - zfs. Samba 4.13.14 runs in a jail with Bind 9.16.23 like backend. Also I have Bind 9.16.23 on another server, its working like secondary dns. Secondary Bind gets zones from DC by transferring with a tsig-key. Also, I have several subnetworks(loopback and 3 other), whom DC listen.
>> 
>> I have strange behaviour of Bind at new DC.
>> 
>> When I set in resolv.conf of new DC other dns server, for example - old DC or secondary Bind, all works fine. New DC successfully resolve any records by nslookup or host commands from himself or other host.
>> 
>> When I set in resolv.conf of new DC localhost or himself internal ip, Bind periodically freezing by the next regularity:
>> 
>> - Bind stops to reply for the requests for a ~5 minutes. After start working without service restart and freeze again.
>> 
>> - At the daytime(when employees in a office), in freezes after less 1 minute work, at the night - after 10-15 minutes.
>> 
>> - If I change resolv.conf from secondary Bind to internal IP, then not need to restart Bind or Samba to start or stop periodically freezing. Just change nameserver record and wait. If it was freezed, when resolv.conf changing, then it will be in freeze state ~5 minutes after start freezing and after will work fine.
>> 
>> - If I change resolv.conf from secondary Bind to loopback, then NEED to restart Bind to start or stop freezing.
>> 
>> - When Bind freeze - it don't stopped service by a command and don't killed by default, only kill -9 work.
>> 
>> - Internal Samba DNS work fine and don't freeze, when resolv.conf look to localhost.
>> 
>> - Sometime Bind freeze not for all subnetworks. It can freeze for localhost and 2 subnetworks. In one last subnetwork DC Bind can successfully resolve any records from any subnetworks. But this situation I saw only one time and can't repeat it for now.
>> 
>> - No special Bind log records with "debug 50", in time or before of freezing. Its freezing after any messages. And all this messages I see in log, when Bind works without freezing.
>> 
>> - I tried to run bind with logging to terminal, but don't saw no additional information, when freeze. Terminal logs the same, like in log files.
>> 
>> - rndc freeze also.
>> 
>> 
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

--
Daniel O'Connor
"The nice thing about standards is that there
are so many of them to choose from."
 -- Andrew Tanenbaum




More information about the samba mailing list