[Samba] Strange DNS issue...
Marco Gaiarin
gaio at sv.lnf.it
Wed Jun 9 14:18:50 UTC 2021
Samba 4.9.18+dfsg-0.1stretch1, Louis package, i know i need to upgrade.
A domain, 6 DC.
I've still a separate DNS/DHCP setup, so client get DHCP and DNS
addesses from another servers, in a different domain.
Clearly, they have also a (forward) domain DNS name.
Suddenly, by some days, i've some strange DNS issue. An example:
Machine 'wilkie' boot and get addresses from primary DNS/DHCP setup:
Jun 9 08:31:10 vdmsv1 dhcpd[23742]: DHCPOFFER on 10.5.2.220 to 34:64:a9:1c:1e:4a (WILKIE) via eth0
Jun 9 08:31:10 vdmsv1 named[10040]: client 127.0.0.1#31176/key sanvito: updating zone 'dyn.sv.lnf.it/IN': adding an RR at 'WILKIE.dyn.sv.lnf.it' A 10.5.2.220
Jun 9 08:31:10 vdmsv1 named[10040]: client 127.0.0.1#31176/key sanvito: updating zone 'dyn.sv.lnf.it/IN': adding an RR at 'WILKIE.dyn.sv.lnf.it' TXT "318a9edb2b4f1eac9e8b7e1d6e41f75b84"
Jun 9 08:31:10 vdmsv1 dhcpd[23742]: DHCPREQUEST for 10.5.2.220 (10.5.1.3) from 34:64:a9:1c:1e:4a (WILKIE) via eth0
Jun 9 08:31:10 vdmsv1 dhcpd[23742]: DHCPACK on 10.5.2.220 to 34:64:a9:1c:1e:4a (WILKIE) via eth0
Jun 9 08:31:10 vdmsv1 dhcpd[23742]: Added new forward map from WILKIE.dyn.sv.lnf.it to 10.5.2.220
Jun 9 08:31:10 vdmsv1 named[10040]: client 127.0.0.1#31176/key sanvito: updating zone '2.5.10.in-addr.arpa/IN': adding an RR at '220.2.5.10.in-addr.arpa' PTR WILKIE.dyn.sv.lnf.it.
Jun 9 08:31:11 vdmsv1 dhcpd[23742]: Added reverse map from 220.2.5.10.in-addr.arpa. to WILKIE.dyn.sv.lnf.it
Jun 9 08:36:11 vdmsv1 dhcpd[23742]: DHCPREQUEST for 10.5.2.220 from 34:64:a9:1c:1e:4a (WILKIE) via eth0
Jun 9 08:36:11 vdmsv1 dhcpd[23742]: DHCPACK on 10.5.2.220 to 34:64:a9:1c:1e:4a (WILKIE) via eth0
[...]
At the same time, client register itself in domain DNS, on site 'SV',
indeed with correct IP:
Jun 9 08:31:13 vdcsv1 named[664]: samba_dlz: allowing update of signer=WILKIE\$\@AD.FVG.LNF.IT name=WILKIE.ad.fvg.lnf.it tcpaddr= type=A key=1688-ms-7.1-4114.28c7707f-c8ec-11eb-64ab-3464a91c1e4a/160/0
Jun 9 08:31:13 vdcsv1 named[664]: client 10.5.2.220#52285/key WILKIE\$\@AD.FVG.LNF.IT: updating zone 'ad.fvg.lnf.it/NONE': deleting an RR at WILKIE.ad.fvg.lnf.it A
Jun 9 08:31:13 vdcsv1 named[664]: samba_dlz: subtracted rdataset WILKIE.ad.fvg.lnf.it 'WILKIE.ad.fvg.lnf.it.#0111200#011IN#011A#01110.5.2.103'
Jun 9 08:31:14 vdcsv1 named[664]: samba_dlz: allowing update of signer=WILKIE\$\@AD.FVG.LNF.IT name=WILKIE.ad.fvg.lnf.it tcpaddr= type=AAAA key=1688-ms-7.2-42f8.28c7707f-c8ec-11eb-64ab-3464a91c1e4a/160/0
Jun 9 08:31:14 vdcsv1 named[664]: samba_dlz: allowing update of signer=WILKIE\$\@AD.FVG.LNF.IT name=WILKIE.ad.fvg.lnf.it tcpaddr= type=A key=1688-ms-7.2-42f8.28c7707f-c8ec-11eb-64ab-3464a91c1e4a/160/0
Jun 9 08:31:14 vdcsv1 named[664]: samba_dlz: allowing update of signer=WILKIE\$\@AD.FVG.LNF.IT name=WILKIE.ad.fvg.lnf.it tcpaddr= type=A key=1688-ms-7.2-42f8.28c7707f-c8ec-11eb-64ab-3464a91c1e4a/160/0
Jun 9 08:31:14 vdcsv1 named[664]: client 10.5.2.220#50264/key WILKIE\$\@AD.FVG.LNF.IT: updating zone 'ad.fvg.lnf.it/NONE': deleting rrset at 'WILKIE.ad.fvg.lnf.it' AAAA
Jun 9 08:31:14 vdcsv1 named[664]: client 10.5.2.220#50264/key WILKIE\$\@AD.FVG.LNF.IT: updating zone 'ad.fvg.lnf.it/NONE': deleting rrset at 'WILKIE.ad.fvg.lnf.it' A
Jun 9 08:31:14 vdcsv1 named[664]: client 10.5.2.220#50264/key WILKIE\$\@AD.FVG.LNF.IT: updating zone 'ad.fvg.lnf.it/NONE': adding an RR at 'WILKIE.ad.fvg.lnf.it' A 10.5.2.220
Jun 9 08:31:14 vdcsv1 named[664]: samba_dlz: added rdataset WILKIE.ad.fvg.lnf.it 'WILKIE.ad.fvg.lnf.it.#0111200#011IN#011A#01110.5.2.220'
Jun 9 08:31:14 vdcsv1 named[664]: samba_dlz: allowing update of signer=WILKIE\$\@AD.FVG.LNF.IT name=WILKIE.ad.fvg.lnf.it tcpaddr= type=AAAA key=1688-ms-7.2-42f8.28c7707f-c8ec-11eb-64ab-3464a91c1e4a/160/0
Jun 9 08:31:14 vdcsv1 named[664]: samba_dlz: allowing update of signer=WILKIE\$\@AD.FVG.LNF.IT name=WILKIE.ad.fvg.lnf.it tcpaddr= type=A key=1688-ms-7.2-42f8.28c7707f-c8ec-11eb-64ab-3464a91c1e4a/160/0
Jun 9 08:31:14 vdcsv1 named[664]: samba_dlz: allowing update of signer=WILKIE\$\@AD.FVG.LNF.IT name=WILKIE.ad.fvg.lnf.it tcpaddr= type=A key=1688-ms-7.2-42f8.28c7707f-c8ec-11eb-64ab-3464a91c1e4a/160/0
Jun 9 08:31:14 vdcsv1 named[664]: client 10.5.2.220#53932/key WILKIE\$\@AD.FVG.LNF.IT: updating zone 'ad.fvg.lnf.it/NONE': deleting rrset at 'WILKIE.ad.fvg.lnf.it' AAAA
Jun 9 08:31:14 vdcsv1 named[664]: client 10.5.2.220#53932/key WILKIE\$\@AD.FVG.LNF.IT: updating zone 'ad.fvg.lnf.it/NONE': deleting rrset at 'WILKIE.ad.fvg.lnf.it' A
Jun 9 08:31:14 vdcsv1 named[664]: samba_dlz: subtracted rdataset WILKIE.ad.fvg.lnf.it 'WILKIE.ad.fvg.lnf.it.#0111200#011IN#011A#01110.5.2.220'
Jun 9 08:31:14 vdcsv1 named[664]: client 10.5.2.220#53932/key WILKIE\$\@AD.FVG.LNF.IT: updating zone 'ad.fvg.lnf.it/NONE': adding an RR at 'WILKIE.ad.fvg.lnf.it' A 10.5.2.220
Jun 9 08:31:14 vdcsv1 named[664]: samba_dlz: added rdataset WILKIE.ad.fvg.lnf.it 'WILKIE.ad.fvg.lnf.it.#0111200#011IN#011A#01110.5.2.220'
Jun 9 08:31:14 vdcsv1 named[664]: samba_dlz: allowing update of signer=WILKIE\$\@AD.FVG.LNF.IT name=WILKIE.ad.fvg.lnf.it tcpaddr= type=AAAA key=1688-ms-7.2-42f8.28c7707f-c8ec-11eb-64ab-3464a91c1e4a/160/0
Jun 9 08:31:14 vdcsv1 named[664]: samba_dlz: allowing update of signer=WILKIE\$\@AD.FVG.LNF.IT name=WILKIE.ad.fvg.lnf.it tcpaddr= type=A key=1688-ms-7.2-42f8.28c7707f-c8ec-11eb-64ab-3464a91c1e4a/160/0
Jun 9 08:31:14 vdcsv1 named[664]: samba_dlz: allowing update of signer=WILKIE\$\@AD.FVG.LNF.IT name=WILKIE.ad.fvg.lnf.it tcpaddr= type=A key=1688-ms-7.2-42f8.28c7707f-c8ec-11eb-64ab-3464a91c1e4a/160/0
Jun 9 08:31:14 vdcsv1 named[664]: client 10.5.2.220#63100/key WILKIE\$\@AD.FVG.LNF.IT: updating zone 'ad.fvg.lnf.it/NONE': deleting rrset at 'WILKIE.ad.fvg.lnf.it' AAAA
Jun 9 08:31:14 vdcsv1 named[664]: client 10.5.2.220#63100/key WILKIE\$\@AD.FVG.LNF.IT: updating zone 'ad.fvg.lnf.it/NONE': deleting rrset at 'WILKIE.ad.fvg.lnf.it' A
Jun 9 08:31:14 vdcsv1 named[664]: samba_dlz: subtracted rdataset WILKIE.ad.fvg.lnf.it 'WILKIE.ad.fvg.lnf.it.#0111200#011IN#011A#01110.5.2.220'
Jun 9 08:31:14 vdcsv1 named[664]: client 10.5.2.220#63100/key WILKIE\$\@AD.FVG.LNF.IT: updating zone 'ad.fvg.lnf.it/NONE': adding an RR at 'WILKIE.ad.fvg.lnf.it' A 10.5.2.220
Jun 9 08:31:14 vdcsv1 named[664]: samba_dlz: added rdataset WILKIE.ad.fvg.lnf.it 'WILKIE.ad.fvg.lnf.it.#0111200#011IN#011A#01110.5.2.220'
If now i query DNS in their site, i get correct result:
gaio at hermione:~$ dig a wilkie.ad.fvg.lnf.it @vdcsv1.ad.fvg.lnf.it | grep ^wilkie
wilkie.ad.fvg.lnf.it. 1200 IN A 10.5.2.220
gaio at hermione:~$ dig a wilkie.ad.fvg.lnf.it @vdcsv2.ad.fvg.lnf.it | grep ^wilkie
wilkie.ad.fvg.lnf.it. 1200 IN A 10.5.2.220
but if i query DNS for other site DCs, i get incorrect result:
gaio at hermione:~$ dig a wilkie.ad.fvg.lnf.it @vdcpp1.ad.fvg.lnf.it | grep ^wilkie
wilkie.ad.fvg.lnf.it. 1200 IN A 10.5.2.57
gaio at hermione:~$ dig a wilkie.ad.fvg.lnf.it @vdcpp2.ad.fvg.lnf.it | grep ^wilkie
wilkie.ad.fvg.lnf.it. 1200 IN A 10.5.2.171
gaio at hermione:~$ dig a wilkie.ad.fvg.lnf.it @vdc3t1.ad.fvg.lnf.it | grep ^wilkie
wilkie.ad.fvg.lnf.it. 1200 IN A 10.5.2.57
gaio at hermione:~$ dig a wilkie.ad.fvg.lnf.it @vdctms1.ad.fvg.lnf.it | grep ^wilkie
wilkie.ad.fvg.lnf.it. 1200 IN A 10.5.2.57
Note that basic things like 'samba-tool drs showrepl' and
'samba-tool ldapcmp ldap://vdcsv1 ldap://vdcpp2 -U Administrator' show
no replication differences or errors.
What happens?! Thanks.
--
dott. Marco Gaiarin GNUPG Key ID: 240A3D66
Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/
Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento (PN)
marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797
Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
More information about the samba
mailing list