[Samba] DNS Update Failing

Rob Campbell robcampbell08105 at gmail.com
Tue Nov 2 14:24:15 UTC 2021


It is not a link and it has not been changed since the last time I
commented on it but still DNS Update has 29 failures.

[root at DC01/var/log/samba$] dig -x 10.0.0.19

; <<>> DiG 9.16.15-Debian <<>> -x 10.0.0.19
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21450
;; flags: qr aa rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;19.0.0.10.in-addr.arpa. IN PTR

;; ANSWER SECTION:
19.0.0.10.in-addr.arpa. 900 IN PTR home.test-server.lan.
19.0.0.10.in-addr.arpa. 900 IN PTR dc01.home.test-server.lan.

;; AUTHORITY SECTION:
0.0.10.in-addr.arpa. 3600 IN SOA DC01.home.test-server.lan.
hostmaster.home.test-server.lan. 4 900 600 86400 3600

;; Query time: 3 msec
;; SERVER: 10.0.0.19#53(10.0.0.19)
;; WHEN: Sun Oct 31 22:03:49 EDT 2021
;; MSG SIZE  rcvd: 145

[root at DC01/var/log/samba$] dig home.test-server.lan ANY +noall +answer
home.test-server.lan. 3600 IN SOA DC01.home.test-server.lan.
hostmaster.home.test-server.lan. 179 900 600 86400 3600
home.test-server.lan. 900 IN NS dc01.home.test-server.lan.
home.test-server.lan. 900 IN A 10.0.0.19

[root at DC01/var/log/samba$] dig dc01.home.test-server.lan ANY +noall +answer
dc01.home.test-server.lan. 900 IN A 10.0.0.19

[root at DC01/var/log/samba$] dig fsdm01.home.test-server.lan ANY +noall
+answer

[root at DC01/var/log/samba$] dig dm01.home.test-server.lan ANY +noall +answer
dm01.home.test-server.lan. 3600 IN A 10.0.0.14

[root at DC01/var/log/samba$] samba_dnsupdate --verbose --all-names
IPs: ['10.0.0.19']
force update: A DC01.home.test-server.lan 10.0.0.19
force update: CNAME
f79b5e15-ea2b-4afd-a8ca-bb16e2531521._msdcs.home.test-server.lan
DC01.home.test-server.lan
force update: NS home.test-server.lan DC01.home.test-server.lan
force update: NS _msdcs.home.test-server.lan DC01.home.test-server.lan
force update: A home.test-server.lan 10.0.0.19
force update: SRV _ldap._tcp.home.test-server.lan DC01.home.test-server.lan
389
force update: SRV _ldap._tcp.dc._msdcs.home.test-server.lan
DC01.home.test-server.lan 389
force update: SRV
_ldap._tcp.3cc42946-b7ec-46c9-9760-1d885e427ca9.domains._msdcs.home.test-server.lan
DC01.home.test-server.lan 389
force update: SRV _kerberos._tcp.home.test-server.lan
DC01.home.test-server.lan 88
force update: SRV _kerberos._udp.home.test-server.lan
DC01.home.test-server.lan 88
force update: SRV _kerberos._tcp.dc._msdcs.home.test-server.lan
DC01.home.test-server.lan 88
force update: SRV _kpasswd._tcp.home.test-server.lan
DC01.home.test-server.lan 464
force update: SRV _kpasswd._udp.home.test-server.lan
DC01.home.test-server.lan 464
force update: SRV
_ldap._tcp.Default-First-Site-Name._sites.home.test-server.lan
DC01.home.test-server.lan 389
force update: SRV
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.home.test-server.lan
DC01.home.test-server.lan 389
force update: SRV
_kerberos._tcp.Default-First-Site-Name._sites.home.test-server.lan
DC01.home.test-server.lan 88
force update: SRV
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.home.test-server.lan
DC01.home.test-server.lan 88
force update: SRV _ldap._tcp.pdc._msdcs.home.test-server.lan
DC01.home.test-server.lan 389
force update: A gc._msdcs.home.test-server.lan 10.0.0.19
force update: SRV _gc._tcp.home.test-server.lan DC01.home.test-server.lan
3268
force update: SRV _ldap._tcp.gc._msdcs.home.test-server.lan
DC01.home.test-server.lan 3268
force update: SRV
_gc._tcp.Default-First-Site-Name._sites.home.test-server.lan
DC01.home.test-server.lan 3268
force update: SRV
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.home.test-server.lan
DC01.home.test-server.lan 3268
force update: A DomainDnsZones.home.test-server.lan 10.0.0.19
force update: SRV _ldap._tcp.DomainDnsZones.home.test-server.lan
DC01.home.test-server.lan 389
force update: SRV
_ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.home.test-server.lan
DC01.home.test-server.lan 389
force update: A ForestDnsZones.home.test-server.lan 10.0.0.19
force update: SRV _ldap._tcp.ForestDnsZones.home.test-server.lan
DC01.home.test-server.lan 389
force update: SRV
_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.home.test-server.lan
DC01.home.test-server.lan 389
29 DNS updates and 0 DNS deletes needed
Successfully obtained Kerberos ticket to DNS/DC01.home.test-server.lan as
DC01$
update(nsupdate): A DC01.home.test-server.lan 10.0.0.19
Calling nsupdate for A DC01.home.test-server.lan 10.0.0.19 (add)
Successfully obtained Kerberos ticket to DNS/DC01.home.test-server.lan as
DC01$
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
DC01.home.test-server.lan. 900 IN A 10.0.0.19

; TSIG error with server: tsig indicates error
update failed: NOTAUTH(BADSIG)
Failed nsupdate: 2
update(nsupdate): CNAME
f79b5e15-ea2b-4afd-a8ca-bb16e2531521._msdcs.home.test-server.lan
DC01.home.test-server.lan
Calling nsupdate for CNAME
f79b5e15-ea2b-4afd-a8ca-bb16e2531521._msdcs.home.test-server.lan
DC01.home.test-server.lan (add)
Successfully obtained Kerberos ticket to DNS/DC01.home.test-server.lan as
DC01$
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
f79b5e15-ea2b-4afd-a8ca-bb16e2531521._msdcs.home.test-server.lan. 900 IN
CNAME DC01.home.test-server.lan.

...

; TSIG error with server: tsig indicates error
update failed: NOTAUTH(BADSIG)
Failed nsupdate: 2
Failed update of 29 entries


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In all things, Be Intentional.


On Tue, Nov 2, 2021 at 4:37 AM Patrick Goetz via samba <
samba at lists.samba.org> wrote:

> Finally, make sure /etc/resolv.conf isn't a link to a stub location (as
> configured by systemd-resolved). If it is a link, delete the link and
> create the file by hand. Primitive, but effective. <:)
>
> On 11/1/21 05:39, L.P.H. van Belle via samba wrote:
> > Can also be the "resolvconf" package..
> > If that's installed, or configure it properly or remove it.
> >
> >
> > That should fix it.
> >
> > Greetz,
> >
> > Louis
> >
> >
> >> -----Oorspronkelijk bericht-----
> >> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> >> Rowland Penny via samba
> >> Verzonden: zondag 31 oktober 2021 20:22
> >> Aan: samba at lists.samba.org
> >> Onderwerp: Re: [Samba] DNS Update Failing
> >>
> >> On Sun, 2021-10-31 at 15:13 -0400, Rob Campbell via samba wrote:
> >>> My /etc/resolv.conf was overwritten.  What service does this on
> >>> Debian?
> >>
> >> Usually resolvconf or networkmanger, but it usually says at the top of
> >> /etc/resolv.conf
> >>
> >>> I've disabled systemd-resolved already.
> >>>
> >>> Getting a different error now.
> >>> samba_dnsupdate --verbose --all-names
> >>> *29 DNS updates* and 0 DNS deletes needed
> >>> Successfully obtained Kerberos ticket to DNS/DC01.home.test-
> >>> server.lan as
> >>> DC01$
> >>> update(nsupdate): A DC01.home.test-server.lan 10.0.0.19
> >>> Calling nsupdate for A DC01.home.test-server.lan 10.0.0.19 (add)
> >>> Successfully obtained Kerberos ticket to DNS/DC01.home.test-
> >>> server.lan as
> >>> DC01$
> >>> Outgoing update query:
> >>> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
> >>> ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
> >>> ;; UPDATE SECTION:
> >>> DC01.home.test-server.lan. 900 IN A 10.0.0.19
> >>>
> >>> ; TSIG error with server: tsig indicates error
> >>> update failed: NOTAUTH(BADSIG)
> >>> Failed nsupdate: 2
> >>> update(nsupdate): CNAME
> >>> f79b5e15-ea2b-4afd-a8ca-bb16e2531521._msdcs.home.test-server.lan
> >>> DC01.home.test-server.lan
> >>> ...
> >>>
> >>
> >> Try adding this line to your smb.conf:
> >>
> >> dns update command = /usr/sbin/samba_dnsupdate --use-samba-tool
> >>
> >> Restart Samba, it usually works
> >>
> >> Rowland
> >>
> >>
> >>
> >> --
> >> To unsubscribe from this list go to the following URL and read the
> >> instructions:  https://lists.samba.org/mailman/options/samba
> >>
> >>
> >
> >
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


More information about the samba mailing list