[Samba] DNS Update Failing
Rob Campbell
robcampbell08105 at gmail.com
Sun Oct 31 18:46:32 UTC 2021
My domain members (DM01, DM02, FSDM01) can nslookup the DC (DC01) but the
DC can't nslookup the members.
https://wiki.samba.org/index.php/Troubleshooting_Samba_Domain_Members#DNS_Update_failed:_ERROR_DNS_UPDATE_FAILED
Sends me to
https://wiki.samba.org/index.php/Testing_Dynamic_DNS_Updates
Which sends me to
https://wiki.samba.org/index.php/Samba_Internal_DNS_Back_End#Troubleshooting
netstat -tulpn | grep ":53"
tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN
14311/samba: task[d
tcp6 0 0 :::53 :::* LISTEN
14311/samba: task[d
udp 0 0 0.0.0.0:53 0.0.0.0:*
14311/samba: task[d
udp6 0 0 :::53 :::*
14311/samba: task[d
[root at DC01/var/log/samba$] cat log.samba:
[2021/10/31 14:11:04.615525, 0]
../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
/usr/sbin/samba_dnsupdate: Traceback (most recent call last):
[2021/10/31 14:11:04.615757, 0]
../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
/usr/sbin/samba_dnsupdate: File "/usr/sbin/samba_dnsupdate", line 298,
in check_dns_name
[2021/10/31 14:11:04.615834, 0]
../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
/usr/sbin/samba_dnsupdate: ans = check_one_dns_name(normalised_name,
d.type, d)
[2021/10/31 14:11:04.615858, 0]
../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
/usr/sbin/samba_dnsupdate: File "/usr/sbin/samba_dnsupdate", line 275,
in check_one_dns_name
[2021/10/31 14:11:04.615895, 0]
../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
/usr/sbin/samba_dnsupdate: return resolver.resolve(name, name_type)
[2021/10/31 14:11:04.615916, 0]
../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
/usr/sbin/samba_dnsupdate: File
"/usr/lib/python3/dist-packages/dns/resolver.py", line 1040, in resolve
[2021/10/31 14:11:04.616069, 0]
../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
/usr/sbin/samba_dnsupdate: (nameserver, port, tcp, backoff) =
resolution.next_nameserver()
[2021/10/31 14:11:04.616102, 0]
../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
/usr/sbin/samba_dnsupdate: File
"/usr/lib/python3/dist-packages/dns/resolver.py", line 598, in
next_nameserver
[2021/10/31 14:11:04.616249, 0]
../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
/usr/sbin/samba_dnsupdate: raise NoNameservers(request=self.request,
errors=self.errors)
[2021/10/31 14:11:04.616326, 0]
../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
/usr/sbin/samba_dnsupdate: dns.resolver.NoNameservers: All nameservers
failed to answer the query DC01.home.test-server.lan. IN A: Server 10.0.0.1
UDP port 53 answered SERVFAIL
[2021/10/31 14:11:04.616406, 0]
../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
/usr/sbin/samba_dnsupdate:
[2021/10/31 14:11:04.616503, 0]
../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
/usr/sbin/samba_dnsupdate: During handling of the above exception,
another exception occurred:
[2021/10/31 14:11:04.616526, 0]
../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
/usr/sbin/samba_dnsupdate:
[2021/10/31 14:11:04.616561, 0]
../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
/usr/sbin/samba_dnsupdate: Traceback (most recent call last):
[2021/10/31 14:11:04.616603, 0]
../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
/usr/sbin/samba_dnsupdate: File "/usr/sbin/samba_dnsupdate", line 848,
in <module>
[2021/10/31 14:11:04.616680, 0]
../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
/usr/sbin/samba_dnsupdate: elif not check_dns_name(d):
[2021/10/31 14:11:04.616726, 0]
../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
/usr/sbin/samba_dnsupdate: File "/usr/sbin/samba_dnsupdate", line 302,
in check_dns_name
[2021/10/31 14:11:04.616771, 0]
../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
/usr/sbin/samba_dnsupdate: raise Exception("Unable to contact a
working DNS server while looking for %s as %s" % (d, normalised_name))
[2021/10/31 14:11:04.616832, 0]
../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
/usr/sbin/samba_dnsupdate: Exception: Unable to contact a working DNS
server while looking for A DC01.home.test-server.lan 10.0.0.19 as
DC01.home.test-server.lan.
[2021/10/31 14:11:04.656491, 0]
../../source4/dsdb/dns/dns_update.c:85(dnsupdate_nameupdate_done)
dnsupdate_nameupdate_done: Failed DNS update with exit code 1
[root at DC01/var/log/samba$] samba_dnsupdate --verbose --all-names
IPs: ['10.0.0.19']
force update: A DC01.home.test-server.lan 10.0.0.19
force update: CNAME
f79b5e15-ea2b-4afd-a8ca-bb16e2531521._msdcs.home.test-server.lan
DC01.home.test-server.lan
force update: NS home.test-server.lan DC01.home.test-server.lan
force update: NS _msdcs.home.test-server.lan DC01.home.test-server.lan
force update: A home.test-server.lan 10.0.0.19
force update: SRV _ldap._tcp.home.test-server.lan DC01.home.test-server.lan
389
force update: SRV _ldap._tcp.dc._msdcs.home.test-server.lan
DC01.home.test-server.lan 389
force update: SRV
_ldap._tcp.3cc42946-b7ec-46c9-9760-1d885e427ca9.domains._msdcs.home.test-server.lan
DC01.home.test-server.lan 389
force update: SRV _kerberos._tcp.home.test-server.lan
DC01.home.test-server.lan 88
force update: SRV _kerberos._udp.home.test-server.lan
DC01.home.test-server.lan 88
force update: SRV _kerberos._tcp.dc._msdcs.home.test-server.lan
DC01.home.test-server.lan 88
force update: SRV _kpasswd._tcp.home.test-server.lan
DC01.home.test-server.lan 464
force update: SRV _kpasswd._udp.home.test-server.lan
DC01.home.test-server.lan 464
force update: SRV
_ldap._tcp.Default-First-Site-Name._sites.home.test-server.lan
DC01.home.test-server.lan 389
force update: SRV
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.home.test-server.lan
DC01.home.test-server.lan 389
force update: SRV
_kerberos._tcp.Default-First-Site-Name._sites.home.test-server.lan
DC01.home.test-server.lan 88
force update: SRV
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.home.test-server.lan
DC01.home.test-server.lan 88
force update: SRV _ldap._tcp.pdc._msdcs.home.test-server.lan
DC01.home.test-server.lan 389
force update: A gc._msdcs.home.test-server.lan 10.0.0.19
force update: SRV _gc._tcp.home.test-server.lan DC01.home.test-server.lan
3268
force update: SRV _ldap._tcp.gc._msdcs.home.test-server.lan
DC01.home.test-server.lan 3268
force update: SRV
_gc._tcp.Default-First-Site-Name._sites.home.test-server.lan
DC01.home.test-server.lan 3268
force update: SRV
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.home.test-server.lan
DC01.home.test-server.lan 3268
force update: A DomainDnsZones.home.test-server.lan 10.0.0.19
force update: SRV _ldap._tcp.DomainDnsZones.home.test-server.lan
DC01.home.test-server.lan 389
force update: SRV
_ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.home.test-server.lan
DC01.home.test-server.lan 389
force update: A ForestDnsZones.home.test-server.lan 10.0.0.19
force update: SRV _ldap._tcp.ForestDnsZones.home.test-server.lan
DC01.home.test-server.lan 389
force update: SRV
_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.home.test-server.lan
DC01.home.test-server.lan 389
29 DNS updates and 0 DNS deletes needed
Failed to get Kerberos credentials, falling back to samba-tool: kinit for
DC01$@HOME.TEST-SERVER.LAN failed (Cannot contact any KDC for requested
realm)
[root at DC01/var/log/samba$] klist -e -t -k
Keytab name: FILE:/etc/krb5.keytab
klist: Key table file '/etc/krb5.keytab' not found while starting keytab
scan
[root at DC01/var/log/samba$] klist -t -k /var/lib/samba/private/secrets.keytab
Keytab name: FILE:/var/lib/samba/private/secrets.keytab
KVNO Timestamp Principal
---- -------------------
------------------------------------------------------
1 10/27/2021 14:17:28 HOST/dc01 at HOME.TEST-SERVER.LAN
1 10/27/2021 14:17:28 HOST/dc01.home.test-server.lan at HOME.TEST-SERVER.LAN
1 10/27/2021 14:17:28 DC01$@HOME.TEST-SERVER.LAN
1 10/27/2021 14:17:28 HOST/dc01 at HOME.TEST-SERVER.LAN
1 10/27/2021 14:17:28 HOST/dc01.home.test-server.lan at HOME.TEST-SERVER.LAN
1 10/27/2021 14:17:28 DC01$@HOME.TEST-SERVER.LAN
1 10/27/2021 14:17:28 HOST/dc01 at HOME.TEST-SERVER.LAN
1 10/27/2021 14:17:28 HOST/dc01.home.test-server.lan at HOME.TEST-SERVER.LAN
1 10/27/2021 14:17:28 DC01$@HOME.TEST-SERVER.LAN
Copied file
[root at DC01/var/log/samba$] cp /var/lib/samba/private/secrets.keytab
/etc/krb5.keytab
[root at DC01/var/log/samba$] klist -e -t -k
Keytab name: FILE:/etc/krb5.keytab
KVNO Timestamp Principal
---- -------------------
------------------------------------------------------
1 10/27/2021 14:17:28 HOST/dc01 at HOME.TEST-SERVER.LAN
(aes256-cts-hmac-sha1-96)
1 10/27/2021 14:17:28 HOST/dc01.home.test-server.lan at HOME.TEST-SERVER.LAN
(aes256-cts-hmac-sha1-96)
1 10/27/2021 14:17:28 DC01$@HOME.TEST-SERVER.LAN
(aes256-cts-hmac-sha1-96)
1 10/27/2021 14:17:28 HOST/dc01 at HOME.TEST-SERVER.LAN
(aes128-cts-hmac-sha1-96)
1 10/27/2021 14:17:28 HOST/dc01.home.test-server.lan at HOME.TEST-SERVER.LAN
(aes128-cts-hmac-sha1-96)
1 10/27/2021 14:17:28 DC01$@HOME.TEST-SERVER.LAN
(aes128-cts-hmac-sha1-96)
1 10/27/2021 14:17:28 HOST/dc01 at HOME.TEST-SERVER.LAN
(DEPRECATED:arcfour-hmac)
1 10/27/2021 14:17:28 HOST/dc01.home.test-server.lan at HOME.TEST-SERVER.LAN
(DEPRECATED:arcfour-hmac)
1 10/27/2021 14:17:28 DC01$@HOME.TEST-SERVER.LAN
(DEPRECATED:arcfour-hmac)
That didn't really help anything. At least it didn't help these issues
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In all things, Be Intentional.
More information about the samba
mailing list