[Samba] DNS Update Failing
Rowland Penny
rpenny at samba.org
Sun Oct 31 19:14:15 UTC 2021
On Sun, 2021-10-31 at 14:46 -0400, Rob Campbell via samba wrote:
> My domain members (DM01, DM02, FSDM01) can nslookup the DC (DC01) but
> the
> DC can't nslookup the members.
>
> https://wiki.samba.org/index.php/Troubleshooting_Samba_Domain_Members#DNS_Update_failed:_ERROR_DNS_UPDATE_FAILED
> Sends me to
> https://wiki.samba.org/index.php/Testing_Dynamic_DNS_Updates
> Which sends me to
> https://wiki.samba.org/index.php/Samba_Internal_DNS_Back_End#Troubleshooting
>
> netstat -tulpn | grep ":53"
> tcp 0 0
> 0.0.0.0:53 0.0.0.0:* LISTEN
> 14311/samba: task[d
> tcp6 0 0
> :::53 :::* LISTEN
> 14311/samba: task[d
> udp 0 0 0.0.0.0:53 0.0.0.0:*
> 14311/samba: task[d
> udp6 0 0 :::53 :::*
> 14311/samba: task[d
>
> [root at DC01/var/log/samba$] cat log.samba:
> [2021/10/31 14:11:04.615525, 0]
> ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
> /usr/sbin/samba_dnsupdate: Traceback (most recent call last):
> [2021/10/31 14:11:04.615757, 0]
> ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
> /usr/sbin/samba_dnsupdate: File "/usr/sbin/samba_dnsupdate", line
> 298,
> in check_dns_name
> [2021/10/31 14:11:04.615834, 0]
> ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
> /usr/sbin/samba_dnsupdate: ans =
> check_one_dns_name(normalised_name,
> d.type, d)
> [2021/10/31 14:11:04.615858, 0]
> ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
> /usr/sbin/samba_dnsupdate: File "/usr/sbin/samba_dnsupdate", line
> 275,
> in check_one_dns_name
> [2021/10/31 14:11:04.615895, 0]
> ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
> /usr/sbin/samba_dnsupdate: return resolver.resolve(name,
> name_type)
> [2021/10/31 14:11:04.615916, 0]
> ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
> /usr/sbin/samba_dnsupdate: File
> "/usr/lib/python3/dist-packages/dns/resolver.py", line 1040, in
> resolve
> [2021/10/31 14:11:04.616069, 0]
> ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
> /usr/sbin/samba_dnsupdate: (nameserver, port, tcp, backoff) =
> resolution.next_nameserver()
> [2021/10/31 14:11:04.616102, 0]
> ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
> /usr/sbin/samba_dnsupdate: File
> "/usr/lib/python3/dist-packages/dns/resolver.py", line 598, in
> next_nameserver
> [2021/10/31 14:11:04.616249, 0]
> ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
> /usr/sbin/samba_dnsupdate: raise
> NoNameservers(request=self.request,
> errors=self.errors)
> [2021/10/31 14:11:04.616326, 0]
> ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
> /usr/sbin/samba_dnsupdate: dns.resolver.NoNameservers: All
> nameservers
> failed to answer the query DC01.home.test-server.lan. IN A: Server
> 10.0.0.1
> UDP port 53 answered SERVFAIL
> [2021/10/31 14:11:04.616406, 0]
> ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
> /usr/sbin/samba_dnsupdate:
> [2021/10/31 14:11:04.616503, 0]
> ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
> /usr/sbin/samba_dnsupdate: During handling of the above exception,
> another exception occurred:
> [2021/10/31 14:11:04.616526, 0]
> ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
> /usr/sbin/samba_dnsupdate:
> [2021/10/31 14:11:04.616561, 0]
> ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
> /usr/sbin/samba_dnsupdate: Traceback (most recent call last):
> [2021/10/31 14:11:04.616603, 0]
> ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
> /usr/sbin/samba_dnsupdate: File "/usr/sbin/samba_dnsupdate", line
> 848,
> in <module>
> [2021/10/31 14:11:04.616680, 0]
> ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
> /usr/sbin/samba_dnsupdate: elif not check_dns_name(d):
> [2021/10/31 14:11:04.616726, 0]
> ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
> /usr/sbin/samba_dnsupdate: File "/usr/sbin/samba_dnsupdate", line
> 302,
> in check_dns_name
> [2021/10/31 14:11:04.616771, 0]
> ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
> /usr/sbin/samba_dnsupdate: raise Exception("Unable to contact a
> working DNS server while looking for %s as %s" % (d,
> normalised_name))
> [2021/10/31 14:11:04.616832, 0]
> ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
> /usr/sbin/samba_dnsupdate: Exception: Unable to contact a working
> DNS
> server while looking for A DC01.home.test-server.lan 10.0.0.19 as
> DC01.home.test-server.lan.
> [2021/10/31 14:11:04.656491, 0]
> ../../source4/dsdb/dns/dns_update.c:85(dnsupdate_nameupdate_done)
> dnsupdate_nameupdate_done: Failed DNS update with exit code 1
>
> [root at DC01/var/log/samba$] samba_dnsupdate --verbose --all-names
> IPs: ['10.0.0.19']
> force update: A DC01.home.test-server.lan 10.0.0.19
> force update: CNAME
> f79b5e15-ea2b-4afd-a8ca-bb16e2531521._msdcs.home.test-server.lan
> DC01.home.test-server.lan
> force update: NS home.test-server.lan DC01.home.test-server.lan
> force update: NS _msdcs.home.test-server.lan DC01.home.test-
> server.lan
> force update: A home.test-server.lan 10.0.0.19
> force update: SRV _ldap._tcp.home.test-server.lan DC01.home.test-
> server.lan
> 389
> force update: SRV _ldap._tcp.dc._msdcs.home.test-server.lan
> DC01.home.test-server.lan 389
> force update: SRV
> _ldap._tcp.3cc42946-b7ec-46c9-9760-
> 1d885e427ca9.domains._msdcs.home.test-server.lan
> DC01.home.test-server.lan 389
> force update: SRV _kerberos._tcp.home.test-server.lan
> DC01.home.test-server.lan 88
> force update: SRV _kerberos._udp.home.test-server.lan
> DC01.home.test-server.lan 88
> force update: SRV _kerberos._tcp.dc._msdcs.home.test-server.lan
> DC01.home.test-server.lan 88
> force update: SRV _kpasswd._tcp.home.test-server.lan
> DC01.home.test-server.lan 464
> force update: SRV _kpasswd._udp.home.test-server.lan
> DC01.home.test-server.lan 464
> force update: SRV
> _ldap._tcp.Default-First-Site-Name._sites.home.test-server.lan
> DC01.home.test-server.lan 389
> force update: SRV
> _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.home.test-
> server.lan
> DC01.home.test-server.lan 389
> force update: SRV
> _kerberos._tcp.Default-First-Site-Name._sites.home.test-server.lan
> DC01.home.test-server.lan 88
> force update: SRV
> _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.home.test-
> server.lan
> DC01.home.test-server.lan 88
> force update: SRV _ldap._tcp.pdc._msdcs.home.test-server.lan
> DC01.home.test-server.lan 389
> force update: A gc._msdcs.home.test-server.lan 10.0.0.19
> force update: SRV _gc._tcp.home.test-server.lan DC01.home.test-
> server.lan
> 3268
> force update: SRV _ldap._tcp.gc._msdcs.home.test-server.lan
> DC01.home.test-server.lan 3268
> force update: SRV
> _gc._tcp.Default-First-Site-Name._sites.home.test-server.lan
> DC01.home.test-server.lan 3268
> force update: SRV
> _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.home.test-
> server.lan
> DC01.home.test-server.lan 3268
> force update: A DomainDnsZones.home.test-server.lan 10.0.0.19
> force update: SRV _ldap._tcp.DomainDnsZones.home.test-server.lan
> DC01.home.test-server.lan 389
> force update: SRV
> _ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.home.test-
> server.lan
> DC01.home.test-server.lan 389
> force update: A ForestDnsZones.home.test-server.lan 10.0.0.19
> force update: SRV _ldap._tcp.ForestDnsZones.home.test-server.lan
> DC01.home.test-server.lan 389
> force update: SRV
> _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.home.test-
> server.lan
> DC01.home.test-server.lan 389
> 29 DNS updates and 0 DNS deletes needed
> Failed to get Kerberos credentials, falling back to samba-tool: kinit
> for
> DC01$@HOME.TEST-SERVER.LAN failed (Cannot contact any KDC for
> requested
> realm)
>
> [root at DC01/var/log/samba$] klist -e -t -k
> Keytab name: FILE:/etc/krb5.keytab
> klist: Key table file '/etc/krb5.keytab' not found while starting
> keytab
> scan
>
> [root at DC01/var/log/samba$] klist -t -k
> /var/lib/samba/private/secrets.keytab
> Keytab name: FILE:/var/lib/samba/private/secrets.keytab
> KVNO Timestamp Principal
> ---- -------------------
> ------------------------------------------------------
> 1 10/27/2021 14:17:28 HOST/dc01 at HOME.TEST-SERVER.LAN
> 1 10/27/2021 14:17:28
> HOST/dc01.home.test-server.lan at HOME.TEST-SERVER.LAN
> 1 10/27/2021 14:17:28 DC01$@HOME.TEST-SERVER.LAN
> 1 10/27/2021 14:17:28 HOST/dc01 at HOME.TEST-SERVER.LAN
> 1 10/27/2021 14:17:28
> HOST/dc01.home.test-server.lan at HOME.TEST-SERVER.LAN
> 1 10/27/2021 14:17:28 DC01$@HOME.TEST-SERVER.LAN
> 1 10/27/2021 14:17:28 HOST/dc01 at HOME.TEST-SERVER.LAN
> 1 10/27/2021 14:17:28
> HOST/dc01.home.test-server.lan at HOME.TEST-SERVER.LAN
> 1 10/27/2021 14:17:28 DC01$@HOME.TEST-SERVER.LAN
>
> Copied file
> [root at DC01/var/log/samba$] cp /var/lib/samba/private/secrets.keytab
> /etc/krb5.keytab
>
> [root at DC01/var/log/samba$] klist -e -t -k
> Keytab name: FILE:/etc/krb5.keytab
> KVNO Timestamp Principal
> ---- -------------------
> ------------------------------------------------------
> 1 10/27/2021 14:17:28 HOST/dc01 at HOME.TEST-SERVER.LAN
> (aes256-cts-hmac-sha1-96)
> 1 10/27/2021 14:17:28
> HOST/dc01.home.test-server.lan at HOME.TEST-SERVER.LAN
> (aes256-cts-hmac-sha1-96)
> 1 10/27/2021 14:17:28 DC01$@HOME.TEST-SERVER.LAN
> (aes256-cts-hmac-sha1-96)
> 1 10/27/2021 14:17:28 HOST/dc01 at HOME.TEST-SERVER.LAN
> (aes128-cts-hmac-sha1-96)
> 1 10/27/2021 14:17:28
> HOST/dc01.home.test-server.lan at HOME.TEST-SERVER.LAN
> (aes128-cts-hmac-sha1-96)
> 1 10/27/2021 14:17:28 DC01$@HOME.TEST-SERVER.LAN
> (aes128-cts-hmac-sha1-96)
> 1 10/27/2021 14:17:28 HOST/dc01 at HOME.TEST-SERVER.LAN
> (DEPRECATED:arcfour-hmac)
> 1 10/27/2021 14:17:28
> HOST/dc01.home.test-server.lan at HOME.TEST-SERVER.LAN
> (DEPRECATED:arcfour-hmac)
> 1 10/27/2021 14:17:28 DC01$@HOME.TEST-SERVER.LAN
> (DEPRECATED:arcfour-hmac)
>
> That didn't really help anything. At least it didn't help these
> issues
It looks like your DC cannot find itself :-O
Can you post the contents of the following files from the DC:
/etc/hostname
/etc/hosts
/etc/resolv.conf
/etc/krb5.conf
/etc/samba/smb.conf
/etc/nsswitch.conf
Rowland
More information about the samba
mailing list