[Samba] cant start bind9 after dc upgrade 4.17 > 4.18

Fri Jul 21 23:34:17 UTC 2023

Hi,

I spent hours on that same problem some time ago...

The reason is

zone 1.168.192.in-addr.arpa/NONE: has no NS records

You need to add at least one NS record for that zone with something like
samba-tool dns add dc-cloud 1.168.192.in-addr.arpa @ NS dc-cloud.wdc.[domain].it
and even better add one record for each of your DNS servers that is able to reverse-resolve 192.186.1.something .

regards,
Norbert

On 22.07.2023 00:24, Fabrizio Rompani via samba wrote:
> hi all
> I have 2 DC joined to the same domain .
> both with ubuntu 20 and samba 4.17 ( MichaelTokarev repos) with Bind9 as dns.
> After Upgraded the first dc to ubuntu 22 and 4.18 I' m not able to start bind9 .
> Also the second DC has been broken DNS , and after a BIND9 restart It wont start anymore.
>
> any help?
> thanks
> rf
>
> here my syslog :
>
> Jul 21 23:49:14 dc-cloud named[637]: starting BIND 9.18.12-0ubuntu0.22.04.2-Ubuntu (Extended Support Version) <id:>
> Jul 21 23:49:14 dc-cloud named[637]: running on Linux x86_64 5.15.0-76-generic #83-Ubuntu SMP Thu Jun 15 19:16:32 UTC 2023
> Jul 21 23:49:14 dc-cloud named[637]: built with '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=${prefix}/include' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info'
> '--sysconfdir=/etc' '--localstatedir=/var' '--disable-option-checking' '--disable-silent-rules' '--libdir=${prefix}/lib/x86_64-linux-gnu' '--runstatedir=/run' '--disable-maintainer-mode' '-
> -disable-dependency-tracking' '--libdir=/usr/lib/x86_64-linux-gnu' '--sysconfdir=/etc/bind' '--with-python=python3' '--localstatedir=/' '--enable-threads' '--enable-largefile' '--with-libto
> ol' '--enable-shared' '--disable-static' '--with-gost=no' '--with-openssl=/usr' '--with-gssapi=yes' '--with-libidn2' '--with-json-c' '--with-lmdb=/usr' '--with-gnu-ld' '--with-maxminddb' '-
> -with-atf=no' '--enable-ipv6' '--enable-rrl' '--enable-filter-aaaa' '--disable-native-pkcs11' 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -ffile-prefix-map=/build/bind9-GF5Mgf/bind9-9.18.
> 12=. -flto=auto -ffat-lto-objects -flto=auto -ffat-lto-objects -fstack-protector-strong -Wformat -Werror=format-security -fno-strict-aliasing -fno-delete-null-pointer-checks -DNO_VERSION_DA
> TE -DDIG_SIGCHASE' 'LDFLAGS=-Wl,-Bsymbolic-functions -flto=auto -ffat-lto-objects -flto=auto -Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2'
> Jul 21 23:49:14 dc-cloud named[637]: running as: named -4 -u bind
> Jul 21 23:49:14 dc-cloud named[637]: compiled by GCC 11.3.0
> Jul 21 23:49:14 dc-cloud named[637]: compiled with OpenSSL version: OpenSSL 3.0.2 15 Mar 2022
> Jul 21 23:49:14 dc-cloud named[637]: linked to OpenSSL version: OpenSSL 3.0.2 15 Mar 2022
> Jul 21 23:49:14 dc-cloud named[637]: compiled with libxml2 version: 2.9.13
> Jul 21 23:49:14 dc-cloud named[637]: linked to libxml2 version: 20913
> Jul 21 23:49:14 dc-cloud named[637]: compiled with json-c version: 0.15
> Jul 21 23:49:14 dc-cloud named[637]: linked to json-c version: 0.15
> Jul 21 23:49:14 dc-cloud named[637]: compiled with zlib version: 1.2.11
> Jul 21 23:49:14 dc-cloud named[637]: linked to zlib version: 1.2.11
> Jul 21 23:49:14 dc-cloud named[637]: ----------------------------------------------------
> Jul 21 23:49:14 dc-cloud named[637]: BIND 9 is maintained by Internet Systems Consortium,
> Jul 21 23:49:14 dc-cloud named[637]: Inc. (ISC), a non-profit 501(c)(3) public-benefit
> Jul 21 23:49:14 dc-cloud named[637]: corporation. Support and training for BIND 9 are
> Jul 21 23:49:14 dc-cloud named[637]: available at https://www.isc.org/support
> Jul 21 23:49:14 dc-cloud named[637]: ----------------------------------------------------
> Jul 21 23:49:14 dc-cloud named[637]: adjusted limit on open files from 524288 to 1048576
> Jul 21 23:49:14 dc-cloud named[637]: found 4 CPUs, using 4 worker threads
> Jul 21 23:49:14 dc-cloud named[637]: using 4 UDP listeners per interface
> Jul 21 23:49:14 dc-cloud named[637]: DNSSEC algorithms: RSASHA1 NSEC3RSASHA1 RSASHA256 RSASHA512 ECDSAP256SHA256 ECDSAP384SHA384 ED25519 ED448
> Jul 21 23:49:14 dc-cloud named[637]: DS algorithms: SHA-1 SHA-256 SHA-384
> Jul 21 23:49:14 dc-cloud named[637]: HMAC algorithms: HMAC-MD5 HMAC-SHA1 HMAC-SHA224 HMAC-SHA256 HMAC-SHA384 HMAC-SHA512
> Jul 21 23:49:14 dc-cloud named[637]: TKEY mode 2 support (Diffie-Hellman): yes
> Jul 21 23:49:14 dc-cloud named[637]: TKEY mode 3 support (GSS-API): yes
> Jul 21 23:49:14 dc-cloud named[637]: config.c: option 'trust-anchor-telemetry' is experimental and subject to change in the future
> Jul 21 23:49:14 dc-cloud named[637]: loading configuration from '/etc/bind/named.conf'
> Jul 21 23:49:14 dc-cloud named[637]: reading built-in trust anchors from file '/etc/bind/bind.keys'
> Jul 21 23:49:14 dc-cloud named[637]: looking for GeoIP2 databases in '/usr/share/GeoIP'
> Jul 21 23:49:14 dc-cloud named[637]: using default UDP/IPv4 port range: [32768, 60999]
> Jul 21 23:49:14 dc-cloud named[637]: listening on IPv4 interface lo, 127.0.0.1#53
> Jul 21 23:49:14 dc-cloud named[637]: listening on IPv4 interface eth0, 75.119.155.151#53
> Jul 21 23:49:14 dc-cloud named[637]: listening on IPv4 interface eth1, 192.168.8.1#53
> Jul 21 23:49:14 dc-cloud named[637]: generating session key for dynamic DNS
> Jul 21 23:49:14 dc-cloud named[637]: sizing zone task pool based on 5 zones
> Jul 21 23:49:14 dc-cloud named[637]: Loading 'wdc.[domain].it' using driver dlopen
> Jul 21 23:49:14 dc-cloud named[637]: samba_dlz: started for DN DC=wdc,DC=[domain],DC=it
> Jul 21 23:49:14 dc-cloud named[637]: samba_dlz: starting configure
> Jul 21 23:49:14 dc-cloud named[637]: zone 1.168.192.in-addr.arpa/NONE: has no NS records
> Jul 21 23:49:14 dc-cloud named[637]: samba_dlz: Failed to configure zone '1.168.192.in-addr.arpa'
> Jul 21 23:49:14 dc-cloud named[637]: loading configuration: bad zone
> Jul 21 23:49:14 dc-cloud named[637]: exiting (due to fatal error)
> Jul 21 23:49:14 dc-cloud systemd[1]: named.service: Control process exited, code=exited, status=1/FAILURE
> Jul 21 23:49:14 dc-cloud systemd[1]: named.service: Failed with result 'exit-code'.
> Jul 21 23:49:14 dc-cloud systemd[1]: named.service: Scheduled restart job, restart counter is at 5.
> Jul 21 23:49:14 dc-cloud systemd[1]: named.service: Start request repeated too quickly.
> Jul 21 23:49:14 dc-cloud systemd[1]: named.service: Failed with result 'exit-code'.
>
>
>
>
>
> Corso Martiri della Liberazione 114 - 23900 Lecco - ITALY - | 4801 Glenwood Avenue - Suite 200 - Raleigh, NC 27612 - USA -
> Tel +39 0341 220 205 - info.it at yetopen.com  | Phone +1 919-817-8106 - info.us at yetopen.com
>
> Think green - Non stampare questa e-mail se non necessario / Don't print this email unless necessary
>
> -------- D.Lgs. 196/2003 e GDPR 679/2016 --------
> Tutte le informazioni contenute in questo messaggio sono riservate ed a uso esclusivo del destinatario.
> Tutte le informazioni ivi contenute, compresi eventuali allegati, sono da ritenere confidenziali e riservate secondo i termini
> del vigente D.Lgs. 196/2003 in materia di privacy e del Regolamento europeo 679/2016 - GDPR - e quindi ne e' proibita l'utilizzazione ulteriore non autorizzata.
> Nel caso in cui questo messaggio Le fosse pervenuto per errore, La invitiamo ad eliminarlo senza copiarlo, stamparlo, a non inoltrarlo a terzi e ad avvertirci non appena possibile.
> Grazie.
>
> Confidentiality notice: this email message including any attachment is for the sole use of the intended recipient and may contain confidential and privileged information;
> pursuant to Legislative Decree 196/2003 and the European General Data Protection Regulation 679/2016 - GDPR - any unauthorized review, use, disclosure or distribution
> is prohibited. If you are not the intended recepient please delete this message without copying, printing or forwarding it to others, and alert us as soon as possible.
> Thank you.