[Samba] Internal DNS not coming up in 4.18.0

Anantha Raghava raghav at exzatechconsulting.com
Wed Mar 22 01:04:50 UTC 2023


While upgrading Samba-AD fromm 4.15.9 to version 4.18, I ran into a 
peculiar problem. AD Component is up, but DNS is just not coming up. 
kinit is reporting KDC not found problem.

All these years I have been compiling samba from source and for nearly 7 
years, it was working like a charm. But this upgrade activity, we ran 
into rough weather. We do not upgrade the existing servers where as, we 
retain one old server which has all FSMO roles, demote and remove others 
in the cluster, add new servers with the same IP and name. Finally I 
transfer FSMO roles to one new server, demote & remove the final server 
and add the new one with same IP and name. This time, in a cluster of 
two servers, the first one to upgrade developed problems once I seized 
the FSMO roles, demoted (removed the other dead server) & removed the 
second server. Activities I did are as follows:

1. Demoted and removed the first server. Allotted the same IP/name to 
new RHEL 8 server, compiled samba and installed. The Domain add process 
also went well. But the drs showrepl reported errors and these also got 
cleared once I did dbcheck and fix process.

2. I moved, rather seized the FSMO roles to new samba 4.18.0 on RHEL 8, 
demoted (removed other dead server as demote process reported crazy 
errors), allotted the same IP/name to new RHEL 8 Server, compiled & 
installed samba.

3. The problems started when I attempted to add the samba as an 
additional DC. It always tried to find itself (non-existent server) as a 
writeable DC. This is when I found that SOA record in new samba 4.18.0 
server was pointing to the dead server in _msdsc.example.com, which I 
could not remove either in RSAT or using samba-tool. Although there was 
new SOA entry in Forward Zone pointing to new samba 4.18.0, the domain 
join process always found itself (non-existent server) as a writeable DC.

4. I did try to modify the _msdsc records in DNS and samba-ad dns goes 
down. AD authentication is working. No client can find the DNS. Even 
RSAT cannot find DNS. Kinit on the same server cannot find DNS.

Unfortunately, I have no backup of running server. The back up is from 
4.15.9, restoring of this DB is causing samba main process to exit with 
status code 1.

After much effort, I brought AD component up, but DNS is still down.

Any help to restore DNS in new samba 4.18.0 is much appreciated.


Thanks & Regards,


This e-mail communication and any attachments may be privileged and 
confidential to Exzatech Consulting And Services Pvt. Ltd., Bangalore, 
and are intended only for the use of the recipients named above If you 
are not the addressee you may not copy, forward, disclose or use any 
part of it. If you have received this message in error, please delete it 
and all copies from your system and notify the sender immediately by 
return e-mail. Internet communications cannot be guaranteed to be 
timely, secure, error or virus-free. The sender does not accept 
liability for any errors or omissions.

Do not print this e-mail unless required. Save Paper & trees.

More information about the samba mailing list