[Samba] Internal DNS not coming up in 4.18.0

Anantha Raghava raghav at exzatechconsulting.com
Thu Mar 23 11:30:41 UTC 2023



On 23/03/23 4:52 pm, Rowland Penny via samba wrote:
>
>
> On 23/03/2023 11:10, Anantha Raghava via samba wrote:
>> Hello Rowland,
>>
>> find the answers in line.
>>
>>
>> On 23/03/23 4:24 pm, Rowland Penny via samba wrote:
>>>
>>>
>>> On 23/03/2023 10:21, Anantha Raghava via samba wrote:
>>>> Hello Rowland,
>>>>
>>>> Find the answers to your questions & suggestions.
>>>
>>> Not all, where did the domain come from ?
>>> Was it provisioned as a Samba AD domain ?
>>> Or
>>> Did it it start out as an early Windows domain ?
>> It was always a samba domain. I started with Samba 4.7.6 about 5 
>> years back. Kept upgrading it over a period.
>
> Well that disposes of one theory, Win 2k domains used a different dns 
> system, but as yours never started out that way, we can discount it.
>
>>>
>>>>
>>>> Does 'samba-tool dns zonelist <YOUR_DC>' show anything ?
>>>>
>>>> No - It results in "rpc server error - WERR_DNS_ERROR_DS_UNAVAILABLE"
>>>>
>>>> samba-tool dns zonecreate' can create a dns zone, though I have 
>>>> never tried to create a forest zone.
>>>>
>>>> I tried this. But results in same error - "rpc server error - 
>>>> WERR_DNS_ERROR_DS_UNAVAILABLE".
>>>>
>>>> Backup -  After restore, same error is repeating. That means it is 
>>>> not a viable backup.
>>>
>>> This is leading me to think that you may have the older style of dns 
>>> system.
>> In the beginning about 5 years back, it was BIND9. Later we migrated 
>> to samba internal DNS and it was working like a charm all these 
>> years. Even during this time, DNS did work properly, until my attempt 
>> to change the SOA record. The attempt to change the SOA record 
>> brought it down.
>>>
>>>>
>>>> Can we use ldb add command here to insert the ForestZone into 
>>>> sam.ldb? It may just be a wild thought.
>>>
>>> You may be able to create an object in AD, whether AD will recognise 
>>> it as an AD zone is another question, also you would need to add the 
>>> SOA and NS records and I wouldn't have a clue what the required ldif 
>>> would look like.
>> I still have those servers on which Samba-AD 4.15.9 was installed. 
>> But, even there, now, after removing them, by demoting (removing them 
>> as dead server). Those old servers still have the sam.ldb and in 
>> private the Zone related ldb and metadata files. Will these be of 
>> some use?
>
> Possibly, if they were turned off and then demoted on another DC, they 
> will probably think they are still DC's. You will not be able to start 
> them in the domain now, but you could try sandboxing one and start it 
> up again, remove all the other DC's from this and see if you can then 
> connect to that DC. If this works, it will give you a good DC to use 
> on your domain, after you turn off all your existing faulty ones.
You are right. They are not starting. One of the server is throwing NTDS 
and rid related error and exit. By the way this one was having all FSMO 
roles before it was removed. I haven't tried the other one. I will try 
and & turn of faulty DCs and start the old (second server & check. If I 
can get some good back up from here, will this work?
>
> Rowland
>
>


More information about the samba mailing list