[Samba] bind-dns configuration is generated incorrectly after "domain backup restore" + samba_upgradedns
Emil Sandnabba
emil at sandnabba.se
Wed Dec 11 09:58:58 UTC 2024
Hello!
I'm trying the backup/restore functionality on Samba 4.21.1, but I'm having
trouble with the Bind DNS configuration.
The domain is created by:
samba-tool domain provision --use-rfc2307 --adminpass={adminpassword}
--domain=domain.se --realm=realm --site=site --server-role=dc
--dns-backend=BIND9_DLZ
And after provisioning, bind is working perfectly fine, using the files in
"/var/lib/samba/bind-dns". I'm now taking a backup:
samba-tool domain backup offline --targetdir=.
To test our emergency recovery procedures, I'm then stopping Samba,
performing a full reset of the database (rm -rf /var/lib/samba/*), and then
restoring the backup:
samba-tool domain backup restore --targetdir=/var/lib/samba
--newservernamed=dc1-restored --backup-file=/samba-backup-xxxxxx.tar.bv2.
The restoration works fine, Samba starts and I can even get new Kerberos
tickets using kinit on the local server.
However, named is not so happy. I've noticed that the backup restore will
use the internal DNS (as stated in the Backup and restore FAQ), so I've
tried `samba_upgradedns`:
root at dc:/# samba_upgradedns --dns-backend=BIND9_DLZ
Reading domain information
DNS accounts already exist
No zone file /var/lib/samba/bind-dns/dns/DOMAIN.SE.zone (normal)
DNS partitions already exist
Adding dns-dc1-restored account
check_spn_alias_collision: trying to add SPN 'DNS/dc1-restored.domain.se'
on 'CN=dns-dc1-restored,CN=Users,DC=domain,DC=se' when 'host/
dc1-restored.domain.se' is on 'CN=DC1-RESTORED,OU=Domain
Controllers,DC=domain,DC=se'
See /var/lib/samba/bind-dns/named.conf for an example configuration include
file for BIND
and /var/lib/samba/bind-dns/named.txt for further documentation required
for secure DNS updates
Please note the "check_spn_alias_collision" message. Not sure if this is an
error or if it's just an info message?
Anyhow, now there are files in "/var/lib/samba/bind-dns".
But if I try to start named, I get the following error:
# named -4 -g -f -u bind
...
10-Dec-2024 20:26:31.455 Loading 'AD DNS Zone' using driver dlopen
10-Dec-2024 20:26:31.795 samba_dlz: started for DN DC=domain,DC=se
10-Dec-2024 20:26:31.795 samba_dlz: starting configure
10-Dec-2024 20:26:31.799 zone domain.se/NONE: has no NS records
10-Dec-2024 20:26:31.799 samba_dlz: Failed to configure zone 'domain.se'
10-Dec-2024 20:26:31.799 loading configuration: bad zone
10-Dec-2024 20:26:31.799 exiting (due to fatal error)
Have I missed something? And how can I troubleshoot this further? How can I
dump/view these DLZ zone-files?
Best regards
Emil Sandnabba
More information about the samba
mailing list