[Samba] Fwd: Two DNS issues with samba
Ronny Preiss
ronny.preiss at gmail.com
Sun Jun 9 11:18:10 UTC 2024
> No need to build Samba yourself, you can find packages here:
>
> http://www.corpit.ru/mjt/packages/samba/
How can I install these files?
Here are the requested files from both servers.
## DC01 ##
/etc/hostname
01-dc01
-----
/etc/hosts
127.0.0.1 localhost
#127.0.1.1 01-dc01
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
10.10.10.11 01-dc01.intern.preiss.network 01-dc01
10.10.10.12 01-dc02.intern.preiss.network 01-dc02
-----
/etc/resolv.conf
nameserver 127.0.0.53
options edns0 trust-ad
search intern.preiss.network
-----
/etc/bind/named.conf
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
include "/usr/local/samba/bind-dns/named.conf";
-----
/etc/bind/named.conf.options
// Managing acls
acl internals { 127.0.0.0/8; 10.0.0.0/8; };
options {
directory "/var/cache/bind";
version "Go Away 0.0.7";
notify no;
empty-zones-enable no;
auth-nxdomain yes;
forwarders { 10.10.10.15; 10.10.10.16; };
allow-transfer { none; };
dnssec-validation no;
// Add any subnets or hosts you want to allow to use this DNS server
allow-query { "internals"; };
allow-query-cache { "internals"; };
// Add any subnets or hosts you want to allow to use recursive
queries
recursion yes;
allow-recursion { "internals"; };
tkey-gssapi-keytab "/usr/local/samba/bind-dns/dns.keytab";
minimal-responses yes;
listen-on-v6 { any; };
};
-----
/etc/bind/named.conf.local
it's empty
-----
/etc/bind/named.conf.default-zones
// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/usr/share/dns/root.hints";
};
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
## DC02 ##
/etc/hostname
01-dc02
-----
/etc/hosts
127.0.0.1 localhost
#127.0.1.1 01-dc02
-----
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
10.10.10.11 01-dc01.intern.preiss.network 01-dc01
10.10.10.12 01-dc02.intern.preiss.network 01-dc02
-----
/etc/resolv.conf
nameserver 127.0.0.53
options edns0 trust-ad
search intern.preiss.network
-----
/etc/bind/named.conf
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
include "/usr/local/samba/bind-dns/named.conf";
-----
/etc/bind/named.conf.options
// Managing acls
acl internals { 127.0.0.0/8; 10.0.0.0/8; };
options {
directory "/var/cache/bind";
version "Go Away 0.0.7";
notify no;
empty-zones-enable no;
auth-nxdomain yes;
forwarders { 10.10.10.15; 10.10.10.16; };
allow-transfer { none; };
dnssec-validation no;
// Add any subnets or hosts you want to allow to use this DNS server
allow-query { "internals"; };
allow-query-cache { "internals"; };
// Add any subnets or hosts you want to allow to use recursive
queries
recursion yes;
allow-recursion { "internals"; };
tkey-gssapi-keytab "/usr/local/samba/bind-dns/dns.keytab";
minimal-responses yes;
listen-on-v6 { any; };
};
-----
/etc/bind/named.conf.local
it's empty
-----
/etc/bind/named.conf.default-zones
// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/usr/share/dns/root.hints";
};
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
Ronny
Am Sa., 8. Juni 2024 um 18:37 Uhr schrieb Rowland Penny via samba <
samba at lists.samba.org>:
> On Sat, 8 Jun 2024 17:05:25 +0200
> Ronny Preiss via samba <samba at lists.samba.org> wrote:
>
> > Hi,
> >
> > I have two problems with my 2 Samba AD-DC. I don't know if the two
> > problems are related.
> > Both domain controllers show the same error pattern for problem 1.The
> > second problem only occurs with the second domain controller.
> > The domain itself seems to work and be in order.
> > Does someone know where this comes from and how to solve it?
> >
> > ## Issue 1 ##
> > By doing my random log checking, I saw the following error in syslog
> > on both DC.
> > I've changed nothing the last couple of weeks.
> >
> > My Environment:
> >
> > 2x Server Ubuntu 22.04.4 LTS with:
> > - Samba Version 4.19.0 AC-DC (Selfcompiled default values)
>
> No need to build Samba yourself, you can find packages here:
>
> http://www.corpit.ru/mjt/packages/samba/
>
> They are provided by the Debian Samba maintainer.
>
> >
> > Samba version: 4.19.0
>
> A bit 'old' the 4.19 branch is at 4.19.6
>
>
> >
> > - DNS Backend Bind (BIND 9.18.18-0ubuntu0.22.04.2-Ubuntu)
> > - SysVol is in sync with rsync
> >
> > ### ERROR ### /var/log/syslog
> > root at 01-dc01:~# tail -f /var/log/syslog
> > Jun 8 11:54:11 01-dc01 samba[931]: [2024/06/08 11:54:11.351034, 0]
> > ../../lib/util/util_runcmd.c:355(samba_runcmd_io_handler)
> > Jun 8 11:54:11 01-dc01 samba[931]:
> > /usr/local/samba/sbin/samba_dnsupdate: Traceback (most recent call
> > last): Jun 8 11:54:11 01-dc01 samba[931]: [2024/06/08
> > 11:54:11.352082, 0]
> > ../../lib/util/util_runcmd.c:355(samba_runcmd_io_handler) Jun 8
> > 11:54:11 01-dc01 samba[931]: /usr/local/samba/sbin/samba_dnsupdate:
> > File "/usr/local/samba/sbin/samba_dnsupdate", line 883, in <module>
> > Jun 8 11:54:11 01-dc01 samba[931]: [2024/06/08 11:54:11.352119, 0]
> > ../../lib/util/util_runcmd.c:355(samba_runcmd_io_handler)
> > Jun 8 11:54:11 01-dc01 samba[931]:
> > /usr/local/samba/sbin/samba_dnsupdate: creds =
> > get_credentials(lp) Jun 8 11:54:11 01-dc01 samba[931]: [2024/06/08
> > 11:54:11.352132, 0]
> > ../../lib/util/util_runcmd.c:355(samba_runcmd_io_handler) Jun 8
> > 11:54:11 01-dc01 samba[931]: /usr/local/samba/sbin/samba_dnsupdate:
> > File "/usr/local/samba/sbin/samba_dnsupdate", line 184, in
> > get_credentials Jun 8 11:54:11 01-dc01 samba[931]: [2024/06/08
> > 11:54:11.352144, 0]
> > ../../lib/util/util_runcmd.c:355(samba_runcmd_io_handler) Jun 8
> > 11:54:11 01-dc01 samba[931]: /usr/local/samba/sbin/samba_dnsupdate:
> > get_krb5_rw_dns_server(creds, sub_vars['DNSDOMAIN'] + '.')
> > Jun 8 11:54:11 01-dc01 samba[931]: [2024/06/08 11:54:11.352158, 0]
> > ../../lib/util/util_runcmd.c:355(samba_runcmd_io_handler)
> > Jun 8 11:54:11 01-dc01 samba[931]:
> > /usr/local/samba/sbin/samba_dnsupdate: File
> > "/usr/local/samba/sbin/samba_dnsupdate", line 143, in
> > get_krb5_rw_dns_server Jun 8 11:54:11 01-dc01 samba[931]:
> > [2024/06/08 11:54:11.352203, 0]
> > ../../lib/util/util_runcmd.c:355(samba_runcmd_io_handler) Jun 8
> > 11:54:11 01-dc01 samba[931]: /usr/local/samba/sbin/samba_dnsupdate:
> > rw_dns_servers = get_possible_rw_dns_server(creds, domain)
> > Jun 8 11:54:11 01-dc01 samba[931]: [2024/06/08 11:54:11.352239, 0]
> > ../../lib/util/util_runcmd.c:355(samba_runcmd_io_handler)
> > Jun 8 11:54:11 01-dc01 samba[931]:
> > /usr/local/samba/sbin/samba_dnsupdate: File
> > "/usr/local/samba/sbin/samba_dnsupdate", line 122, in
> > get_possible_rw_dns_server
> > Jun 8 11:54:11 01-dc01 samba[931]: [2024/06/08 11:54:11.352253, 0]
> > ../../lib/util/util_runcmd.c:355(samba_runcmd_io_handler)
> > Jun 8 11:54:11 01-dc01 samba[931]:
> > /usr/local/samba/sbin/samba_dnsupdate: ans_soa =
> > check_one_dns_name(domain, 'SOA')
> > Jun 8 11:54:11 01-dc01 samba[931]: [2024/06/08 11:54:11.352267, 0]
> > ../../lib/util/util_runcmd.c:355(samba_runcmd_io_handler)
> > Jun 8 11:54:11 01-dc01 samba[931]:
> > /usr/local/samba/sbin/samba_dnsupdate: File
> > "/usr/local/samba/sbin/samba_dnsupdate", line 274, in
> > check_one_dns_name Jun 8 11:54:11 01-dc01 samba[931]: [2024/06/08
> > 11:54:11.352287, 0]
> > ../../lib/util/util_runcmd.c:355(samba_runcmd_io_handler) Jun 8
> > 11:54:11 01-dc01 samba[931]: /usr/local/samba/sbin/samba_dnsupdate:
> > return resolver.resolve(name, name_type)
> > Jun 8 11:54:11 01-dc01 samba[931]: [2024/06/08 11:54:11.352302, 0]
> > ../../lib/util/util_runcmd.c:355(samba_runcmd_io_handler)
> > Jun 8 11:54:11 01-dc01 samba[931]:
> > /usr/local/samba/sbin/samba_dnsupdate: File
> > "/usr/lib/python3/dist-packages/dns/resolver.py", line 1202, in
> > resolve Jun 8 11:54:11 01-dc01 samba[931]: [2024/06/08
> > 11:54:11.352510, 0]
> > ../../lib/util/util_runcmd.c:355(samba_runcmd_io_handler) Jun 8
> > 11:54:11 01-dc01 samba[931]: /usr/local/samba/sbin/samba_dnsupdate:
> > (answer, done) = resolution.query_result(response, None)
> > Jun 8 11:54:11 01-dc01 samba[931]: [2024/06/08 11:54:11.352551, 0]
> > ../../lib/util/util_runcmd.c:355(samba_runcmd_io_handler)
> > Jun 8 11:54:11 01-dc01 samba[931]:
> > /usr/local/samba/sbin/samba_dnsupdate: File
> > "/usr/lib/python3/dist-packages/dns/resolver.py", line 674, in
> > query_result Jun 8 11:54:11 01-dc01 samba[931]: [2024/06/08
> > 11:54:11.352693, 0]
> > ../../lib/util/util_runcmd.c:355(samba_runcmd_io_handler) Jun 8
> > 11:54:11 01-dc01 samba[931]: /usr/local/samba/sbin/samba_dnsupdate:
> > raise NoAnswer(response=answer.response)
> > Jun 8 11:54:11 01-dc01 samba[931]: [2024/06/08 11:54:11.352783, 0]
> > ../../lib/util/util_runcmd.c:355(samba_runcmd_io_handler)
> > Jun 8 11:54:11 01-dc01 samba[931]:
> > /usr/local/samba/sbin/samba_dnsupdate: dns.resolver.NoAnswer: The DNS
> > response does not contain an answer to the question:
> > intern.preiss.network. IN SOA
> > Jun 8 11:54:11 01-dc01 samba[931]: [2024/06/08 11:54:11.383823, 0]
> > ../../source4/dsdb/dns/dns_update.c:85(dnsupdate_nameupdate_done)
> > Jun 8 11:54:11 01-dc01 samba[931]: dnsupdate_nameupdate_done:
> > Failed DNS update with exit code 1
> > ###
> >
> > Manual nslookup for the SOA entry works:
> >
> > root at 01-dc01:~# nslookup -q=SOA intern.preiss.network 10.10.10.11
> > Server: 10.10.10.11
> > Address: 10.10.10.11#53
> >
> > intern.preiss.network
> > origin = 01-dc01.intern.preiss.network
> > mail addr = hostmaster.intern.preiss.network
> > serial = 1159
> > refresh = 900
> > retry = 600
> > expire = 86400
> > minimum = 3600
> >
> > ### Issue 2 ####
> >
> > ### ERROR ### /var/log/syslog
> > root at 01-dc02:~# tail -f /var/log/syslog
> > Jun 8 13:01:31 01-dc02 samba[996]: [2024/06/08 13:01:31.057443, 0]
> > ../../source4/rpc_server/dn
> >
> > sserver/dcerpc_dnsserver.c:1076(dnsserver_query_zone)
> > Jun 8 13:01:31 01-dc02 samba[996]: dnsserver: Invalid zone
> > operation IsSigned
> > Jun 8 13:01:31 01-dc02 samba[996]: [2024/06/08 13:01:31.060313, 0]
> > ../../source4/rpc_server/dn
> >
> > sserver/dcerpc_dnsserver.c:1076(dnsserver_query_zone)
> > Jun 8 13:01:31 01-dc02 samba[996]: dnsserver: Invalid zone
> > operation IsSigned
> > Jun 8 13:01:31 01-dc02 samba[996]: [2024/06/08 13:01:31.061385, 0]
> > ../../source4/rpc_server/dn
> >
> > sserver/dcerpc_dnsserver.c:1076(dnsserver_query_zone)
> > Jun 8 13:01:31 01-dc02 samba[996]: dnsserver: Invalid zone
> > operation IsSigned
> >
> >
> > Kind regards, Ronny
>
> Can you please post the contents of the following files
>
> /etc/hostname
> /etc/hosts
> /etc/resolv.conf
> /etc/bind/named.conf
> /etc/bind/named.conf.options
> /etc/bind/named.conf.local
> /etc/bind/named.conf.default-zones
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list