[Samba] Fwd: Two DNS issues with samba

Rowland Penny rpenny at samba.org
Sun Jun 23 07:59:08 UTC 2024

On Sun, 23 Jun 2024 09:34:46 +0200
Ronny Preiss via samba <samba at lists.samba.org> wrote:

> Now the 3rd DC has the same Problem as the 2nd one.
> Only the 1st DC has no issues.
> /var/log/syslog
> [...]
> Jun 23 06:05:20 01-dc03 samba[87230]: [2024/06/23 06:05:20.132829,  0]
> source4/rpc_server/dnsserver/dcerpc_dnsser
>          ver.c:1076(dnsserver_query_zone)
> Jun 23 06:05:20 01-dc03 samba[87230]:   dnsserver: Invalid zone
> operation IsSigned
> Jun 23 06:05:21 01-dc03 samba[87230]: [2024/06/23 06:05:21.176086,  0]
> source4/rpc_server/dnsserver/dcerpc_dnsser
>          ver.c:1076(dnsserver_query_zone)
> [...]

If you go to line 1076 in
source4/rpc_server/dnsserver/dcerpc_dnsserver.c you will find this:

	DEBUG(0,("dnsserver: Invalid zone operation %s\n", operation));

In this instance 'IsSigned' is the 'operation' and if you look in the
extensive list of known 'operation' types above that, 'IsSigned' isn't
there, so it falls into that 'DEBUG' and the message is printed.

Now, where is 'IsSigned' coming from ?
Well, 'IsSigned' means dnssec and so, something (probably a client) is
using dnssec to query the Samba dns server and Samba knows nothing
about dnssec.
If you want to fix this, you are looking at the wrong end, you need to
find the client(s) that are using dnssec and stop its use.


More information about the samba mailing list