[Samba] Fwd: Two DNS issues with samba

[Ronny Preiss]

Thanks for the good explanation. The client is my Windows 10 computer.
I should perhaps mention that I use the RSAT tools to manage DNS.

What I don't understand is why the DC 01 doesn't have these problems. Is it
maybe because it has all FSMO roles and is the PDC?

Am So., 23. Juni 2024 um 09:59 Uhr schrieb Rowland Penny via samba <
samba at lists.samba.org>:

> On Sun, 23 Jun 2024 09:34:46 +0200
> Ronny Preiss via samba <samba at lists.samba.org> wrote:
>
>
>
> > Now the 3rd DC has the same Problem as the 2nd one.
> > Only the 1st DC has no issues.
> >
> > /var/log/syslog
> > [...]
> > Jun 23 06:05:20 01-dc03 samba[87230]: [2024/06/23 06:05:20.132829,  0]
> > source4/rpc_server/dnsserver/dcerpc_dnsser
> >
> >          ver.c:1076(dnsserver_query_zone)
> > Jun 23 06:05:20 01-dc03 samba[87230]:   dnsserver: Invalid zone
> > operation IsSigned
> > Jun 23 06:05:21 01-dc03 samba[87230]: [2024/06/23 06:05:21.176086,  0]
> > source4/rpc_server/dnsserver/dcerpc_dnsser
> >
> >          ver.c:1076(dnsserver_query_zone)
> > [...]
> >
>
> If you go to line 1076 in
> source4/rpc_server/dnsserver/dcerpc_dnsserver.c you will find this:
>
>         DEBUG(0,("dnsserver: Invalid zone operation %s\n", operation));
>         return WERR_DNS_ERROR_INVALID_PROPERTY;
>
> In this instance 'IsSigned' is the 'operation' and if you look in the
> extensive list of known 'operation' types above that, 'IsSigned' isn't
> there, so it falls into that 'DEBUG' and the message is printed.
>
> Now, where is 'IsSigned' coming from ?
> Well, 'IsSigned' means dnssec and so, something (probably a client) is
> using dnssec to query the Samba dns server and Samba knows nothing
> about dnssec.
> If you want to fix this, you are looking at the wrong end, you need to
> find the client(s) that are using dnssec and stop its use.
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>