[Samba] Problems after DC upgrade

Mon Feb 10 15:39:50 UTC 2025

Yeah, I did that some time ago.  It’s a straight file.  Thought I had disabled resolved, but apparently not.  It’s disabled now.  See the email I just sent responding to Rowland.  Appreciate your suggestions!

From: Anders Östling <anders.ostling at gmail.com>
Sent: Monday, February 10, 2025 7:27 AM
To: Stephen Brandli <steve at brandli.com>
Cc: samba at lists.samba.org
Subject: Re: [Samba] Problems after DC upgrade

You need to remove the symlink /etc/resolv.conf (probably points to /run/systemd/resolved/stub-resolv.conf) and create a new /etc/resolv.conf that has your DC as nameserver.

Den mån 10 feb. 2025 15:57Stephen Brandli via samba <samba at lists.samba.org<mailto:samba at lists.samba.org>> skrev:
It was systemd-resolved.  I disabled that.  Now samba is binding to the port.

But I'm still getting the dnsupdate failure.

And, I can't ping anything.  I get the "unknown host or service" error.  So names are not getting resolved on the machine.  I have to admit to complete ignorance about how this part of linux works.  When running systemd-networkd, what normally does name resolution?  Or can systemd-networkd do it without listening on port 53?  This works on my older dc's, which are not running system-resolved.

        Steve

-----Original Message-----
From: samba <samba-bounces at lists.samba.org<mailto:samba-bounces at lists.samba.org>> On Behalf Of Rowland Penny via samba
Sent: Monday, February 10, 2025 1:36 AM
To: samba at lists.samba.org<mailto:samba at lists.samba.org>
Cc: Rowland Penny <rpenny at samba.org<mailto:rpenny at samba.org>>
Subject: Re: [Samba] Problems after DC upgrade

On Mon, 10 Feb 2025 02:24:31 +0000
Stephen Brandli via samba <samba at lists.samba.org<mailto:samba at lists.samba.org>> wrote:

> Well, it almost went okay.
>
> Thumbnail: I had two DCs, running the latest in buster.  I created a
> new one running bookworm and 4.21.3.  I joined the new machine as a
> DC.  I then transferred the FSMO roles from one of the old ones and
> demoted that one.  My plan is to create a fourth new one and demote
> the other old one.  But, two problems:
>
>
>   1.  The dns on the new DC is not responding.  It did when I got it
> started, but in a reboot, it stopped responding.  Don't know why it's
> trying to bind to 0.0.0.0.  The hosts is set up correctly.  Log:

0.0.0.0 is another way of saying 'all IPv4 on this machine'

>
> Feb 09 18:11:11 minister2 samba[88]:   dnsupdate_nameupdate_done:
> Failed DNS update with exit code 26

That explains your missing dns records, samba_dnsupdate cannot add them.

> Feb 09 18:11:11 minister2
> samba[88]: [2025/02/09 18:11:11.816359,  0]
> source4/dsdb/dns/dns_update.c:85(dnsupdate_nameupdate_done) Feb 09
> 18:01:10 minister2 samba[88]:   dnsupdate_nameupdate_done: Failed DNS
> update with exit code 26 Feb 09 18:01:10 minister2 samba[88]:
> [2025/02/09 18:01:10.720661,  0]
> source4/dsdb/dns/dns_update.c:85(dnsupdate_nameupdate_done) Feb 09
> 18:01:07 minister2 winbindd[80]:   Copyright Andrew Tridgell and the
> Samba Team 1992-2024 Feb 09 18:01:07 minister2 winbindd[80]:
> winbindd version 4.21.3-Debian-4.21.3+dfsg-6~bpo12+1 started. Feb 09
> 18:01:07 minister2 winbindd[80]: [2025/02/09 18:01:07.051147,  0]
> source3/winbindd/winbindd.c:1447(main) Feb 09 18:01:07 minister2
> samba[90]:   Failed to bind to 0.0.0.0:53<http://0.0.0.0:53> TCP -
> NT_STATUS_ADDRESS_ALREADY_ASSOCIATED

Could it be that something like Bind9 is also running ?
If that is the case, when you joined the new DC, did you add '--dns-backend=BIND9_DLZ' ?
If you didn't, you now have two choices, either turn off Bind9 or run samba_upgradedns to change to Bind9 instead of the builtin dns server, see here:

https://wiki.samba.org/index.php/Changing_the_DNS_Back_End_of_a_Samba_AD_DC

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba