[Samba] DNS management error accessing the domain zone

Thu Mar 20 15:39:10 UTC 2025

Thank you Rowland for your reply.

I have changed the nameserver to point to itself. At the moment the
error persists.

I will be comparing the zones between domain controllers, and let you
know if there is something missing here.

Unfortunately the domain is using '.local' TLD. We know it is not RFC
compliant but we have inherited like this. This could be a possible
cause?

Regards.

On Wed, Mar 19, 2025 at 6:16 PM Rowland Penny via samba
<samba at lists.samba.org> wrote:
>
> On Wed, 19 Mar 2025 16:43:59 -0300
> Nicolás Hermida via samba <samba at lists.samba.org> wrote:
>
> > Hi everyone,
> >
> > We have an Active Directory environment with a WS 2008 R2 functional
> > level. There are two Windows Server 2012 R2 systems, we started the
> > task of migrating these servers to Samba and we've added a Samba
> > domain controller (Version 4.19.5) under Ubuntu 24.04.
> >
> > So we have:
> > SERVER1 (IP 172.30.16.10): Windows Server 2012 R2 Domain Controller
> > SERVER2 (IP 172.30.16.11): Windows Server 2012 R2 Domain Controller
> > SERVER3 (IP 172.30.16.14): Samba Domain Controller
> >
> > Domain name: example.local
> >
> > When we try to connect to SERVER3 (Samba DC) using the Windows DNS
> > Management Tool to manage the DNS server, we get an error when trying
> > to access the example.local forward lookup zone.
> >
> > This error does not occur when accessing the _msdcs.example.local
> > zone.
> >
> > The error indicated by the Windows DNS tool is:
> > Zone Not Loaded by DNS Server
> >
> > The DNS server encountered a problem while attempting to load the
> > zone. The transfer of zone data from the master server failed.
> >
> > We ran the command to fix some errors detected by dbcheck:
> > # samba-tool dbcheck --cross-ncs --fix
> >
> > In the Samba service log, we observed these errors that we consider
> > relevant: dnsserver: Invalid zone operation IsSigneddnsserver
> >
> > ndr_pull_uint32: ndr_pull_error(Buffer Size Error): Pull bytes 4
> > (librpc/ndr/ndr_basic.c:193) at librpc/ndr/ndr_basic.c:193
> >
> > Replications work correctly.
> >
> > Here you have a copy of the main configuration files:
> >
> > /etc/resolv.conf
> > # --- BEGIN PVE ---
> > search example.local
> > nameserver 172.30.16.10
> > # --- END PVE ---
> >
> >
> > Any ideas that might help us resolve this issue?
> >
>
> A couple of things you can try, first, point the Samba DC at itself for
> its nameserver, change 'nameserver 172.30.16.10' to 'nameserver
> 172.30.16.14'
>
> The second is to compare the forward zone dns records on the Samba DC
> with the records on one of the Windows DCs.
>
> I also hope that 'example.local' is sanitising for the real AD dns
> domain and that it really doesn't use the '.local' TLD.
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba