bind9 reload failures (was: Re: bind 9.11.3 BIND9_FLATFILE update-policy
Rowland Penny
rpenny at samba.org
Mon Oct 15 08:04:05 UTC 2018
On Mon, 15 Oct 2018 12:27:44 +1300
Andrew Bartlett <abartlet at samba.org> wrote:
> On Wed, 2018-10-10 at 19:40 +0100, Rowland Penny wrote:
> >
> > If you run 'bind9 reload' you get this:
> >
> > Oct 10 19:28:12 dc3 named[5261]: Loading 'AD DNS Zone' using driver
> > dlopen Oct 10 19:28:12 dc3 named[5261]: samba_dlz: starting
> > configure Oct 10 19:28:12 dc3 named[5261]: samba_dlz: Ignoring
> > duplicate zone '0.168.192.in-addr.arpa' from
> > 'DC=@,DC=0.168.192.in-addr.arpa,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com'
> > Oct 10 19:28:12 dc3 named[5261]: samba_dlz: Ignoring duplicate zone
> > 'samdom.example.com' from
> > 'DC=@,DC=samdom.example.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com'
> > Oct 10 19:28:12 dc3 named[5261]: samba_dlz: Ignoring duplicate zone
> > '_msdcs.samdom.example.com' from
> > 'DC=@,DC=_msdcs.samdom.example.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=samdom,DC=example,DC=com'
> > Oct 10 19:28:12 dc3 named[5261]: samba_dlz: shutting down
>
> What happens (what command fails to still operate) after that?
>
> Can you give me exact steps to reproduce, down to the OS version and
> Samba versions?
>
> This has (annoyingly) eluded us for some time, and we feel like we
> might be missing something, so your help is much appreciated.
>
> Thanks,
>
> Andrew Bartlett
>
>
This has annoyed me for sometime, probably since 2013. I don't
understand why you cannot reproduce it, it is simple:
On a Samba AD DC using Bind9 as the DNS server, run 'bind9 reload' and
you will get this:
Oct 15 08:36:17 dc4 named[11785]: received control channel command 'reload'
Oct 15 08:36:17 dc4 named[11785]: loading configuration from '/etc/bind/named.conf'
Oct 15 08:36:17 dc4 named[11785]: reading built-in trusted keys from file '/etc/bind/bind.keys'
Oct 15 08:36:17 dc4 named[11785]: initializing GeoIP Country (IPv4) (type 1) DB
Oct 15 08:36:17 dc4 named[11785]: GEO-106FREE 20170512 Bu
Oct 15 08:36:17 dc4 named[11785]: initializing GeoIP Country (IPv6) (type 12) DB
Oct 15 08:36:17 dc4 named[11785]: GEO-106FREE 20170512 Bu
Oct 15 08:36:17 dc4 named[11785]: GeoIP City (IPv4) (type 2) DB not available
Oct 15 08:36:17 dc4 named[11785]: GeoIP City (IPv4) (type 6) DB not available
Oct 15 08:36:17 dc4 named[11785]: GeoIP City (IPv6) (type 30) DB not available
Oct 15 08:36:17 dc4 named[11785]: GeoIP City (IPv6) (type 31) DB not available
Oct 15 08:36:17 dc4 named[11785]: GeoIP Region (type 3) DB not available
Oct 15 08:36:17 dc4 named[11785]: GeoIP Region (type 7) DB not available
Oct 15 08:36:17 dc4 named[11785]: GeoIP ISP (type 4) DB not available
Oct 15 08:36:17 dc4 named[11785]: GeoIP Org (type 5) DB not available
Oct 15 08:36:17 dc4 named[11785]: GeoIP AS (type 9) DB not available
Oct 15 08:36:17 dc4 named[11785]: GeoIP Domain (type 11) DB not available
Oct 15 08:36:17 dc4 named[11785]: GeoIP NetSpeed (type 10) DB not available
Oct 15 08:36:17 dc4 named[11785]: using default UDP/IPv4 port range: [32768, 60999]
Oct 15 08:36:17 dc4 named[11785]: using default UDP/IPv6 port range: [32768, 60999]
Oct 15 08:36:17 dc4 named[11785]: sizing zone task pool based on 5 zones
Oct 15 08:36:17 dc4 named[11785]: Loading 'AD DNS Zone' using driver dlopen
Oct 15 08:36:17 dc4 named[11785]: samba_dlz: starting configure
Oct 15 08:36:17 dc4 named[11785]: samba_dlz: Ignoring duplicate zone 'samdom.example.com' from 'DC=@,DC=samdom.example.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com'
Oct 15 08:36:17 dc4 named[11785]: samba_dlz: Ignoring duplicate zone '0.168.192.in-addr.arpa' from 'DC=@,DC=0.168.192.in-addr.arpa,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com'
Oct 15 08:36:17 dc4 named[11785]: samba_dlz: Ignoring duplicate zone '_msdcs.samdom.example.com' from 'DC=@,DC=_msdcs.samdom.example.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=samdom,DC=example,DC=com'
Oct 15 08:36:17 dc4 named[11785]: configuring command channel from '/etc/bind/rndc.key'
Oct 15 08:36:17 dc4 named[11785]: configuring command channel from '/etc/bind/rndc.key'
Oct 15 08:36:17 dc4 named[11785]: zone 0.168.192.in-addr.arpa/NONE: (other) removed
Oct 15 08:36:17 dc4 named[11785]: zone samdom.example.com/NONE: (other) removed
Oct 15 08:36:17 dc4 named[11785]: zone _msdcs.samdom.example.com/NONE: (other) removed
Oct 15 08:36:17 dc4 named[11785]: reloading configuration succeeded
Oct 15 08:36:17 dc4 named[11785]: reloading zones succeeded
Oct 15 08:36:17 dc4 named[11785]: all zones loaded
Oct 15 08:36:17 dc4 named[11785]: running
Oct 15 08:36:17 dc4 named[11785]: samba_dlz: shutting down
After that, anything that relies on samba_dlz no longer works.
For instance, this is on 'dc4' that has just been 'reloaded':
root at dc4:~# dig samdom.example.com
; <<>> DiG 9.10.3-P4-Debian <<>> samdom.example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28009
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;samdom.example.com. IN A
;; ANSWER SECTION:
samdom.example.com. 900 IN A 192.168.0.6
samdom.example.com. 900 IN A 192.168.0.7
;; AUTHORITY SECTION:
samdom.example.com. 900 IN NS dc3.samdom.example.com.
samdom.example.com. 900 IN NS dc4.samdom.example.com.
;; Query time: 0 msec
;; SERVER: 192.168.0.6#53(192.168.0.6)
;; WHEN: Mon Oct 15 08:39:06 BST 2018
;; MSG SIZE rcvd: 115
And this is another DC that is running normally, note is has the
'ADDITIONAL SECTION':
root at dc3:~# dig samdom.example.com
; <<>> DiG 9.9.5-9+deb8u15-Debian <<>> samdom.example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8258
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;samdom.example.com. IN A
;; ANSWER SECTION:
samdom.example.com. 900 IN A 192.168.0.7
samdom.example.com. 900 IN A 192.168.0.6
;; AUTHORITY SECTION:
samdom.example.com. 900 IN NS dc4.samdom.example.com.
samdom.example.com. 900 IN NS dc3.samdom.example.com.
;; ADDITIONAL SECTION:
dc3.samdom.example.com. 900 IN A 192.168.0.7
dc4.samdom.example.com. 900 IN A 192.168.0.6
;; Query time: 6 msec
;; SERVER: 192.168.0.7#53(192.168.0.7)
;; WHEN: Mon Oct 15 08:38:55 BST 2018
;; MSG SIZE rcvd: 147
My dhcp update script stops working:
Oct 15 08:36:41 dc4 dhcpd[2093]: Commit: IP: 192.168.0.166 DHCID: 1:cc:4e:ec:e9:c8:d3 Name: dhcp-192-168-0-166
Oct 15 08:36:41 dc4 dhcpd[2093]: execute_statement argv[0] = /usr/local/bin/dhcp-dyndns.sh
Oct 15 08:36:41 dc4 dhcpd[2093]: execute_statement argv[1] = add
Oct 15 08:36:41 dc4 dhcpd[2093]: execute_statement argv[2] = 192.168.0.166
Oct 15 08:36:41 dc4 dhcpd[2093]: execute_statement argv[3] = 1:cc:4e:ec:e9:c8:d3
Oct 15 08:36:41 dc4 dhcpd[2093]: execute_statement argv[4] = dhcp-192-168-0-166
Oct 15 08:36:42 dc4 root: DHCP-DNS Update failed: 22
Oct 15 08:36:42 dc4 dhcpd[2093]: execute: /usr/local/bin/dhcp-dyndns.sh exit status 5632
Oct 15 08:36:42 dc4 dhcpd[2093]: DHCPREQUEST for 192.168.0.166 from cc:4e:ec:e9:c8:d3 via eth0
Oct 15 08:36:42 dc4 dhcpd[2093]: DHCPACK on 192.168.0.166 to cc:4e:ec:e9:c8:d3 via eth0
It doesn't seem to matter what version of Samba or Bind9, but I can
confirm these versions:
Devuan GNU/Linux 1 (jessie)
BIND 9.9.5-9+deb8u15-Debian
Samba 4.6.2
Devuan GNU/Linux ascii
BIND 9.10.3-P4-Debian
Samba 4.8.5-Debian
If you want any further info, just ask. If you want any further tests,
just tell me what commands to run and where.
Rowland
More information about the samba-technical
mailing list