Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
[Samba] DNS Update not working after update to 4.5.3
6,238 views
Skip to first unread message
Dirk Laurenz via samba
Jan 18, 2017, 3:00:04 AM1/18/17
to
Hello @all:
Calling DNS Update results in this failure:
root@samba01:/# samba_dnsupdate --all-names
Traceback (most recent call last):
File "/usr/sbin/samba_dnsupdate", line 784, in <module>
creds = get_credentials(lp)
File "/usr/sbin/samba_dnsupdate", line 141, in get_credentials
ans = check_one_dns_name(sub_vars['DNSDOMAIN'] + '.', 'NS')
File "/usr/sbin/samba_dnsupdate", line 251, in check_one_dns_name
ans = resolver.query(name, name_type)
File "/usr/lib/python2.7/dist-packages/dns/resolver.py", line 912, in
query
raise_on_no_answer)
File "/usr/lib/python2.7/dist-packages/dns/resolver.py", line 143, in
__init__
raise NoAnswer
dns.resolver.NoAnswer
I'm stuck at that point currently. Updates via samba-tool work, but not via
kerberos or samba it self:
[2017/01/18 08:31:18.113146, 0]
../source4/dsdb/dns/dns_update.c:290(dnsupdate_nameupdate_done)
../source4/dsdb/dns/dns_update.c:290: Failed DNS update - with error code
110
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Calling DNS Update results in this failure:
root@samba01:/# samba_dnsupdate --all-names
Traceback (most recent call last):
File "/usr/sbin/samba_dnsupdate", line 784, in <module>
creds = get_credentials(lp)
File "/usr/sbin/samba_dnsupdate", line 141, in get_credentials
ans = check_one_dns_name(sub_vars['DNSDOMAIN'] + '.', 'NS')
File "/usr/sbin/samba_dnsupdate", line 251, in check_one_dns_name
ans = resolver.query(name, name_type)
File "/usr/lib/python2.7/dist-packages/dns/resolver.py", line 912, in
query
raise_on_no_answer)
File "/usr/lib/python2.7/dist-packages/dns/resolver.py", line 143, in
__init__
raise NoAnswer
dns.resolver.NoAnswer
I'm stuck at that point currently. Updates via samba-tool work, but not via
kerberos or samba it self:
[2017/01/18 08:31:18.113146, 0]
../source4/dsdb/dns/dns_update.c:290(dnsupdate_nameupdate_done)
../source4/dsdb/dns/dns_update.c:290: Failed DNS update - with error code
110
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Dirk Laurenz via samba
Jan 18, 2017, 3:20:03 AM1/18/17
to
Marc Muehlfeld via samba
Jan 18, 2017, 12:10:02 PM1/18/17
to
Hi Dirk,
Am 18.01.2017 um 08:51 schrieb Dirk Laurenz via samba:
> [2017/01/18 08:31:18.113146, 0]
> ../source4/dsdb/dns/dns_update.c:290(dnsupdate_nameupdate_done)
>
> ../source4/dsdb/dns/dns_update.c:290: Failed DNS update - with error code
> 110
Do you run the BIND9_DLZ or Internal_DNS back end?
If it's BIND:
https://wiki.samba.org/index.php/BIND9_DLZ_DNS_Back_End#Reconfiguring_the_BIND9_DLZ_Back_End
Regards,
Marc
Am 18.01.2017 um 08:51 schrieb Dirk Laurenz via samba:
> [2017/01/18 08:31:18.113146, 0]
> ../source4/dsdb/dns/dns_update.c:290(dnsupdate_nameupdate_done)
>
> ../source4/dsdb/dns/dns_update.c:290: Failed DNS update - with error code
> 110
If it's BIND:
https://wiki.samba.org/index.php/BIND9_DLZ_DNS_Back_End#Reconfiguring_the_BIND9_DLZ_Back_End
Regards,
Marc
Dirk Laurenz via samba
Jan 20, 2017, 8:00:03 AM1/20/17
to
it doesn't matter, problem is with both backends...
Dirk Laurenz via samba
Jan 20, 2017, 8:20:03 AM1/20/17
to
Hi,
i tried this hint and after restart of bind9:
Jan 20 13:58:08 samba02 named[10811]: Loading 'AD DNS Zone' using driver
dlopen
Jan 20 13:58:09 samba02 named[10811]: samba_dlz: started for DN
DC=local,DC=laurenz,DC=ws
Jan 20 13:58:09 samba02 named[10811]: samba_dlz: starting configure
Jan 20 13:58:09 samba02 named[10811]: zone 2.168.192.in-addr.arpa/NONE:
has no NS records
Jan 20 13:58:09 samba02 named[10811]: samba_dlz: Failed to configure
zone '2.168.192.in-addr.arpa'
Jan 20 13:58:09 samba02 named[10811]: loading configuration: bad zone
hmm bad luck... why got the PTR Zone lost....?
Dirk
Am 18.01.2017 um 18:03 schrieb Marc Muehlfeld:
i tried this hint and after restart of bind9:
Jan 20 13:58:08 samba02 named[10811]: Loading 'AD DNS Zone' using driver
dlopen
Jan 20 13:58:09 samba02 named[10811]: samba_dlz: started for DN
DC=local,DC=laurenz,DC=ws
Jan 20 13:58:09 samba02 named[10811]: samba_dlz: starting configure
Jan 20 13:58:09 samba02 named[10811]: zone 2.168.192.in-addr.arpa/NONE:
has no NS records
Jan 20 13:58:09 samba02 named[10811]: samba_dlz: Failed to configure
zone '2.168.192.in-addr.arpa'
Jan 20 13:58:09 samba02 named[10811]: loading configuration: bad zone
hmm bad luck... why got the PTR Zone lost....?
Dirk
Am 18.01.2017 um 18:03 schrieb Marc Muehlfeld:
Rowland Penny via samba
Jan 20, 2017, 8:30:02 AM1/20/17
to
On Fri, 20 Jan 2017 13:55:44 +0100
Dirk Laurenz via samba <sa...@lists.samba.org> wrote:
> it doesn't matter, problem is with both backends...
>
>
As it works for me with 4.5.3, can you post your smb.conf
Dirk Laurenz via samba <sa...@lists.samba.org> wrote:
> it doesn't matter, problem is with both backends...
>
>
Rowland
L.P.H. van Belle via samba
Jan 20, 2017, 9:30:03 AM1/20/17
to
I suspect a zone overlap.
Did you add an extra zone manualy in bind?
Or something like this... You added :
Zone1.Domain.TLD and then
Domain.TLD
But then with the reverse zones.
Because this :
> Jan 20 13:58:09 samba02 named[10811]: zone 2.168.192.in-addr.arpa/NONE:
> has no NS records
Does not look likes the samba_DLZ log lines but a pure bind log line.
Review you bind config and remove any manualy added zones.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-...@lists.samba.org] Namens Dirk Laurenz via
> samba
> Verzonden: vrijdag 20 januari 2017 13:58
> Aan: Marc Muehlfeld; sa...@lists.samba.org
> Onderwerp: Re: [Samba] DNS Update not working after update to 4.5.3
Did you add an extra zone manualy in bind?
Or something like this... You added :
Zone1.Domain.TLD and then
Domain.TLD
But then with the reverse zones.
Because this :
> Jan 20 13:58:09 samba02 named[10811]: zone 2.168.192.in-addr.arpa/NONE:
> has no NS records
Review you bind config and remove any manualy added zones.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-...@lists.samba.org] Namens Dirk Laurenz via
> samba
> Verzonden: vrijdag 20 januari 2017 13:58
> Aan: Marc Muehlfeld; sa...@lists.samba.org
> Onderwerp: Re: [Samba] DNS Update not working after update to 4.5.3
Dirk Laurenz via samba
Jan 23, 2017, 8:30:02 AM1/23/17
to
yes - sure - currently samba dns backend...
# Global parameters
[global]
netbios name = SAMBA01
realm = LOCAL.LAURENZ.WS
workgroup = LAURENZ
server role = active directory domain controller
dns forwarder = 8.8.8.8
allow dns updates = nonsecure
idmap_ldb:use rfc2307 = yes
client ldap sasl wrapping = sign
# server services = -dns
[netlogon]
path = /var/lib/samba/sysvol/local.laurenz.ws/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
# Global parameters
[global]
netbios name = SAMBA01
realm = LOCAL.LAURENZ.WS
workgroup = LAURENZ
server role = active directory domain controller
dns forwarder = 8.8.8.8
allow dns updates = nonsecure
idmap_ldb:use rfc2307 = yes
client ldap sasl wrapping = sign
# server services = -dns
[netlogon]
path = /var/lib/samba/sysvol/local.laurenz.ws/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
Dirk Laurenz via samba
Jan 23, 2017, 8:40:03 AM1/23/17
to
ok - i will try this, means before starting:
will remove all reverse dns zones? correct?
i only add dns zones via windows dns mgmt and only outside bind... bind
config is like in wiki.samba.org
grep samba /etc/bind/*
/etc/bind/named.conf.local:include "/var/lib/samba/private/named.conf";
/etc/bind/named.conf.options: tkey-gssapi-keytab
"/var/lib/samba/private/dns.keytab";
other things a default debian....
will remove all reverse dns zones? correct?
i only add dns zones via windows dns mgmt and only outside bind... bind
config is like in wiki.samba.org
grep samba /etc/bind/*
/etc/bind/named.conf.local:include "/var/lib/samba/private/named.conf";
/etc/bind/named.conf.options: tkey-gssapi-keytab
"/var/lib/samba/private/dns.keytab";
other things a default debian....
Dirk Laurenz via samba
Jan 23, 2017, 8:40:03 AM1/23/17
to
hmm, just a guess:
i have two reverse lookup zones:
192.168.2.x
192.168.6.x
defined. should i define 192.168.x.x instead?
Am 20.01.2017 um 15:21 schrieb L.P.H. van Belle via samba:
i have two reverse lookup zones:
192.168.2.x
192.168.6.x
defined. should i define 192.168.x.x instead?
Am 20.01.2017 um 15:21 schrieb L.P.H. van Belle via samba:
Rowland Penny via samba
Jan 23, 2017, 9:00:03 AM1/23/17
to
On Mon, 23 Jan 2017 14:34:28 +0100
clients setup to update the reverse zone ?
Rowland
> hmm, just a guess:
>
> i have two reverse lookup zones:
>
> 192.168.2.x
>
> 192.168.6.x
>
> defined. should i define 192.168.x.x instead?
>
This would probably be better than the two zones, but are your windows
>
> i have two reverse lookup zones:
>
> 192.168.2.x
>
> 192.168.6.x
>
> defined. should i define 192.168.x.x instead?
>
clients setup to update the reverse zone ?
Rowland
Dirk Laurenz via samba
Jan 23, 2017, 9:10:02 AM1/23/17
to
Hi,
i reduced to one reverse dns zone (192.168.x.x.) same error when
converting internal to bind_dlz
Jan 23 14:55:39 samba01 named[3279]: Loading 'AD DNS Zone' using driver
dlopen
Jan 23 14:55:40 samba01 named[3279]: samba_dlz: started for DN
DC=local,DC=laurenz,DC=ws
Jan 23 14:55:40 samba01 named[3279]: samba_dlz: starting configure
Jan 23 14:55:40 samba01 named[3279]: samba_dlz: configured writeable
zone '168.192.in-addr.arpa'
Jan 23 14:55:40 samba01 named[3279]: zone local.laurenz.ws/NONE: has no
NS records
Jan 23 14:55:40 samba01 named[3279]: samba_dlz: Failed to configure zone
'local.laurenz.ws'
Jan 23 14:55:40 samba01 named[3279]: loading configuration: bad zone
Jan 23 14:55:40 samba01 named[3279]: exiting (due to fatal error)
Jan 23 14:55:40 samba01 systemd[1]: bind9.service: main process exited,
code=exited, status=1/FAILURE
Jan 23 14:55:40 samba01 rndc[3305]: rndc: connect failed: 127.0.0.1#953:
connection refused
Jan 23 14:55:40 samba01 systemd[1]: bind9.service: control process
exited, code=exited status=1
Jan 23 14:55:40 samba01 systemd[1]: Unit bind9.service entered failed state.
that worked before...no bind complains about my forward lookup zone...?
i reduced to one reverse dns zone (192.168.x.x.) same error when
converting internal to bind_dlz
Jan 23 14:55:39 samba01 named[3279]: Loading 'AD DNS Zone' using driver
dlopen
Jan 23 14:55:40 samba01 named[3279]: samba_dlz: started for DN
DC=local,DC=laurenz,DC=ws
Jan 23 14:55:40 samba01 named[3279]: samba_dlz: starting configure
Jan 23 14:55:40 samba01 named[3279]: samba_dlz: configured writeable
zone '168.192.in-addr.arpa'
Jan 23 14:55:40 samba01 named[3279]: zone local.laurenz.ws/NONE: has no
NS records
Jan 23 14:55:40 samba01 named[3279]: samba_dlz: Failed to configure zone
'local.laurenz.ws'
Jan 23 14:55:40 samba01 named[3279]: loading configuration: bad zone
Jan 23 14:55:40 samba01 named[3279]: exiting (due to fatal error)
Jan 23 14:55:40 samba01 systemd[1]: bind9.service: main process exited,
code=exited, status=1/FAILURE
Jan 23 14:55:40 samba01 rndc[3305]: rndc: connect failed: 127.0.0.1#953:
connection refused
Jan 23 14:55:40 samba01 systemd[1]: bind9.service: control process
exited, code=exited status=1
Jan 23 14:55:40 samba01 systemd[1]: Unit bind9.service entered failed state.
that worked before...no bind complains about my forward lookup zone...?
Rowland Penny via samba
Jan 23, 2017, 9:30:03 AM1/23/17
to
On Mon, 23 Jan 2017 14:57:50 +0100
Have you checked in AD if there are any records ?
Rowland
Rowland
L.P.H. van Belle via samba
Jan 23, 2017, 9:50:03 AM1/23/17
to
Hai,
Seeing :
> Jan 23 14:55:40 samba01 named[3279]: samba_dlz: configured writeable
> zone '168.192.in-addr.arpa'
> Jan 23 14:55:40 samba01 named[3279]: zone local.laurenz.ws/NONE: has no
> NS records
> Jan 23 14:55:40 samba01 named[3279]: samba_dlz: Failed to configure zone
> 'local.laurenz.ws'
Normaly you should see first the local.laurenz.ws zone with samba_dlz.
So i think that this zone : local.laurenz.ws, is in bind_flat files ( not samba_dlz backend )
and this is correct samba_dlz: configured writeable zone '168.192.in-addr.arpa'
Or as told, you created an dns record in 'domain.tld’, Which should be made in 'main.domain.tld'
Use CNAME in domain.tld to link to host inside main.domain.tld. Then it works fine.
Now this also applies for the reverse zones.
If your using 192.168.0.0/16 then yes, your reverse : '168.192.in-addr.arpa is correct.
If your not using a full /16 range, but a normal /24 then your reverse should be '0.168.192.in-addr.arpa’
You can use '168.192.in-addr.arpa’ but the use only one reverse zone.
And i think your primary zone isnt in samba_DLZ.
So can you post your bind config ( complete please, anonymize if needed )
This is my output as reference.
Jan 23 15:25:25 rtd-dc1 named[4942]: ----------------------------------------------------
Jan 23 15:25:25 rtd-dc1 named[4942]: BIND 9 is maintained by Internet Systems Consortium,
Jan 23 15:25:25 rtd-dc1 named[4942]: Inc. (ISC), a non-profit 501(c)(3) public-benefit
Jan 23 15:25:25 rtd-dc1 named[4942]: corporation. Support and training for BIND 9 are
Jan 23 15:25:25 rtd-dc1 named[4942]: available at https://www.isc.org/support
Jan 23 15:25:25 rtd-dc1 named[4942]: ----------------------------------------------------
Jan 23 15:25:25 rtd-dc1 named[4942]: adjusted limit on open files from 4096 to 1048576
Jan 23 15:25:25 rtd-dc1 named[4942]: found 2 CPUs, using 2 worker threads
Jan 23 15:25:25 rtd-dc1 named[4942]: using 2 UDP listeners per interface
Jan 23 15:25:25 rtd-dc1 named[4942]: using up to 4096 sockets
Jan 23 15:25:25 rtd-dc1 named[4942]: loading configuration from '/etc/bind/named.conf'
Jan 23 15:25:25 rtd-dc1 named[4942]: reading built-in trusted keys from file '/etc/bind/bind.keys'
Jan 23 15:25:25 rtd-dc1 named[4942]: using default UDP/IPv4 port range: [1024, 65535]
Jan 23 15:25:25 rtd-dc1 named[4942]: using default UDP/IPv6 port range: [1024, 65535]
Jan 23 15:25:25 rtd-dc1 named[4942]: listening on IPv4 interface lo, 127.0.0.1#53
Jan 23 15:25:25 rtd-dc1 named[4942]: listening on IPv4 interface eth0, 192.168.123.211#53
Jan 23 15:25:25 rtd-dc1 named[4942]: generating session key for dynamic DNS
Jan 23 15:25:25 rtd-dc1 named[4942]: sizing zone task pool based on 5 zones
Jan 23 15:25:25 rtd-dc1 named[4942]: Loading 'AD DNS Zone' using driver dlopen
Jan 23 15:25:25 rtd-dc1 named[4942]: samba_dlz: started for DN DC=office,DC=domain,DC=tld
Jan 23 15:25:25 rtd-dc1 named[4942]: samba_dlz: starting configure
Jan 23 15:25:25 rtd-dc1 named[4942]: samba_dlz: configured writeable zone '123.168.192.in-addr.arpa'
Jan 23 15:25:25 rtd-dc1 named[4942]: samba_dlz: configured writeable zone '0.123.10.in-addr.arpa'
Jan 23 15:25:25 rtd-dc1 named[4942]: samba_dlz: configured writeable zone '1.123.10.in-addr.arpa'
Jan 23 15:25:25 rtd-dc1 named[4942]: samba_dlz: configured writeable zone '2.123.10.in-addr.arpa'
Jan 23 15:25:25 rtd-dc1 named[4942]: samba_dlz: configured writeable zone '3.123.10.in-addr.arpa'
Jan 23 15:25:25 rtd-dc1 named[4942]: samba_dlz: configured writeable zone '4.123.10.in-addr.arpa'
Jan 23 15:25:25 rtd-dc1 named[4942]: samba_dlz: configured writeable zone 'main.domain.tld'
Jan 23 15:25:25 rtd-dc1 named[4942]: samba_dlz: configured writeable zone 'sub1.domain.tld'
Jan 23 15:25:25 rtd-dc1 named[4942]: samba_dlz: configured writeable zone 'sub2.domain.tld'
Jan 23 15:25:25 rtd-dc1 named[4942]: samba_dlz: configured writeable zone 'sub3.domain.tld'
Jan 23 15:25:25 rtd-dc1 named[4942]: samba_dlz: configured writeable zone 'sub4.domain.tld'
Jan 23 15:25:25 rtd-dc1 named[4942]: samba_dlz: configured writeable zone 'sub5.domain.tld'
Jan 23 15:25:25 rtd-dc1 named[4942]: samba_dlz: configured writeable zone 'domain.tld'
Jan 23 15:25:25 rtd-dc1 named[4942]: samba_dlz: configured writeable zone '_msdcs.main.domain.tld'
Jan 23 15:25:25 rtd-dc1 named[4942]: set up managed keys zone for view _default, file 'managed-keys.bind'
Jan 23 15:25:25 rtd-dc1 named[4942]: command channel listening on 127.0.0.1#953
Jan 23 15:25:25 rtd-dc1 named[4942]: managed-keys-zone: loaded serial 715
Jan 23 15:25:25 rtd-dc1 named[4942]: zone 0.in-addr.arpa/IN: loaded serial 1
Jan 23 15:25:25 rtd-dc1 named[4942]: zone 127.in-addr.arpa/IN: loaded serial 1
Jan 23 15:25:25 rtd-dc1 named[4942]: zone localhost/IN: loaded serial 2
Jan 23 15:25:25 rtd-dc1 named[4942]: zone 255.in-addr.arpa/IN: loaded serial 1
Jan 23 15:25:25 rtd-dc1 named[4942]: all zones loaded
Jan 23 15:25:25 rtd-dc1 named[4942]: running
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-...@lists.samba.org] Namens Dirk Laurenz via
> samba
> Verzonden: maandag 23 januari 2017 14:58
> Aan: sa...@lists.samba.org
> Onderwerp: Re: [Samba] DNS Update not working after update to 4.5.3
>
> Hi,
>
Seeing :
> Jan 23 14:55:40 samba01 named[3279]: samba_dlz: configured writeable
> zone '168.192.in-addr.arpa'
> Jan 23 14:55:40 samba01 named[3279]: zone local.laurenz.ws/NONE: has no
> NS records
> Jan 23 14:55:40 samba01 named[3279]: samba_dlz: Failed to configure zone
> 'local.laurenz.ws'
So i think that this zone : local.laurenz.ws, is in bind_flat files ( not samba_dlz backend )
and this is correct samba_dlz: configured writeable zone '168.192.in-addr.arpa'
Or as told, you created an dns record in 'domain.tld’, Which should be made in 'main.domain.tld'
Use CNAME in domain.tld to link to host inside main.domain.tld. Then it works fine.
Now this also applies for the reverse zones.
If your using 192.168.0.0/16 then yes, your reverse : '168.192.in-addr.arpa is correct.
If your not using a full /16 range, but a normal /24 then your reverse should be '0.168.192.in-addr.arpa’
You can use '168.192.in-addr.arpa’ but the use only one reverse zone.
And i think your primary zone isnt in samba_DLZ.
So can you post your bind config ( complete please, anonymize if needed )
This is my output as reference.
Jan 23 15:25:25 rtd-dc1 named[4942]: ----------------------------------------------------
Jan 23 15:25:25 rtd-dc1 named[4942]: BIND 9 is maintained by Internet Systems Consortium,
Jan 23 15:25:25 rtd-dc1 named[4942]: Inc. (ISC), a non-profit 501(c)(3) public-benefit
Jan 23 15:25:25 rtd-dc1 named[4942]: corporation. Support and training for BIND 9 are
Jan 23 15:25:25 rtd-dc1 named[4942]: available at https://www.isc.org/support
Jan 23 15:25:25 rtd-dc1 named[4942]: ----------------------------------------------------
Jan 23 15:25:25 rtd-dc1 named[4942]: adjusted limit on open files from 4096 to 1048576
Jan 23 15:25:25 rtd-dc1 named[4942]: found 2 CPUs, using 2 worker threads
Jan 23 15:25:25 rtd-dc1 named[4942]: using 2 UDP listeners per interface
Jan 23 15:25:25 rtd-dc1 named[4942]: using up to 4096 sockets
Jan 23 15:25:25 rtd-dc1 named[4942]: loading configuration from '/etc/bind/named.conf'
Jan 23 15:25:25 rtd-dc1 named[4942]: reading built-in trusted keys from file '/etc/bind/bind.keys'
Jan 23 15:25:25 rtd-dc1 named[4942]: using default UDP/IPv4 port range: [1024, 65535]
Jan 23 15:25:25 rtd-dc1 named[4942]: using default UDP/IPv6 port range: [1024, 65535]
Jan 23 15:25:25 rtd-dc1 named[4942]: listening on IPv4 interface lo, 127.0.0.1#53
Jan 23 15:25:25 rtd-dc1 named[4942]: listening on IPv4 interface eth0, 192.168.123.211#53
Jan 23 15:25:25 rtd-dc1 named[4942]: generating session key for dynamic DNS
Jan 23 15:25:25 rtd-dc1 named[4942]: sizing zone task pool based on 5 zones
Jan 23 15:25:25 rtd-dc1 named[4942]: Loading 'AD DNS Zone' using driver dlopen
Jan 23 15:25:25 rtd-dc1 named[4942]: samba_dlz: started for DN DC=office,DC=domain,DC=tld
Jan 23 15:25:25 rtd-dc1 named[4942]: samba_dlz: starting configure
Jan 23 15:25:25 rtd-dc1 named[4942]: samba_dlz: configured writeable zone '123.168.192.in-addr.arpa'
Jan 23 15:25:25 rtd-dc1 named[4942]: samba_dlz: configured writeable zone '0.123.10.in-addr.arpa'
Jan 23 15:25:25 rtd-dc1 named[4942]: samba_dlz: configured writeable zone '1.123.10.in-addr.arpa'
Jan 23 15:25:25 rtd-dc1 named[4942]: samba_dlz: configured writeable zone '2.123.10.in-addr.arpa'
Jan 23 15:25:25 rtd-dc1 named[4942]: samba_dlz: configured writeable zone '3.123.10.in-addr.arpa'
Jan 23 15:25:25 rtd-dc1 named[4942]: samba_dlz: configured writeable zone '4.123.10.in-addr.arpa'
Jan 23 15:25:25 rtd-dc1 named[4942]: samba_dlz: configured writeable zone 'main.domain.tld'
Jan 23 15:25:25 rtd-dc1 named[4942]: samba_dlz: configured writeable zone 'sub1.domain.tld'
Jan 23 15:25:25 rtd-dc1 named[4942]: samba_dlz: configured writeable zone 'sub2.domain.tld'
Jan 23 15:25:25 rtd-dc1 named[4942]: samba_dlz: configured writeable zone 'sub3.domain.tld'
Jan 23 15:25:25 rtd-dc1 named[4942]: samba_dlz: configured writeable zone 'sub4.domain.tld'
Jan 23 15:25:25 rtd-dc1 named[4942]: samba_dlz: configured writeable zone 'sub5.domain.tld'
Jan 23 15:25:25 rtd-dc1 named[4942]: samba_dlz: configured writeable zone 'domain.tld'
Jan 23 15:25:25 rtd-dc1 named[4942]: samba_dlz: configured writeable zone '_msdcs.main.domain.tld'
Jan 23 15:25:25 rtd-dc1 named[4942]: set up managed keys zone for view _default, file 'managed-keys.bind'
Jan 23 15:25:25 rtd-dc1 named[4942]: command channel listening on 127.0.0.1#953
Jan 23 15:25:25 rtd-dc1 named[4942]: managed-keys-zone: loaded serial 715
Jan 23 15:25:25 rtd-dc1 named[4942]: zone 0.in-addr.arpa/IN: loaded serial 1
Jan 23 15:25:25 rtd-dc1 named[4942]: zone 127.in-addr.arpa/IN: loaded serial 1
Jan 23 15:25:25 rtd-dc1 named[4942]: zone localhost/IN: loaded serial 2
Jan 23 15:25:25 rtd-dc1 named[4942]: zone 255.in-addr.arpa/IN: loaded serial 1
Jan 23 15:25:25 rtd-dc1 named[4942]: all zones loaded
Jan 23 15:25:25 rtd-dc1 named[4942]: running
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-...@lists.samba.org] Namens Dirk Laurenz via
> samba
> Aan: sa...@lists.samba.org
> Onderwerp: Re: [Samba] DNS Update not working after update to 4.5.3
>
> Hi,
>
Dirk Laurenz via samba
Jan 24, 2017, 6:00:03 PM1/24/17
to
yes, activated via policy
Dirk Laurenz via samba
Jan 24, 2017, 6:20:03 PM1/24/17
to
i only check via dns admin (windows)
Dirk Laurenz via samba
Jan 24, 2017, 6:20:03 PM1/24/17
to
Hi,
some more details about my setup (currently running)
Three DCs running Samab:
root@router01:~# ssh samba01 samba -V
Version 4.5.3
root@router01:~# ssh samba02 samba -V
Version 4.5.3
root@router01:~# ssh samba03 samba -V
Version 4.5.3
All running currently SAMBA_INTERNAL DNS due to the same failure.
OS is Debian 8.0 (raspbian)
root@router01:~# ssh samba01 cat /etc/debian_version
8.0
root@router01:~# ssh samba02 cat /etc/debian_version
8.0
root@router01:~# ssh samba03 cat /etc/debian_version
8.0
samba01/02 are in 192.168.2.0, 03 is in .6.0
Here's my bind.conf:
root@samba01:/etc/bind# cat named.conf*
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in
/etc/bind/named.conf.local
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/etc/bind/db.root";
};
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
include "/var/lib/samba/private/named.conf";
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses
replacing
// the all-0's placeholder.
forwarders {
8.8.8.8; 192.168.2.1;
};
allow-query { any; };
//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See
https://www.isc.org/bind-keys
//========================================================================
dnssec-validation auto;
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
};
root@samba01:/etc/bind# cat "/var/lib/samba/private/named.conf"
# This DNS configuration is for BIND 9.8.0 or later with dlz_dlopen support.
#
# This file should be included in your main BIND configuration file
#
# For example with
# include "/var/lib/samba/private/named.conf";
#
# This configures dynamically loadable zones (DLZ) from AD schema
# Uncomment only single database line, depending on your BIND version
#
dlz "AD DNS Zone" {
# For BIND 9.8.x
# database "dlopen /usr/lib/samba/bind9/dlz_bind9.so";
# For BIND 9.9.x
database "dlopen /usr/lib/samba/bind9/dlz_bind9_9.so";
# For BIND 9.10.x
# database "dlopen /usr/lib/samba/bind9/dlz_bind9_10.so";
# For BIND 9.11.x
# database "dlopen /usr/lib/samba/bind9/dlz_bind9_11.so";
};
i may send i dns-admin screenshot (windows dns admin) but only directly...
some more details about my setup (currently running)
Three DCs running Samab:
root@router01:~# ssh samba01 samba -V
Version 4.5.3
root@router01:~# ssh samba02 samba -V
Version 4.5.3
root@router01:~# ssh samba03 samba -V
Version 4.5.3
All running currently SAMBA_INTERNAL DNS due to the same failure.
OS is Debian 8.0 (raspbian)
root@router01:~# ssh samba01 cat /etc/debian_version
8.0
root@router01:~# ssh samba02 cat /etc/debian_version
8.0
root@router01:~# ssh samba03 cat /etc/debian_version
8.0
samba01/02 are in 192.168.2.0, 03 is in .6.0
Here's my bind.conf:
root@samba01:/etc/bind# cat named.conf*
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in
/etc/bind/named.conf.local
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/etc/bind/db.root";
};
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
include "/var/lib/samba/private/named.conf";
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses
replacing
// the all-0's placeholder.
forwarders {
8.8.8.8; 192.168.2.1;
};
allow-query { any; };
//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See
https://www.isc.org/bind-keys
//========================================================================
dnssec-validation auto;
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
};
root@samba01:/etc/bind# cat "/var/lib/samba/private/named.conf"
# This DNS configuration is for BIND 9.8.0 or later with dlz_dlopen support.
#
# This file should be included in your main BIND configuration file
#
# For example with
# include "/var/lib/samba/private/named.conf";
#
# This configures dynamically loadable zones (DLZ) from AD schema
# Uncomment only single database line, depending on your BIND version
#
dlz "AD DNS Zone" {
# For BIND 9.8.x
# database "dlopen /usr/lib/samba/bind9/dlz_bind9.so";
# For BIND 9.9.x
database "dlopen /usr/lib/samba/bind9/dlz_bind9_9.so";
# For BIND 9.10.x
# database "dlopen /usr/lib/samba/bind9/dlz_bind9_10.so";
# For BIND 9.11.x
# database "dlopen /usr/lib/samba/bind9/dlz_bind9_11.so";
};
i may send i dns-admin screenshot (windows dns admin) but only directly...
Dirk Laurenz via samba
Jan 24, 2017, 6:50:03 PM1/24/17
to
export from windows dns admin:
Name Typ Status DNSSEC-Status Schlüsselmaster
local.laurenz.ws Active Directory-integriert, primär Wird ausgeführt
Nicht signiert
_msdcs.local.laurenz.ws Active Directory-integriert, primär Wird
ausgeführt Nicht signiert
maybe this is also from interest:
root@samba01:/etc/bind# samba_dnsupdate
Name Typ Status DNSSEC-Status Schlüsselmaster
local.laurenz.ws Active Directory-integriert, primär Wird ausgeführt
Nicht signiert
_msdcs.local.laurenz.ws Active Directory-integriert, primär Wird
ausgeführt Nicht signiert
maybe this is also from interest:
root@samba01:/etc/bind# samba_dnsupdate
Traceback (most recent call last):
File "/usr/sbin/samba_dnsupdate", line 784, in <module>
creds = get_credentials(lp)
File "/usr/sbin/samba_dnsupdate", line 141, in get_credentials
ans = check_one_dns_name(sub_vars['DNSDOMAIN'] + '.', 'NS')
File "/usr/sbin/samba_dnsupdate", line 251, in check_one_dns_name
ans = resolver.query(name, name_type)
File "/usr/lib/python2.7/dist-packages/dns/resolver.py", line 912, in
query
raise_on_no_answer)
File "/usr/lib/python2.7/dist-packages/dns/resolver.py", line 143, in
__init__
raise NoAnswer
dns.resolver.NoAnswer
File "/usr/sbin/samba_dnsupdate", line 784, in <module>
creds = get_credentials(lp)
File "/usr/sbin/samba_dnsupdate", line 141, in get_credentials
ans = check_one_dns_name(sub_vars['DNSDOMAIN'] + '.', 'NS')
File "/usr/sbin/samba_dnsupdate", line 251, in check_one_dns_name
ans = resolver.query(name, name_type)
File "/usr/lib/python2.7/dist-packages/dns/resolver.py", line 912, in
query
raise_on_no_answer)
File "/usr/lib/python2.7/dist-packages/dns/resolver.py", line 143, in
__init__
raise NoAnswer
dns.resolver.NoAnswer
Dirk Laurenz via samba
Jan 24, 2017, 7:30:02 PM1/24/17
to
just updated to 4.5.4
switched back to bind dns backend and everything works fine now...
switched back to bind dns backend and everything works fine now...
L.P.H. van Belle via samba
Jan 25, 2017, 2:50:02 AM1/25/17
to
Still
Check this line from you named config.
include "/etc/bind/named.conf.default-zones";
This can cause an overlap in the zones, so be carefull with that one.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-...@lists.samba.org] Namens Dirk Laurenz via
> samba
> Verzonden: woensdag 25 januari 2017 1:26
Check this line from you named config.
include "/etc/bind/named.conf.default-zones";
This can cause an overlap in the zones, so be carefull with that one.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-...@lists.samba.org] Namens Dirk Laurenz via
> samba
> Aan: sa...@lists.samba.org
> Onderwerp: Re: [Samba] DNS Update not working after update to 4.5.3
>
> Onderwerp: Re: [Samba] DNS Update not working after update to 4.5.3
>
Rowland Penny via samba
Jan 25, 2017, 4:20:02 AM1/25/17
to
On Wed, 25 Jan 2017 00:12:14 +0100
Dirk Laurenz via samba <sa...@lists.samba.org> wrote:
> i only check via dns admin (windows)
>
that should show your dns records, but you could try using the Samba
Dirk Laurenz via samba <sa...@lists.samba.org> wrote:
> i only check via dns admin (windows)
>
tools ldbsearch or ldbedit, these will search in the ldb files on the
DC.
You could also try running samba_dnsupgrade, this will recreate the
base records. Try 'samba_dnsupgrade --help' for more info.
Dirk Laurenz via samba
Jan 25, 2017, 8:00:03 AM1/25/17
to
i will do so.... thanks
mathias dufresne via samba
Jan 25, 2017, 8:40:03 AM1/25/17
to
A small typo:
samba_dnsupgrade does not exist.
samba_upgradedns is to switch between internal DNS system and Bind9+DLZ
samba_dnsupdate is to create missing DNS records related to current DC.
These DNS records are obviously only standard needed DNS records for a DC,
nothing esoteric, specific.
And samba_dnsupdate without any argument should return telling nothing.
That's what it does when things go well.
samba_dnsupgrade does not exist.
samba_upgradedns is to switch between internal DNS system and Bind9+DLZ
samba_dnsupdate is to create missing DNS records related to current DC.
These DNS records are obviously only standard needed DNS records for a DC,
nothing esoteric, specific.
And samba_dnsupdate without any argument should return telling nothing.
That's what it does when things go well.
0 new messages