Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

[Samba] named ( bind 9.9.4 ) fails to start

364 views
Skip to first unread message

Maton, Brett via samba

unread,
Sep 26, 2016, 6:20:03 PM9/26/16
to
Hi,

I removed a couple of dead DC's from my domain using this command:

samba-tool domain demote --remove-other-dead-server=<dc name>


I then restarted named on the remaining server, but it failed to start
with the following errors in messages:

named[30255]: samba_dlz: configured writeable zone 'x.x.x.in-addr.arpa'
named[30255]: samba_dlz: configured writeable zone 'x.x.x.in-addr.arpa'
named[30255]: zone mydomain.com/NONE: has no NS records
named[30255]: samba_dlz: Failed to configure zone 'mydomain.com'
named[30255]: loading configuration: bad zone
named[30255]: exiting (due to fatal error)
named[30255]: samba_dlz: shutting down

samba-tool fsmo show lists all service as being owned by the remaining
server.

What should I do next ?
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

Rowland Penny via samba

unread,
Sep 27, 2016, 3:10:03 AM9/27/16
to
On Mon, 26 Sep 2016 22:44:36 +0100
"Maton, Brett via samba" <sa...@lists.samba.org> wrote:

> Hi,
>
> I removed a couple of dead DC's from my domain using this command:
>
> samba-tool domain demote --remove-other-dead-server=<dc name>
>
>
> I then restarted named on the remaining server, but it failed to
> start with the following errors in messages:
>
> named[30255]: samba_dlz: configured writeable zone
> 'x.x.x.in-addr.arpa' named[30255]: samba_dlz: configured writeable
> zone 'x.x.x.in-addr.arpa' named[30255]: zone mydomain.com/NONE: has
> no NS records named[30255]: samba_dlz: Failed to configure zone
> 'mydomain.com' named[30255]: loading configuration: bad zone
> named[30255]: exiting (due to fatal error)
> named[30255]: samba_dlz: shutting down
>
> samba-tool fsmo show lists all service as being owned by the remaining
> server.
>
> What should I do next ?

It looks like you haven't got a forward zone, but I cannot see removing
dead DCs will cause this.

What version of Samba are you using ?
What OS ?

Have you checked if the records are still in AD ?

Rowland

Maton, Brett via samba

unread,
Sep 27, 2016, 4:00:08 AM9/27/16
to
Hi Rowland thanks for your response.

I'm running samba 4.5.0rc1 on CentOS 7.2

I've dumped the DNS records, and it doesn't appear to have any SRV or NS
records.

Also the SOA record is pointing at the wrong server dc03 instead of dc01.

I'm pretty sure it can be fixed, but I don't know how or what to do

On 27 September 2016 at 07:59, Rowland Penny via samba <

Rowland Penny via samba

unread,
Sep 27, 2016, 5:30:03 AM9/27/16
to
On Tue, 27 Sep 2016 08:53:24 +0100
"Maton, Brett" <mat...@ltresources.co.uk> wrote:

> Hi Rowland thanks for your response.
>
> I'm running samba 4.5.0rc1 on CentOS 7.2
>
> I've dumped the DNS records, and it doesn't appear to have any SRV or
> NS records.
>
> Also the SOA record is pointing at the wrong server dc03 instead of
> dc01.
>
> I'm pretty sure it can be fixed, but I don't know how or what to do
>

OK, try restarting Samba, then Bind again.
If that doesn't work, try rebooting

If that doesn't work, back up your install and try this:

Note: do not try anything below without good backups, if your AD goes
badly wrong (it shouldn't), don't blame me.

samba-tool dns add 127.0.0.1 mydomain.com @ A <dc01 ipaddress>

samba-tool dns add 127.0.0.1 mydomain.com @ NS dc01.mydomain.com

Check your SOA record again

If that works, you might want to try this:

samba-tool dns delete 127.0.0.1 mydomain.com @ A <dc03 ipaddress>

samba-tool dns delete 127.0.0.1 mydomain.com @ NS dc03.mydomain.com

Once everything is working, you might want to think about updating
Samba, 4.5.0 has now been released

Maton, Brett via samba

unread,
Sep 27, 2016, 7:10:03 AM9/27/16
to
Thanks Rowland,

You saved me from a world of pain, I've now got named back up and running
and also accessible via windows DNS GUI.

the SOA record still says ns=dc03.. which is strange and the only place
dc03 exists in the ouput of

samba-tool dns query localhost mydomain.com @ ALL

Is this something I can fix in the windows DNS GUI or do I need to do
something with like FSMO ?

Which btw (samba-tool fsmo show) lists everything as being owned by dc01

Thanks again BTW

On 27 September 2016 at 10:20, Rowland Penny via samba <

Maton, Brett via samba

unread,
Sep 27, 2016, 7:40:04 AM9/27/16
to
It appears to have healed itself, I tried to samba-tool update which failed
with record doesn't exist.

Querying DNS again is now returning the SOA record pointing at dc01.

Thanks again Rowland for averting my crisis!


On 27 September 2016 at 11:31, Maton, Brett <mat...@ltresources.co.uk>
wrote:

0 new messages