[prev in list] [next in list] [prev in thread] [next in thread]
List: samba
Subject: [Samba] FW: Internal DNS migrate to Bind9_DLZ
From: "=?windows-1252?Q?L.P.H._van_Belle?= via samba" <samba () lists ! samba ! org>
Date: 2018-10-31 13:52:28
Message-ID: vmime.5bd9b39c.3b3c.5f204bc4414e30dc () ms249-lin-003 ! rotterdam ! bazuin ! nl
[Download RAW message or body]
Hai,
I've checked out the log you send and i re-read the complete thread.
Based on thats done and what i did see in you logs now, looks like a * (wildcard) \
entry is giving the problem. But i am not sure of that, the wildcard bugs should be \
fixed, when i look in bugzilla. (#10435 #12952 )
I've forwarded the mail to Rowland also before we go throw things at you again. ;-)
I've snaped the parts i think where the interesting parts in this mail, but maybe \
Rowland notices more.
Last, have you tried with the bind config at port 53 in stead of 5353.
Please note, RedHat is not my cookie so any Centos/Red Hat people here, comments are \
usefull.. last remove this part from you named.conf
# Root Servers
# (Required for recursive DNS queries)
zone "." {
type hint;
file "named.root";
};
# localhost zone
zone "localhost" {
type master;
file "master/localhost.zone";
};
# 127.0.0. zone.
zone "0.0.127.in-addr.arpa" {
type master;
file "master/0.0.127.zone";
};
These zones are also in \
DC=RootDNSServers,CN=MicrosoftDNS,DC=DomainDnsZones,DC=<domain>,DC=corp
The log parts.
31-Oct-2018 13:26:56.585 processing statistics channel 127.0.0.1#8653
31-Oct-2018 13:26:56.585 statistics channel listening on 127.0.0.1#8653
31-Oct-2018 13:26:56.585 using default UDP/IPv4 port range: [1024, 65535]
31-Oct-2018 13:26:56.585 using default UDP/IPv6 port range: [1024, 65535]
31-Oct-2018 13:26:56.589 no IPv6 interfaces found
31-Oct-2018 13:26:56.589 listening on IPv4 interface lo, 127.0.0.1#5353
31-Oct-2018 13:26:56.590 clientmgr @0x7f4bcc691010: create
..
31-Oct-2018 13:26:56.607 listening on IPv4 interface ens192, <IP>#5353
..
31-Oct-2018 13:26:56.617 generating session key for dynamic DNS
31-Oct-2018 13:26:56.618 sizing zone task pool based on 3 zones
31-Oct-2018 13:26:56.619 decrement_reference: delete from rbt: 0x7f4bcc6acc70 .
31-Oct-2018 13:26:56.620 Loading 'AD DNS Zone' using driver dlopen
31-Oct-2018 13:26:56.620 Loading SDLZ driver.
--
31-Oct-2018 13:26:56.754 samba_dlz: dn: @ROOTDSE
31-Oct-2018 13:26:56.754 samba_dlz: configurationNamingContext: \
CN=Configuration,DC=<domain>,DC=corp 31-Oct-2018 13:26:56.754 samba_dlz: \
defaultNamingContext: DC=<domain>,DC=corp 31-Oct-2018 13:26:56.754 samba_dlz: \
schemaNamingContext: CN=Schema,CN=Configuration,DC=<domain>,DC=corp
and then it starts the fail.
31-Oct-2018 13:26:56.758 samba_dlz:
31-Oct-2018 13:26:56.758 samba_dlz: ldb: ldb_asprintf/set_errstring: No such Base DN: \
CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=<domain>,DC=corp \
31-Oct-2018 13:26:56.758 samba_dlz: ldb: ldb_trace_response: DONE 31-Oct-2018 \
13:26:56.758 samba_dlz: error: 32 31-Oct-2018 13:26:56.758 samba_dlz: msg: No such \
Base DN: CN=Directory Service,CN=Windows \
NT,CN=Services,CN=Configuration,DC=<domain>,DC=corp 31-Oct-2018 13:26:56.758 \
samba_dlz:
31-Oct-2018 13:26:56.763 samba_dlz: dn: @PARTITION
31-Oct-2018 13:26:56.763 samba_dlz: replicateEntries: @ATTRIBUTES
31-Oct-2018 13:26:56.763 samba_dlz: replicateEntries: @INDEXLIST
31-Oct-2018 13:26:56.763 samba_dlz: replicateEntries: @OPTIONS
31-Oct-2018 13:26:56.763 samba_dlz: partition: \
CN=SCHEMA,CN=CONFIGURATION,DC=<domain>,DC=CORP:sam.ldb.d/CN=SCHE 31-Oct-2018 \
13:26:56.763 samba_dlz: MA,CN=CONFIGURATION,DC=<domain>,DC=CORP.ldb 31-Oct-2018 \
13:26:56.763 samba_dlz: partition: \
CN=CONFIGURATION,DC=<domain>,DC=CORP:sam.ldb.d/CN=CONFIGURATION, 31-Oct-2018 \
13:26:56.764 samba_dlz: DC=<domain>,DC=CORP.ldb 31-Oct-2018 13:26:56.764 samba_dlz: \
partition: DC=<domain>,DC=CORP:sam.ldb.d/DC=<domain>,DC=CORP.ldb 31-Oct-2018 \
13:26:56.764 samba_dlz: partition: \
DC=DOMAINDNSZONES,DC=<domain>,DC=CORP:sam.ldb.d/DC=DOMAINDNSZONE 31-Oct-2018 \
13:26:56.764 samba_dlz: S,DC=<domain>,DC=CORP.ldb 31-Oct-2018 13:26:56.764 \
samba_dlz: partition: \
DC=FORESTDNSZONES,DC=<domain>,DC=CORP:sam.ldb.d/DC=FORESTDNSZONE 31-Oct-2018 \
13:26:56.764 samba_dlz: S,DC=<domain>,DC=CORP.ldb
31-Oct-2018 13:26:56.777 samba_dlz: Initial schema load needed, as we have no \
existing schema, seq_num: 1 31-Oct-2018 13:26:56.921 samba_dlz: schema_fsmo_init: we \
are master[no] updates allowed[no]
31-Oct-2018 13:26:56.776 samba_dlz: ldb: ldb_trace_response: ENTRY
31-Oct-2018 13:26:56.776 samba_dlz: dn: DC=<domain>,DC=corp
31-Oct-2018 13:26:56.776 samba_dlz: objectSid: S-1-5-21-123456789-115225906-12345679 \
( i've changed this SID for you. ) 31-Oct-2018 13:26:56.776 samba_dlz:
31-Oct-2018 13:26:56.921 samba_dlz: schema_fsmo_init: we are master[no] updates \
allowed[no]
31-Oct-2018 13:26:57.154 samba_dlz: ldb: ldb_trace_response: ENTRY
31-Oct-2018 13:26:57.154 samba_dlz: dn: CN=NTDS \
Settings,CN=XXX002AAAAA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=<domain>,DC=corp
31-Oct-2018 13:26:57.154 samba_dlz: msDS-Behavior-Version: 4
31-Oct-2018 13:26:57.158 samba_dlz: started for DN DC=<domain>,DC=corp
31-Oct-2018 13:26:57.158 SDLZ driver loaded successfully.
31-Oct-2018 13:26:57.158 DLZ driver loaded successfully.
31-Oct-2018 13:26:57.158 samba_dlz: starting configure
31-Oct-2018 13:26:57.218 samba_dlz: ldb: ldb_asprintf/set_errstring: No such Base DN: \
DC=*,DC=<domain>.corp,CN=MicrosoftDNS,DC=DomainDnsZones,DC=<domain>,DC=corp \
31-Oct-2018 13:26:57.218 samba_dlz: ldb: ldb_trace_response: DONE 31-Oct-2018 \
13:26:57.218 samba_dlz: error: 32 31-Oct-2018 13:26:57.218 samba_dlz: msg: No such \
Base DN: DC=*,DC=<domain>.corp,CN=MicrosoftDNS,DC=DomainDnsZones,DC=<domain>,DC=corp \
31-Oct-2018 13:26:57.482 samba_dlz: ldb: ldb_trace_request: SEARCH
31-Oct-2018 13:26:57.482 samba_dlz: dn: \
DC=*,DC=<domain>.corp,CN=MicrosoftDNS,DC=ForestDnsZones,DC=<domain>,DC=corp \
31-Oct-2018 13:26:57.482 samba_dlz: scope: base 31-Oct-2018 13:26:57.482 samba_dlz: \
expr: (&(objectClass=dnsNode)(!(dNSTombstoned=TRUE))) 31-Oct-2018 13:26:57.482 \
samba_dlz: attr: dnsRecord 31-Oct-2018 13:26:57.482 samba_dlz: attr: dNSTombstoned
31-Oct-2018 13:26:57.482 samba_dlz: control: <NONE>
31-Oct-2018 13:26:57.485 samba_dlz:
31-Oct-2018 13:26:57.485 samba_dlz: ldb: ldb_asprintf/set_errstring: No such Base DN: \
DC=*,DC=<domain>.corp,CN=MicrosoftDNS,DC=ForestDnsZones,DC=<domain>,DC=corp \
31-Oct-2018 13:26:57.485 samba_dlz: ldb: ldb_trace_response: DONE 31-Oct-2018 \
13:26:57.485 samba_dlz: error: 32 31-Oct-2018 13:26:57.486 samba_dlz: msg: No such \
Base DN: DC=*,DC=<domain>.corp,CN=MicrosoftDNS,DC=ForestDnsZones,DC=<domain>,DC=corp \
31-Oct-2018 13:26:57.486 samba_dlz:
31-Oct-2018 13:26:57.488 samba_dlz:
31-Oct-2018 13:26:57.488 samba_dlz: ldb: ldb_asprintf/set_errstring: No such Base DN: \
DC=<domain>.corp,CN=MicrosoftDNS,DC=ForestDnsZones,DC=<domain>,DC=corp 31-Oct-2018 \
13:26:57.488 samba_dlz: ldb: ldb_trace_response: DONE 31-Oct-2018 13:26:57.488 \
samba_dlz: error: 32 31-Oct-2018 13:26:57.488 samba_dlz: msg: No such Base DN: \
DC=<domain>.corp,CN=MicrosoftDNS,DC=ForestDnsZones,DC=<domain>,DC=corp 31-Oct-2018 \
13:26:57.488 samba_dlz:
31-Oct-2018 13:26:57.494 samba_dlz:
31-Oct-2018 13:26:57.494 zone <domain>.corp/NONE: loaded; checking validity
31-Oct-2018 13:26:57.494 zone <domain>.corp/NONE: has 0 SOA records
31-Oct-2018 13:26:57.494 zone <domain>.corp/NONE: has no NS records
31-Oct-2018 13:26:57.494 samba_dlz: Failed to configure zone '<domain>.corp'
31-Oct-2018 13:26:57.495 load_configuration: bad zone
31-Oct-2018 13:26:57.495 loading configuration: bad zone
31-Oct-2018 13:26:57.495 client @0x7f4bb80ea690: udprecv
31-Oct-2018 13:26:57.495 exiting (due to fatal error)
31-Oct-2018 13:26:57.495 client @0x7f4bb80f8a40: udprecv
Greetz,
Louis
Van: Eben Victor [mailto:eben.victor@gmail.com]
Verzonden: woensdag 31 oktober 2018 13:35
Aan: L.P.H. van Belle
CC: samba@lists.samba.org
Onderwerp: Re: [Samba] Internal DNS migrate to Bind9_DLZ
Hello Louis,
I finally managed to try and do some testing again.
Apologies for this issue to still popping up, I have tried everything.
See attached samba and named debugging set to 10.
I have currently removed all reverse zones, I ran 'samba-tool dbcheck --fix --yes'
I'm busy testing on 1 of my 7 DC's but no matter same error.
Kind Regards
On Tue, Jul 31, 2018 at 11:33 AM L.P.H. van Belle via samba <samba@lists.samba.org> \
wrote:
Hai,
Did you make sure that your root and localhost zones are loaded last in the bind \
config.
The order matters, at least if you also use bind_DLZ.
I suggest, you try it.
Im Just thinking about this, if your . (root) zone is loaded, and its trying to \
lookup you company.corp domain. It hits resolv.conf then you bind, and bind_dlz is \
not loaded yet, so lookup on the internet. Its a possible option this happens, i dont \
know the bind9_dlz code.
And this, >> domain.corp is just an alias, not the actual domain name.
Setup a with a real zone.
But pretty im sure your problem is caused by one of these 2.
I suguest start with making sure your localhost and root zones are loaded last on \
named.conf.
In my Debian server the order is as followed.
include "/etc/bind/named.conf.options"; < here (withing the options line: at \
the bottum of the global options: tkey-gssapi-keytab \
"/var/lib/samba/private/dns.keytab"; include "/etc/bind/named.conf.local"; \
< here only one line: include "/var/lib/samba/private/named.conf"; include \
"/etc/bind/named.conf.default-zones"; < here are my root and localhost zones ( \
default bind, not in DLZ )
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces@lists.samba.org] Namens
> Rowland Penny via samba
> Verzonden: dinsdag 31 juli 2018 10:23
> Aan: samba@lists.samba.org
> Onderwerp: Re: [Samba] Internal DNS migrate to Bind9_DLZ
>
> On Mon, 30 Jul 2018 23:36:46 +0200
> Eben Victor <eben.victor@gmail.com> wrote:
>
> > It is part of the Sernet packages and is currently on 1.3.4
> > /usr/lib64/samba/libldb.so.1.3.4
> >
> > We started using sernet-samba-ad from v4 using the internal dns and
> > updated as versions were released. We have now recently updated from
> > 4.8.2 to 4.8.3 and still using internal dns.
> > Our DNS is working as it should, it's only been since recently that
> > we have to migrate to bind9.
> >
>
> So, you are using Samba without problem, it is just that when you try
> to use Bind9 instead of the internal dns server, your problems start.
>
> Let's just recap
>
> You have run 'samba_upgradedns'
> You have altered smb.conf
> You have configured 'named.conf' correctly
> The Samba 'named.conf' file is readable by 'named' (this should be
> 'rw-r--r--' i.e. world readable)
>
> But, even though everything looks okay, Bind9 will not start.
>
> This is strange, there doesn't seem to be any reason for it.
>
> Is anybody using the combination of Centos 7, Samba 4.8.3 and Bind9
> without problems ?
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
--
Eben Victor
Cell: +27 82 759 5266
Email: eben.victor@gmail.com
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic