Web lists-archives.com

Re: [Samba] " a misconfigured DNS zone" (was Provision new domain keeping users and passwords (Santiago))




Hello,
Thank you very much for your reply.
I changed named.conf And this is the log:

Mar 30 08:23:35 neptuno named[3419]: sizing zone task pool based on 1 zones
Mar 30 08:23:35 neptuno named[3419]: Loading 'AD DNS Zone' using driver dlopen
Mar 30 08:23:35 neptuno named[3419]: samba_dlz: started for DN
DC=pragma,DC=com,DC=co
Mar 30 08:23:35 neptuno named[3419]: samba_dlz: starting configure
Mar 30 08:23:35 neptuno named[3419]: samba_dlz: configured writeable
zone 'waspruebas.proteccion.com.co'
Mar 30 08:23:35 neptuno named[3419]: samba_dlz: configured writeable
zone 'segdllo02.suranet.com'
Mar 30 08:23:35 neptuno named[3419]: zone dbmed04.pragma.com.co/NONE:
has no NS records
Mar 30 08:23:35 neptuno named[3419]: samba_dlz: Failed to configure
zone 'dbmed04.pragma.com.co'
Mar 30 08:23:35 neptuno named[3419]: loading configuration: bad zone
Mar 30 08:23:35 neptuno named[3419]: exiting (due to fatal error)

Best regards,

Santiago.

2017-03-30 2:13 GMT-05:00, L.P.H. van Belle via samba <samba@xxxxxxxxxxxxxxx>:
> Hai,
>
> Ok, first, 15--03-2017 Rowland replied on your subject :
> "Re: [Samba] Problems with replication and dns"
> Did you try to setup that config exact as he did show?
>
> If not, and even if you did, below is your config, but adjusted, at least
> now it "usable" for the AD DC.
> So please setup this up, restart bind and post the log again.
> (more info : https://wiki.samba.org/index.php/Setting_up_a_BIND_DNS_Server)
>
> I tried to keep your config as much as is, so its easier to track the
> changes. Nothing is removed, only remarked where needed.
>
>
> options {
> 	auth-nxdomain yes;
> 	
> 	//listen-on port 53 { 127.0.0.1; };
> 	//listen-on-v6 port 53 { ::1; };
> 	directory 	"/var/named";
> 	dump-file 	"/var/named/data/cache_dump.db";
>       statistics-file "/var/named/data/named_stats.txt";
>       memstatistics-file "/var/named/data/named_mem_stats.txt";
> 	//allow-query     { localhost; };
> 	recursion yes;
> 	empty-zones-enable no;
>
> 	dnssec-enable yes;
> 	dnssec-validation yes;
>
> 	tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab";
> 	
> 	/* Path to ISC DLV key */
> 	bindkeys-file "/etc/named.iscdlv.key";
> 	managed-keys-directory "/var/named/dynamic";
> };
>
> logging {
>         channel default_debug {
>                 file "data/named.run";
>                 severity dynamic;
>         };
> };
>
> // I changed the load order here, make user the DLZ zones are loaded first.
> include "/usr/local/samba/private/named.conf";
>
> //include "/etc/named.rfc1912.zones";
> include "/etc/named.root.key";
>
> zone "." IN {
> 	type hint;
> 	file "named.ca";
> };
>
>
> Greetz,
>
> Louis
>
>
>
>
>> -----Oorspronkelijk bericht-----
>> Van: Santiago Londoño Mejía [mailto:santiago.londono@xxxxxxxxxxxxx]
>> Verzonden: woensdag 29 maart 2017 17:33
>> Aan: L.P.H. van Belle
>> Onderwerp: Re: [Samba] Provision new domain keeping users and passwords
>> (Santiago)
>>
>> Hello,
>>
>> Thank you very much for your reply
>> named.conf:
>>
>> options {
>> 	listen-on port 53 { 127.0.0.1; };
>> 	listen-on-v6 port 53 { ::1; };
>> 	directory 	"/var/named";
>> 	dump-file 	"/var/named/data/cache_dump.db";
>>         statistics-file "/var/named/data/named_stats.txt";
>>         memstatistics-file "/var/named/data/named_mem_stats.txt";
>> 	allow-query     { localhost; };
>> 	recursion yes;
>>
>> 	dnssec-enable yes;
>> 	dnssec-validation yes;
>>  tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab";
>> 	/* Path to ISC DLV key */
>> 	bindkeys-file "/etc/named.iscdlv.key";
>>
>> 	managed-keys-directory "/var/named/dynamic";
>> };
>>
>> logging {
>>         channel default_debug {
>>                 file "data/named.run";
>>                 severity dynamic;
>>         };
>> };
>>
>> zone "." IN {
>> 	type hint;
>> 	file "named.ca";
>> };
>>
>> include "/etc/named.rfc1912.zones";
>> include "/etc/named.root.key";
>> include "/usr/local/samba/private/named.conf";
>>
>> named log:
>>
>> Mar 29 10:31:00 neptuno named[32096]: sizing zone task pool based on 6
>> zones
>> Mar 29 10:31:00 neptuno named[32096]: Loading 'AD DNS Zone' using driver
>> dlopen
>> Mar 29 10:31:00 neptuno named[32096]: samba_dlz: started for DN
>> DC=pragma,DC=com,DC=co
>> Mar 29 10:31:00 neptuno named[32096]: samba_dlz: starting configure
>> Mar 29 10:31:00 neptuno named[32096]: samba_dlz: configured writeable
>> zone 'waspruebas.proteccion.com.co'
>> Mar 29 10:31:00 neptuno named[32096]: samba_dlz: configured writeable
>> zone 'segdllo02.suranet.com'
>> Mar 29 10:31:00 neptuno named[32096]: zone dbmed04.pragma.com.co/NONE:
>> has no NS records
>> Mar 29 10:31:00 neptuno named[32096]: samba_dlz: Failed to configure
>> zone 'dbmed04.pragma.com.co'
>> Mar 29 10:31:00 neptuno named[32096]: loading configuration: bad zone
>> Mar 29 10:31:00 neptuno named[32096]: exiting (due to fatal error)
>>
>> Best regards,
>>
>> Santiago.
>>
>> 2017-03-29 9:48 GMT-05:00, L.P.H. van Belle via samba
>> <samba@xxxxxxxxxxxxxxx>:
>> > Hai Santiago,
>> >
>> >
>> >
>> > Your welkom, i hope i can help you out.
>> >
>> >
>> >
>> > Post my your bind9 configuration, you can anonimize it if needed,
>> >
>> > but dont remove any lines from it.
>> >
>> >
>> >
>> > And i need a snap of the log when bind is starting up.
>> >
>> > Like this one :
>> >
>> > Mar 29 16:42:58 dc1 named[21921]: starting BIND 9.9.5-9+deb8u10-Debian
>> > -
>> f -u
>> > bind
>> >
>> > Mar 29 16:42:58 dc1 named[21921]: built with '?pr.... etc. .
>> >
>> > Mar 29 16:42:58 dc1 named[21921]: ---bla bla.....
>> >
>> > ..... and from this point is what i really want.
>> >
>> >
>> >
>> > Mar 29 16:42:58 dc1 named[21921]: using up to 4096 sockets
>> >
>> > Mar 29 16:42:58 dc1 named[21921]: loading configuration from
>> > '/etc/bind/named.conf'
>> >
>> > Mar 29 16:42:58 dc1 named[21921]: reading built-in trusted keys from
>> file
>> > '/etc/bind/bind.keys'
>> >
>> > Mar 29 16:42:58 dc1 named[21921]: using default UDP/IPv4 port range:
>> [1024,
>> > 65535]
>> >
>> > Mar 29 16:42:58 dc1 named[21921]: using default UDP/IPv6 port range:
>> [1024,
>> > 65535]
>> >
>> > Mar 29 16:42:58 dc1 named[21921]: listening on IPv4 interface lo,
>> > 127.0.0.1#53
>> >
>> > Mar 29 16:42:58 dc1 named[21921]: listening on IPv4 interface eth0,
>> > 192.168.1.1#53
>> >
>> > Mar 29 16:42:58 dc1 named[21921]: generating session key for dynamic
>> > DNS
>> >
>> > Mar 29 16:42:58 dc1 named[21921]: sizing zone task pool based on 5
>> > zones
>> >
>> > Mar 29 16:42:58 dc1 named[21921]: Loading 'AD DNS Zone' using driver
>> dlopen
>> >
>> > Mar 29 16:42:58 dc1 named[21921]: samba_dlz: started for DN
>> > DC=officemain,DC=domain,DC=tld
>> >
>> > Mar 29 16:42:58 dc1 named[21921]: samba_dlz: starting configure
>> >
>> > Mar 29 16:42:58 dc1 named[21921]: samba_dlz: configured writeable zone
>> > '1.168.192.in-addr.arpa'
>> >
>> > Mar 29 16:42:58 dc1 named[21921]: samba_dlz: configured writeable zone
>> > '0.1.10.in-addr.arpa'
>> >
>> > Mar 29 16:42:58 dc1 named[21921]: samba_dlz: configured writeable zone
>> > '1.2.10.in-addr.arpa'
>> >
>> > Mar 29 16:42:58 dc1 named[21921]: samba_dlz: configured writeable zone
>> > '2.3.10.in-addr.arpa'
>> >
>> > Mar 29 16:42:58 dc1 named[21921]: samba_dlz: configured writeable zone
>> > '3.4.10.in-addr.arpa'
>> >
>> > Mar 29 16:42:58 dc1 named[21921]: samba_dlz: configured writeable zone
>> > '4.5.10.in-addr.arpa'
>> >
>> > Mar 29 16:42:58 dc1 named[21921]: samba_dlz: configured writeable zone
>> > 'officemain.domain.tld'
>> >
>> > Mar 29 16:42:58 dc1 named[21921]: samba_dlz: configured writeable zone
>> > 'office1.domain.tld'
>> >
>> > Mar 29 16:42:58 dc1 named[21921]: samba_dlz: configured writeable zone
>> > 'office2.domain.tld'
>> >
>> > Mar 29 16:42:58 dc1 named[21921]: samba_dlz: configured writeable zone
>> > 'office3.domain.tld'
>> >
>> > Mar 29 16:42:58 dc1 named[21921]: samba_dlz: configured writeable zone
>> > 'office4.domain.tld'
>> >
>> > Mar 29 16:42:58 dc1 named[21921]: samba_dlz: configured writeable zone
>> > 'office5.domain.tld'
>> >
>> > Mar 29 16:42:58 dc1 named[21921]: samba_dlz: configured writeable zone
>> > 'domain.tld'
>> >
>> > Mar 29 16:42:58 dc1 named[21921]: samba_dlz: configured writeable zone
>> > '_msdcs.officemain.domain.tld'
>> >
>> > Mar 29 16:42:58 dc1 named[21921]: set up managed keys zone for view
>> > _default, file 'managed-keys.bind'
>> >
>> > Mar 29 16:42:58 dc1 named[21921]: command channel listening on
>> > 127.0.0.1#953
>> >
>> > Mar 29 16:42:58 dc1 named[21921]: managed-keys-zone: loaded serial 715
>> >
>> > Mar 29 16:42:58 dc1 named[21921]: zone 0.in-addr.arpa/IN: loaded serial
>> 1
>> >
>> > Mar 29 16:42:58 dc1 named[21921]: zone localhost/IN: loaded serial 2
>> >
>> > Mar 29 16:42:58 dc1 named[21921]: zone 127.in-addr.arpa/IN: loaded
>> serial 1
>> >
>> > Mar 29 16:42:58 dc1 named[21921]: zone 255.in-addr.arpa/IN: loaded
>> serial 1
>> >
>> > Mar 29 16:42:58 dc1 named[21921]: all zones loaded
>> >
>> > Mar 29 16:42:58 dc1 named[21921]: running
>> >
>> >
>> >
>> >
>> >
>> >> -----Oorspronkelijk bericht-----
>> >
>> >> Van: Santiago Londoño Mejía [mailto:santiago.londono@xxxxxxxxxxxxx]
>> >
>> >> Verzonden: woensdag 29 maart 2017 16:33
>> >
>> >> Aan: L.P.H. van Belle
>> >
>> >> Onderwerp: Re: [Samba] Provision new domain keeping users and
>> >> passwords
>> >
>> >> (Santiago)
>> >
>> >>
>> >
>> >> Hello,
>> >
>> >> backend: bind9_DLZ
>> >
>> >>
>> >
>> >> deleting  zone WASPRUEBAS.PROTECCION.COM.CO
>> >
>> >>
>> >
>> >> ./samba-tool dns zonedelete neptuno waspruebas.proteccion.com.co
>> >
>> >> ERROR(runtime): uncaught exception - (9717,
>> >
>> >> 'WERR_DNS_ERROR_DS_UNAVAILABLE')
>> >
>> >>   File "/usr/local/samba/lib64/python2.7/site-
>> >
>> >> packages/samba/netcmd/__init__.py",
>> >
>> >> line 175, in _run
>> >
>> >>     return self.run(*args, **kwargs)
>> >
>> >>   File "/usr/local/samba/lib64/python2.7/site-
>> >
>> >> packages/samba/netcmd/dns.py",
>> >
>> >> line 925, in run
>> >
>> >>     None)
>> >
>> >>
>> >
>> >> Thank you very much for your response
>> >
>> >> Best regards,
>> >
>> >>
>> >
>> >> Santiago.
>> >
>> >>
>> >
>> >>
>> >
>> >>
>> >
>> >>
>> >
>> >>
>> >
>> >>
>> >
>> >>
>> >
>> >>
>> >
>> >> 2017-03-29 9:17 GMT-05:00, L.P.H. van Belle via samba
>> >
>> >> <samba@xxxxxxxxxxxxxxx>:
>> >
>> >> > Hi Santiago,
>> >
>> >> >
>> >
>> >> > Same for you?
>> >
>> >> > Are you running samba internal DNS or bind9_DLZ?
>> >
>> >> >
>> >
>> >> > Can you explain a bit more about this?
>> >
>> >> >
>> >
>> >> >
>> >
>> >> > I know the sitiuantion to have problems with zones, and i may know a
>> >> > way
>> >
>> >> to
>> >
>> >> > get around it.
>> >
>> >> > At least i did fix something like this about 2 years ago with samba
>> >
>> >> 4.1.x
>> >
>> >> > and bind9_dlz.
>> >
>> >> >
>> >
>> >> >
>> >
>> >> > Greetz,
>> >
>> >> >
>> >
>> >> > Louis
>> >
>> >> >
>> >
>> >> >
>> >
>> >> >
>> >
>> >> > --
>> >
>> >> > To unsubscribe from this list go to the following URL and read the
>> >
>> >> > instructions:  https://lists.samba.org/mailman/options/samba
>> >
>> >> >
>> >
>> >>
>> >
>> >>
>> >
>> >> --
>> >
>> >> Santiago Londoño Mejía
>> >
>> >> Analista de Infraestructura
>> >
>> >> t. (574) 605 25 23 ext. 1232
>> >
>> >> m. (57) 3148332567
>> >
>> >> Medellín | Carrera 50  C #10 Sur  80
>> >
>> >> Bogotá | Medellín | Cali
>> >
>> >> www.pragma.com.co
>> >
>> >>
>> >
>> >> --
>> >
>> >>
>> >
>> >>
>> >
>> >> Este mensaje es confidencial. Puede contener información privilegiada
>> que
>> >
>> >> pertenece a PRAGMA S.A. y/o a sus clientes, contratistas, directores,
>> >
>> >> empleados y asesores, por tanto no debe ser usado ni divulgado por
>> >
>> >> personas distintas a su destinatario. Si obtiene este mensaje por
>> error,
>> >
>> >> equivocación u omisión, por favor bórrelo y avise al remitente.
>> >
>> >>
>> >
>> >> Está prohibida su retención, grabación, utilización o divulgación con
>> >
>> >> cualquier propósito.
>> >
>> >>
>> >
>> >> Este mensaje ha sido sometido a programas antivirus. No obstante,
>> PRAGMA
>> >
>> >> S.A. no asume ninguna responsabilidad por eventuales daños generados
>> por
>> >
>> >> el recibo y uso de este material, siendo responsabilidad del
>> destinatario
>> >
>> >> verificar con sus propios medios la existencia de virus u otros
>> defectos.
>> >
>> >>
>> >
>> >> Las opiniones, conclusiones y otra información contenida en este
>> >> correo
>> >> no
>> >
>> >> relacionadas con el negocio oficial de PRAGMA S.A., deben entenderse
>> como
>> >
>> >> personales y de ninguna manera son avaladas por la Compañía.
>> >
>> >
>> >
>> > --
>> > To unsubscribe from this list go to the following URL and read the
>> > instructions:  https://lists.samba.org/mailman/options/samba
>> >
>>
>>
>> --
>> Santiago Londoño Mejía
>> Analista de Infraestructura
>> t. (574) 605 25 23 ext. 1232
>> m. (57) 3148332567
>> Medellín | Carrera 50  C #10 Sur  80
>> Bogotá | Medellín | Cali
>> www.pragma.com.co
>>
>> --
>>
>>
>> Este mensaje es confidencial. Puede contener información privilegiada que
>> pertenece a PRAGMA S.A. y/o a sus clientes, contratistas, directores,
>> empleados y asesores, por tanto no debe ser usado ni divulgado por
>> personas distintas a su destinatario. Si obtiene este mensaje por error,
>> equivocación u omisión, por favor bórrelo y avise al remitente.
>>
>> Está prohibida su retención, grabación, utilización o divulgación con
>> cualquier propósito.
>>
>> Este mensaje ha sido sometido a programas antivirus. No obstante, PRAGMA
>> S.A. no asume ninguna responsabilidad por eventuales daños generados por
>> el recibo y uso de este material, siendo responsabilidad del destinatario
>> verificar con sus propios medios la existencia de virus u otros defectos.
>>
>> Las opiniones, conclusiones y otra información contenida en este correo
>> no
>> relacionadas con el negocio oficial de PRAGMA S.A., deben entenderse como
>> personales y de ninguna manera son avaladas por la Compañía.
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


-- 
Santiago Londoño Mejía
Analista de Infraestructura
t. (574) 605 25 23 ext. 1232
m. (57) 3148332567
Medellín | Carrera 50  C #10 Sur  80
Bogotá | Medellín | Cali
www.pragma.com.co

-- 


Este mensaje es confidencial. Puede contener información privilegiada que pertenece a PRAGMA S.A. y/o a sus clientes, contratistas, directores, empleados y asesores, por tanto no debe ser usado ni divulgado por personas distintas a su destinatario. Si obtiene este mensaje por error, equivocación u omisión, por favor bórrelo y avise al remitente.

Está prohibida su retención, grabación, utilización o divulgación con cualquier propósito.

Este mensaje ha sido sometido a programas antivirus. No obstante, PRAGMA S.A. no asume ninguna responsabilidad por eventuales daños generados por el recibo y uso de este material, siendo responsabilidad del destinatario verificar con sus propios medios la existencia de virus u otros defectos.

Las opiniones, conclusiones y otra información contenida en este correo no relacionadas con el negocio oficial de PRAGMA S.A., deben entenderse como personales y de ninguna manera son avaladas por la Compañía.


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba