Web lists-archives.com

Re: [Samba] corrupted db after upgrading to 4.7




options {
	listen-on port 53 { 127.0.0.1; 172.17.2.187; };
	//listen-on-v6 port 53 { ::1; };
	directory 	"/var/named";
	dump-file 	"/var/named/data/cache_dump.db";
	statistics-file "/var/named/data/named_stats.txt";
	memstatistics-file "/var/named/data/named_mem_stats.txt";
	allow-query     { localhost; 172.17.0.0/16; };
	allow-transfer { localhost; 172.17.2.188; 172.17.1.188; };

	forwarders { 195.238.2.21; 195.238.2.22; };

	tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
	recursion yes;

	dnssec-enable yes;
	dnssec-validation no;
	dnssec-lookaside auto;

	/* Path to ISC DLV key */
	bindkeys-file "/etc/named.iscdlv.key";

	managed-keys-directory "/var/named/dynamic";

	pid-file "/run/named/named.pid";
	session-keyfile "/run/named/session.key";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
	type hint;
	file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
include "/var/lib/samba/private/named.conf";






----- Mail original -----
De: "Rowland Penny" <rpenny@xxxxxxxxx>
À: "samba" <samba@xxxxxxxxxxxxxxx>
Cc: "Maxence SARTIAUX" <msartiaux@xxxxxxxxxxxxx>
Envoyé: Lundi 6 Novembre 2017 11:51:02
Objet: Re: [Samba] corrupted db after upgrading to 4.7

On Mon, 6 Nov 2017 11:39:50 +0100 (CET)
Maxence SARTIAUX via samba <samba@xxxxxxxxxxxxxxx> wrote:

> Hello.
> 
> To follow-up this issue, since the upgrade, when i do a named reload
> it crash, look like there's duplicated zones.
> 
> Here's the log when i trigger a reload
> 
> 
> nov 05 03:09:02 data.contoso.com named[2807]: received control
> channel command 'reload' nov 05 03:09:02 data.contoso.com
> named[2807]: loading configuration from '/etc/named.conf' nov 05
> 03:09:02 data.contoso.com named[2807]: reading built-in trusted keys
> from file '/etc/named.iscdlv.key' nov 05 03:09:02 data.contoso.com
> named[2807]: initializing GeoIP Country (IPv4) (type 1) DB nov 05
> 03:09:02 data.contoso.com named[2807]: GEO-106FREE 20160607 Build 1
> Copyright (c) 2016 MaxMind nov 05 03:09:02 data.contoso.com
> named[2807]: initializing GeoIP Country (IPv6) (type 12) DB nov 05
> 03:09:02 data.contoso.com named[2807]: GEO-106FREE 20160607 Build 1
> Copy nov 05 03:09:02 data.contoso.com named[2807]: GeoIP City (IPv4)
> (type 2) DB not available nov 05 03:09:02 data.contoso.com
> named[2807]: GeoIP City (IPv4) (type 6) DB not available nov 05
> 03:09:02 data.contoso.com named[2807]: GeoIP City (IPv6) (type 30) DB
> not available nov 05 03:09:02 data.contoso.com named[2807]: GeoIP
> City (IPv6) (type 31) DB not available nov 05 03:09:02
> data.contoso.com named[2807]: GeoIP Region (type 3) DB not available
> nov 05 03:09:02 data.contoso.com named[2807]: GeoIP Region (type 7)
> DB not available nov 05 03:09:02 data.contoso.com named[2807]: GeoIP
> ISP (type 4) DB not available nov 05 03:09:02 data.contoso.com
> named[2807]: GeoIP Org (type 5) DB not available nov 05 03:09:02
> data.contoso.com named[2807]: GeoIP AS (type 9) DB not available nov
> 05 03:09:02 data.contoso.com named[2807]: GeoIP Domain (type 11) DB
> not available nov 05 03:09:02 data.contoso.com named[2807]: GeoIP
> NetSpeed (type 10) DB not available nov 05 03:09:02 data.contoso.com
> named[2807]: using default UDP/IPv4 port range: [1024, 65535] nov 05
> 03:09:02 data.contoso.com named[2807]: using default UDP/IPv6 port
> range: [1024, 65535] nov 05 03:09:02 data.contoso.com named[2807]:
> sizing zone task pool based on 6 zones nov 05 03:09:02
> data.contoso.com named[2807]: Loading 'AD DNS Zone' using driver
> dlopen nov 05 03:09:02 data.contoso.com named[2807]: samba_dlz:
> starting configure nov 05 03:09:02 data.contoso.com named[2807]:
> samba_dlz: Ignoring duplicate zone 'ratchet.com' from
> 'DC=@,DC=ratchet.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=contoso,DC=com'
> nov 05 03:09:02 data.contoso.com named[2807]: samba_dlz: Ignoring
> duplicate zone '17.172.in-addr.arpa' from
> 'DC=@,DC=17.172.in-addr.arpa,CN=MicrosoftDNS,DC=DomainDnsZones,DC=contoso,DC=com'
> nov 05 03:09:02 data.contoso.com named[2807]: samba_dlz: Ignoring
> duplicate zone 'johndoe.com' from
> 'DC=@,DC=johndoe.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=contoso,DC=com'
> nov 05 03:09:02 data.contoso.com named[2807]: samba_dlz: Ignoring
> duplicate zone 'contoso.com' from
> 'DC=@,DC=contoso.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=contoso,DC=com'
> nov 05 03:09:02 data.contoso.com named[2807]: samba_dlz: Ignoring
> duplicate zone '_msdcs.contoso.com' from
> 'DC=@,DC=_msdcs.contoso.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=contoso,DC=com'
> nov 05 03:09:02 data.contoso.com named[2807]: using built-in DLV key
> for view _default nov 05 03:09:02 data.contoso.com named[2807]:
> automatic empty zone: 10.IN-ADDR.ARPA nov 05 03:09:02
> data.contoso.com named[2807]: automatic empty zone:
> 16.172.IN-ADDR.ARPA .... nov 05 03:09:02 data.contoso.com
> named[2807]: automatic empty zone: 110.100.IN-ADDR.ARPA nov 05
> 03:09:02 data.contoso.com systemd[1]: named.service: main process
> exited, code=killed, status=6/ABRT nov 05 03:09:02 data.contoso.com
> sh[24531]: kill: échec de changement de d'envoi de signal vers 2807:
> Aucun processus de ce type nov 05 03:09:02 data.contoso.com
> systemd[1]: named.service: control process exited, code=exited
> status=1 nov 05 03:09:02 data.contoso.com sh[24537]: Utilisation :
> nov 05 03:09:02 data.contoso.com sh[24537]: kill [options] <pid|nom>
> [...] nov 05 03:09:02 data.contoso.com sh[24537]: Options : nov 05
> 03:09:02 data.contoso.com sh[24537]: -a, --all              ne pas
> restreindre la conversion de nom en PID aux nov 05 03:09:02
> data.contoso.com sh[24537]: processus avec le même UID que le
> processus actuel nov 05 03:09:02 data.contoso.com sh[24537]: -s,
> --signal <sig>     envoyer le signal indiqué nov 05 03:09:02
> data.contoso.com sh[24537]: -q, --queue <sig>      utiliser
> sigqueue(2) au lieu de kill(2) nov 05 03:09:02 data.contoso.com
> sh[24537]: -p, --pid              afficher les PID sans leur envoyer
> de signal nov 05 03:09:02 data.contoso.com sh[24537]: -l, --list
> [=<signal>] afficher les noms de signal, ou en convertir un en nom
> nov 05 03:09:02 data.contoso.com sh[24537]: -L, --table
> afficher les noms et numéros de signal nov 05 03:09:02
> data.contoso.com sh[24537]: -h, --help     afficher cette aide et
> quitter nov 05 03:09:02 data.contoso.com sh[24537]: -V, --version
> afficher les informations de version et quitter nov 05 03:09:02
> data.contoso.com sh[24537]: Consultez kill(1) pour obtenir des
> précisions complémentaires. nov 05 03:09:02 data.contoso.com
> systemd[1]: named.service: control process exited, code=exited
> status=1 nov 05 03:09:02 data.contoso.com systemd[1]: Reload failed
> for Berkeley Internet Name Domain (DNS). nov 05 03:09:02
> data.contoso.com systemd[1]: Unit named.service entered failed state.
> nov 05 03:09:02 data.contoso.com systemd[1]: named.service failed.
> 
> 
> 
> Is it related to Samba after the same bug ?
> 
> If i remove the samba dlz part in the named config, it's fine.
> 
> Thanks :)
> 
> 
> 
> ----- Mail original -----
> De: "Denis Cardon" <dcardon@xxxxxxxxxxx>
> À: "Maxence Sartiaux" <msartiaux@xxxxxxxxxxxxx>, "Andrew Bartlett"
> <abartlet@xxxxxxxxx> Cc: samba@xxxxxxxxxxxxxxx
> Envoyé: Vendredi 3 Novembre 2017 11:02:18
> Objet: Re: [Samba] corrupted db after upgrading to 4.7
> 
> Hi Maxence,
> 
> > Fyi, i've updated to 4.7.1, the dbcheck still not fix the broken
> > links, is the fix you talk about planned for a future release ?
> >
> > Our customer reported me, some users have issues when their logon
> > server is DC1 but not when it's DC2.
> >
> > On DC1 some users have access to all shares, some doesn't have any
> > access at all.
> 
> actually this last symptom was the one that got us to hack quickly a 
> solution for the issue with orphaned backlink attribute 'memberOf'. 
> You'll probably have to do some cleanup as I pointed out in my last
> mail.
> 
> The bugzilla entry [1] you mentioned and corresponding patch prevents 
> the problem from happening, but I don't think it fixes it.
> 
> Cheers,
> 
> Denis
> 
> [1] https://bugzilla.samba.org/show_bug.cgi?id=13095
> 
> >
> >
> >
> > On 11/02/2017 04:38 PM, Andrew Bartlett wrote:
> >> On Thu, 2017-11-02 at 16:19 +0100, Maxence Sartiaux via samba
> >> wrote:
> >>>
> >> No worries.
> >>
> >> Andrew Bartlett
> >>
> >
> 

Can you post your named conf files.

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba