Web lists-archives.com

Re: [Samba] Switching from Internal DNS to Bind9_DLZ




On 1/2/2018 4:05 PM, Rowland Penny wrote:
On Tue, 2 Jan 2018 15:52:57 -0500
lingpanda101 <lingpanda101@xxxxxxxxx> wrote:

On 1/2/2018 3:37 PM, Rowland Penny wrote:
On Tue, 2 Jan 2018 15:23:18 -0500
lingpanda101 <lingpanda101@xxxxxxxxx> wrote:


Actually it looks as if Bind isn't running. Though I could've sworn
it did at one point.

service bind9 restart
    * Stopping domain name service... bind9
                 rndc: connect failed: 127.0.0.1#953: connection
refused [ OK ]
    * Starting domain name service... bind9 [fail]

Log shows;

Jan  2 15:20:51 ddc2 named[2793]:
----------------------------------------------------
Jan  2 15:20:51 ddc2 named[2793]: BIND 9 is maintained by Internet
Systems Consortium,
Jan  2 15:20:51 ddc2 named[2793]: Inc. (ISC), a non-profit
501(c)(3) public-benefit
Jan  2 15:20:51 ddc2 named[2793]: corporation.  Support and
training for BIND 9 are
Jan  2 15:20:51 ddc2 named[2793]: available at
https://www.isc.org/support Jan  2 15:20:51 ddc2 named[2793]:
----------------------------------------------------
Jan  2 15:20:51 ddc2 named[2793]: adjusted limit on open files from
4096 to 1048576
Jan  2 15:20:51 ddc2 named[2793]: found 2 CPUs, using 2 worker
threads Jan  2 15:20:51 ddc2 named[2793]: using 2 UDP listeners
per interface Jan  2 15:20:51 ddc2 named[2793]: using up to 4096
sockets Jan  2 15:20:51 ddc2 named[2793]: loading configuration
from '/etc/bind/named.conf'
Jan  2 15:20:51 ddc2 named[2793]: /etc/bind/named.conf:15:
'options' redefined near 'options'
Jan  2 15:20:51 ddc2 named[2793]: loading configuration: already
exists Jan  2 15:20:51 ddc2 named[2793]: exiting (due to fatal
error)

It seems to stem from the issue I had before
"/etc/bind/named.conf:15: 'options' redefined near 'options'"

I reread your earlier post and noticed something I missed earlier,
do you normally use red-hat ?
I ask this because you have this line in /etc/bind/named.conf:

include "/etc/bind/named.conf.options";

Followed by:
# Global Configuration Options
options {
.........
......



If this is all in the one file (ala red-hat), then this is your
problem, debian splits up Bind9 into separate conf files and you
will have two 'options'

Rowland
I do not. Ubuntu but I do have two CentOS systems.

The config file was auto-generated when I installed via. apt-get.
This is what it originally contained before I made any modifications.

// This is the primary configuration file for the BIND DNS server
named. //
// Please read /usr/share/doc/bind9/README.Debian.gz for information
on the // structure of BIND configuration files in Debian, *BEFORE*
you customize // this configuration file.
//
// If you are just adding zones, please do that in
/etc/bind/named.conf.local

include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";

If I comment out these include files, Bind9 starts. However I do
still get

rndc: connect failed: 127.0.0.1#953: connection refused

However I'm still getting the TSIG errors.

These are my named.conf files (with any comments stripped out), they
have worked for me for the last 5 years ;-)

/etc/bind/named.conf

include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";

/etc/bind/named.conf.options

options {
         directory "/var/cache/bind";
         version "0.0.7";
         notify no;
         empty-zones-enable no;
         allow-query { 127.0.0.1; 192.168.0.0/24; };
         allow-recursion { 192.168.0.0/24;  127.0.0.1/32; };
         forwarders { 8.8.8.8; 8.8.4.4; };
         allow-transfer { none; };
         dnssec-validation no;
         dnssec-enable no;
         listen-on-v6 { none; };
         listen-on port 53 { 192.168.0.7; 127.0.0.1; };

         tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab";
};

/etc/bind/named.conf.local

include "/usr/local/samba/private/named.conf";


/etc/bind/named.conf.default-zones

zone "." {
         type hint;
         file "/etc/bind/db.root";
};

zone "localhost" {
         type master;
         file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
         type master;
         file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
         type master;
         file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
         type master;
         file "/etc/bind/db.255";
};

Rowland

_It looks as if I have a issue with the switch to Bind on one of my 6 DC's. Samba log gives the following.
_


[2018/01/08 10:59:19.002290,  0, pid=968, effective(0, 0), real(0, 0)] ../lib/util/fault.c:79(fault_report)
  INTERNAL ERROR: Signal 7 in pid 968 (4.7.4)
  Please read the Trouble-Shooting section of the Samba HOWTO
[2018/01/08 10:59:19.002521,  0, pid=968, effective(0, 0), real(0, 0)] ../lib/util/fault.c:81(fault_report)
  ===============================================================
[2018/01/08 10:59:19.002712,  0, pid=968, effective(0, 0), real(0, 0)] ../lib/util/fault.c:151(smb_panic_default)
  PANIC: internal error
[2018/01/08 10:59:19.873041,  0, pid=948, effective(0, 0), real(0, 0)] ../source4/smbd/process_standard.c:161(standard_child_pipe_handler)
  Child 968 (drepl) terminated with signal 6
[2018/01/08 11:00:39.091609,  0, pid=960, effective(0, 0), real(0, 0)] ../source4/rpc_server/common/forward.c:51(dcesrv_irpc_forward_callback)
  IRPC callback failed for DsReplicaSync - NT_STATUS_OBJECT_NAME_NOT_FOUND

_I get repeated errors over and over for the following._

IRPC callback failed for DsReplicaSync - NT_STATUS_OBJECT_NAME_NOT_FOUND

_I tried switching back to the internal but it didn't resolve. Running 'samba-tool drs showrepl' shows a issue with the Domain DnsZones partition. I tried manual replication but that to failed._

/usr/local/samba/bin/samba-tool drs replicate ddc2 ddc1 DC=DomainDnsZones,DC=domain,DC=local -U Administrator
Password for [DOMAIN\Administrator]:
ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed - drsException: DsReplicaSync failed (-1073610699, 'The operation cannot be performed.')   File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/drs.py", line 386, in run     drs_utils.sendDsReplicaSync(server_bind, server_bind_handle, source_dsa_guid, NC, req_options)   File "/usr/local/samba/lib/python2.7/site-packages/samba/drs_utils.py", line 85, in sendDsReplicaSync
    raise drsException("DsReplicaSync failed %s" % estr)

_Raising the log level to 3 didn't give me anything other than this._

[2018/01/08 12:40:05.883956,  3, pid=2271, effective(0, 0), real(0, 0)] ../source4/nbt_server/register.c:155(nbtd_register_name_handler)
  Registered DDC2<00> with 172.16.22.27 on interface 172.16.22.255
[2018/01/08 12:40:05.886205,  3, pid=2271, effective(0, 0), real(0, 0)] ../source4/nbt_server/register.c:155(nbtd_register_name_handler)
  Registered DDC2<03> with 172.16.22.27 on interface 172.16.22.255
[2018/01/08 12:40:05.886324,  3, pid=2271, effective(0, 0), real(0, 0)] ../source4/nbt_server/register.c:155(nbtd_register_name_handler)
  Registered DDC2<20> with 172.16.22.27 on interface 172.16.22.255
[2018/01/08 12:40:05.915493,  3, pid=2271, effective(0, 0), real(0, 0)] ../source4/nbt_server/register.c:155(nbtd_register_name_handler)
  Registered DOMAIN<1c> with 172.16.22.27 on interface 172.16.22.255
[2018/01/08 12:40:05.915654,  3, pid=2271, effective(0, 0), real(0, 0)] ../source4/nbt_server/register.c:155(nbtd_register_name_handler)
  Registered DOMAIN<00> with 172.16.22.27 on interface 172.16.22.255
[2018/01/08 12:40:06.183365,  3, pid=2282, effective(0, 0), real(0, 0)] ../lib/util/util_runcmd.c:291(samba_runcmd_io_handler)   samba_runcmd_io_handler: Child /usr/local/samba/sbin/samba_dnsupdate exited 0

_Why would the DC register itself on the broadcast address? Any harm in simply demoting and rejoin the DC? Do I need to clean up all the meta data before rejoin? Thanks._





--
--
James

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba