Web lists-archives.com

Re: [Samba] Workaround for bind9 reload bug : samba_dlz Ignoring duplicate zone




>> Prunk Dump via samba
>> Verzonden: dinsdag 13 maart 2018 11:51
>> Aan: samba@xxxxxxxxxxxxxxx
>> Onderwerp: Re: [Samba] Workaround for bind9 reload bug :
>> samba_dlz Ignoring duplicate zone
>>
>> Hi Samba Team !
>>
>> First thank you all for your help !
>>
>> Here some clarification on the problem.
>>
>> -> The problem affect only my reverse zone "16.172.in-addr.arpa"
>> created with Samba. After the install, the zone contain only the PDC
>> reverse entry. So when bind9 in reloaded or reconfigured the "nslookup
>> 172.16.0.30" command fail. When bind9 is restarted it works.
>>
>> -> Here the bind9 logs. We see a "rndc reconfig" command that make
>> bind9 fail. (Full log in attachment).
>>
>> -------------------
>> starting BIND 9.10.3-P4-Debian <id:ebd72b3> -f -u bind
>> ...
>> Loading 'AD DNS Zone' using driver dlopen
>> samba_dlz: started for DN
>> DC=lan,DC=lyc-guillaume-fichet,DC=ac-grenoble,DC=fr
>> samba_dlz: starting configure
>> samba_dlz: configured writeable zone
>> 'lan.lyc-guillaume-fichet.ac-grenoble.fr'
>> samba_dlz: configured writeable zone '16.172.in-addr.arpa'
>> samba_dlz: configured writeable zone
>> '_msdcs.lan.lyc-guillaume-fichet.ac-grenoble.fr'
>> automatic empty zone: 10.IN-ADDR.ARPA
>> ...
>> all zones loaded
>> running
>> received control channel command 'reconfig'
>> ...
>> Loading 'AD DNS Zone' using driver dlopen
>> samba_dlz: starting configure
>> samba_dlz: Ignoring duplicate zone
>> 'lan.lyc-guillaume-fichet.ac-grenoble.fr' from
>> 'DC=@,DC=lan.lyc-guillaume-fichet.ac-grenoble.fr,CN=MicrosoftD
> NS,DC=DomainDnsZones,DC=lan,DC=lyc-guillaume-fichet,DC=ac-> grenoble,DC=fr'
>> samba_dlz: Ignoring duplicate zone '16.172.in-addr.arpa' from
>> 'DC=@,DC=16.172.in-addr.arpa,CN=MicrosoftDNS,DC=DomainDnsZones
> ,DC=lan,DC=lyc-guillaume-fichet,DC=ac-grenoble,DC=fr'
>> samba_dlz: Ignoring duplicate zone
>> '_msdcs.lan.lyc-guillaume-fichet.ac-grenoble.fr' from
>> 'DC=@,DC=_msdcs.lan.lyc-guillaume-fichet.ac-grenoble.fr,CN=Mic
> rosoftDNS,DC=ForestDnsZones,DC=lan,DC=lyc-guillaume-fichet,DC=ac-> grenoble,DC=fr'
>> automatic empty zone: 10.IN-ADDR.ARPA
>> ...
>> zone 16.172.in-addr.arpa/NONE: (other) removed
>> ...
>> zone lan.lyc-guillaume-fichet.ac-grenoble.fr/NONE: (other) removed
>> zone _msdcs.lan.lyc-guillaume-fichet.ac-grenoble.fr/NONE:
>> (other) removed
>> reloading configuration succeeded
>> any newly configured zones are now loaded
>> samba_dlz: shutting down
>> -------------------
>>
>> -> Using some wrapper script, I have found that this is systemd that
>> send the "rndc reconfig" command. But impossible to find in witch
>> script ( this is not systemd-networkd that is not started ).
>>
>> --------------------
>> root@fichdc01:~# grep -r 'reconfig' /etc/init.d/
>> /etc/init.d/isc-dhcp-server:        echo "Run 'dpkg-reconfigure
>> isc-dhcp-server' to fix the problem."
>> root@fichdc01:~# grep -r 'reconfig' /lib/systemd/
>> Fichier binaire /lib/systemd/systemd-networkd correspondant
>> --------------------
>>
>> -> Adding the "empty-zones-enable no;" option make the zone working !
>> But I still have the same logs in bind9. And the "samba_dlz: shutting
>> down" line ! I don't know if bind9 will work correctly.
>>
>> --------------------
>> received control channel command 'reconfig'
>> ...
>> Loading 'AD DNS Zone' using driver dlopen
>> samba_dlz: starting configure
>> samba_dlz: Ignoring duplicate zone
>> 'lan.lyc-guillaume-fichet.ac-grenoble.fr' from
>> 'DC=@,DC=lan.lyc-guillaume-fichet.ac-grenoble.fr,CN=Micr...
>> samba_dlz: Ignoring duplicate zone '16.172.in-addr.arpa' from
>> 'DC=@,DC=16.172.in-addr.arpa,CN=MicrosoftDNS,DC=DomainDnsZones
> ,DC=lan,DC=lyc..
>> samba_dlz: Ignoring duplicate zone
>> '_msdcs.lan.lyc-guillaume-fichet.ac-grenoble.fr' from
>> 'DC=@,DC=_msdcs.lan.lyc-guillaume-fichet.ac-greno..
>> ...
>> Mar 13 11:23:49 fichdc01 named[463]: zone 16.172.in-addr.arpa/NONE:
>> (other) removed
>> Mar 13 11:23:49 fichdc01 named[463]: zone
>> lan.lyc-guillaume-fichet.ac-grenoble.fr/NONE: (other) removed
>> Mar 13 11:23:49 fichdc01 named[463]: zone
>> _msdcs.lan.lyc-guillaume-fichet.ac-grenoble.fr/NONE: (other) removed
>> Mar 13 11:23:49 fichdc01 named[463]: reloading configuration succeeded
>> Mar 13 11:23:49 fichdc01 named[463]: any newly configured
>> zones are now loaded
>> Mar 13 11:23:49 fichdc01 named[463]: samba_dlz: shutting down
>> --------------------
>>
>> Thank again !
>>
>> Baptiste.
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>>

2018-03-13 12:19 GMT+01:00 L.P.H. van Belle <belle@xxxxxxxxx>:
> Hai Baptiste,
>
> You missed my first message but here it is again. .
>
> systemctl cat bind9
>
> # /lib/systemd/system/bind9.service
> [Unit]
> Description=BIND Domain Name Server
> Documentation=man:named(8)
> After=network.target
> Wants=nss-lookup.target
> Before=nss-lookup.target
>
> [Service]
> EnvironmentFile=/etc/default/bind9
> ExecStart=/usr/sbin/named -f $OPTIONS
> ExecReload=/usr/sbin/rndc reload
> ExecStop=/usr/sbin/rndc stop
>
> [Install]
> WantedBy=multi-user.target
>
>
> The correct workaround is edit, and add things in systemd.
>
> systemctl edit bind9
>
> Add :
> [Service]
> ExecReload=
>
> Save, type : systemctl restart bind9
>
> The result is saved in :
> /etc/systemd/system/bind9.service.d/override.conf
>
>
> (optional, if you dont use the edit command)
> systemctl daemon-reload
> systemctl restart bind9
>
>
> Greetz,
>
> Louis
>

Thank you Louis !

But this is not the origin of my "rdnc reconfig" (not reload) received
command. It is not bind9 itself that send the command. It is another
binary. But I can't find it ....

Something during the init script send multiple "rdnc reconfig"
commands just after bind9 was started.

Your "empty-zones-enable no;" solution prevent disabling the reverse
zone when "reconfig". But samba_dlz still shutting down just after ...

Thanks again Louis !

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba