Web lists-archives.com

[Samba] Invalid zone operation IsSigned ERROR




Versions: 

Samba 4.3.11-Ubuntu

Ubuntu: 16.04 and 14.04

 

NOT using bind for DNS.

 

3 Domain Controllers:

dc-1

dc-2

identity-c01

 

Using the DNS tool on Windows, or the command:

samba-tool dns query localhost xxxx.com <http://xxxx.com>  @ ALL -U xxxx

 

causes the queried samba service to crash with the following output in the
syslog:

May 22 15:17:54 dc-1 samba[1115]: [2018/05/22 15:17:54.590059,  0]
../source4/rpc_server/dnsserver/dcerpc_dnsserver.c:1086(dnsserver_query_zone
)

May 22 15:17:56 dc-1 samba[1115]:   dnsserver: Invalid zone operation
IsSigneddnsserver: Invalid zone operation IsSigneddnsserver: Invalid zone
operation IsSigneddnsserver: Invalid zone operation
IsSigned===============================================================

May 22 15:17:56 dc-1 samba[1115]: [2018/05/22 15:17:56.225586,  0]
../lib/util/fault.c:79(fault_report)

May 22 15:17:56 dc-1 samba[1115]:   INTERNAL ERROR: Signal 11 in pid 1115
(4.3.11-Ubuntu)

May 22 15:17:56 dc-1 samba[1115]:   Please read the Trouble-Shooting section
of the Samba HOWTO

May 22 15:17:56 dc-1 samba[1115]: [2018/05/22 15:17:56.225615,  0]
../lib/util/fault.c:81(fault_report)

May 22 15:17:56 dc-1 samba[1115]:
===============================================================

May 22 15:17:56 dc-1 samba[1115]: [2018/05/22 15:17:56.225640,  0]
../lib/util/fault.c:151(smb_panic_default)

May 22 15:17:56 dc-1 samba[1115]:   PANIC: internal error

May 22 15:18:02 dc-1 samba[1091]: [2018/05/22 15:18:02.683480,  0]
../source4/smbd/process_standard.c:127(standard_child_pipe_handler)

May 22 15:18:02 dc-1 samba[1091]:   Child 1115 (rpc) terminated with signal
6

May 22 15:18:08 dc-1 smbd[1256]: [2018/05/22 15:18:08.872383,  1]
../source3/rpc_server/rpc_ncacn_np.c:773(make_external_rpc_pipe)

 

 

To me this points to a corrupt record in DNS. Does anyone have any
suggestions on how I can clean up the DNS records when querying the service
crashes it?

 

For what it's worth, we have snapshots of dc-1 and dc-2 that are not
corrupt, but if we bring identity-c01 online, it replicates the corrupt
records down to dc-1 and dc-2, causing this failure to propagate across all
domain controllers.

 

Thanks for any help or suggestions.

 

 

Robb

 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba