Web lists-archives.com

Re: [Samba] Problem with named.service




On Sat, 9 Jun 2018 11:27:06 +0000 (UTC)
Fermin Francisco <abcddo@xxxxxxxxx> wrote:

> Good morning!
> I followed your instructions Rowland, but still showme the same error:
> I change this lines in smb.conf:
> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
> > drepl, winbindd, ntp_signd, kcc, dnsupdate, dns For this one:
> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
> > drepl, winbindd, ntp_signd, kcc, dnsupdate
> [root@pc ~]# systemctl status named.service● named.service - Berkeley
> Internet Name Domain (DNS)   Loaded: loaded
> (/usr/lib/systemd/system/named.service; enabled; vendor preset:
> disabled)   Active: active (running) since Sat 2018-06-09 07:12:50
> AST; 1min 17s ago  Process: 2822 ExecStop=/bin/sh -c /usr/sbin/rndc
> stop > /dev/null 2>&1 || /bin/kill -TERM $MAINPID (code=exited,
> status=0/SUCCESS)  Process: 2863 ExecStart=/usr/sbin/named -u named
> -c ${NAMEDCONF} $OPTIONS (code=exited, status=0/SUCCESS)  Process:
> 2859 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" ==
> "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo
> "Checking of zone files is disabled"; fi (code=exited,
> status=0/SUCCESS) Main PID: 2864 (named)
>  CGroup: /system.slice/named.service           └─2864 /usr/sbin/named
> -u named -c /etc/named.conf -4 Jun 09 07:13:34 pc named[2864]: error
> (unexpected RCODE REFUSED) resolving
> 'ClaroMusicaLATAM.device.mobileengagem...0.2#53Jun 09 07:13:34 pc
> named[2864]: error (unexpected RCODE REFUSED) resolving
> 'ClaroMusicaLATAM.device.mobileengagem...4.2#53Jun 09 07:13:35 pc
> named[2864]: error (unexpected RCODE REFUSED) resolving
> 'ClaroMusicaLATAM.device.mobileengagem...8.2#53Jun 09 07:13:35 pc
> named[2864]: error (unexpected RCODE REFUSED) resolving
> 'ClaroMusicaLATAM.device.mobileengagem...4.2#53Jun 09 07:13:35 pc
> named[2864]: error (unexpected RCODE REFUSED) resolving
> 'ClaroMusicaLATAM.device.mobileengagem...4.2#53Jun 09 07:13:35 pc
> named[2864]: error (unexpected RCODE REFUSED) resolving
> 'ClaroMusicaLATAM.device.mobileengagem...0.2#53Jun 09 07:13:36 pc
> named[2864]: error (unexpected RCODE REFUSED) resolving
> 'ClaroMusicaLATAM.device.mobileengagem...8.2#53Jun 09 07:13:36 pc
> named[2864]: error (unexpected RCODE REFUSED) resolving
> 'ClaroMusicaLATAM.device.mobileengagem...4.2#53Jun 09 07:13:36 pc
> named[2864]: error (unexpected RCODE REFUSED) resolving
> 'ClaroMusicaLATAM.device.mobileengagem...0.2#53Jun 09 07:13:36 pc
> named[2864]: error (unexpected RCODE REFUSED) resolving
> 'ClaroMusicaLATAM.device.mobileengagem...4.2#53Hint: Some lines were
> ellipsized, use -l to show in full.

I think the above is happening because you do not have any forwarders
set in named 'options'

> 
> [root@pc ~]# systemctl status named.service● named.service - Berkeley
> Internet Name Domain (DNS)   Loaded: loaded
> (/usr/lib/systemd/system/named.service; enabled; vendor preset:
> disabled)   Active: active (running) since Sat 2018-06-09 07:12:50
> AST; 1min 19s ago  Process: 2822 ExecStop=/bin/sh -c /usr/sbin/rndc
> stop > /dev/null 2>&1 || /bin/kill -TERM $MAINPID (code=exited,
> status=0/SUCCESS)  Process: 2863 ExecStart=/usr/sbin/named -u named
> -c ${NAMEDCONF} $OPTIONS (code=exited, status=0/SUCCESS) [root@pc ~]#
> systemctl status named.service● named.service - Berkeley Internet
> Name Domain (DNS)   Loaded: loaded
> (/usr/lib/systemd/system/named.service; enabled; vendor preset:
> disabled)   Active: active (running) since Sat 2018-06-09 07:12:50
> AST; 10min ago  Process: 2822 ExecStop=/bin/sh -c /usr/sbin/rndc stop
> > /dev/null 2>&1 || /bin/kill -TERM $MAINPID (code=exited,
> > status=0/SUCCESS)  Process: 2863 ExecStart=/usr/sbin/named -u named
> > -c ${NAMEDCONF} $OPTIONS (code=exited, status=0/SUCCESS)  Process:
> > 2859 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" ==
> > "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo
> > "Checking of zone files is disabled"; fi (code=exited,

Find where 'DISABLE_ZONE_CHECKING' is set and ensure it is set to 'yes'

> > status=0/SUCCESS) Main PID: 2864 (named)
> >  CGroup: /system.slice/named.service
> >  └─2864 /usr/sbin/named -u named -c /etc/named.conf -4 Jun 09
> > 07:22:46 pc named[2864]: samba_dlz: cancelling transaction on zone
> > domain.localJun 09 07:22:46 pc named[2864]: samba_dlz: starting
> > transaction on zone domain.localJun 09 07:22:46 pc named[2864]:

I take it you didn't see that using '.local' is a BAD idea, if you are
stuck with it, Then turn off and remove Avahi.

> > client 172.20.1.250#58333: update 'domain.local/IN' deniedJun 09
> > 07:22:46 pc named[2864]: samba_dlz: cancelling transaction on zone
> > domain.localJun 09 07:22:58 pc named[2864]: samba_dlz: starting
> > transaction on zone domain.localJun 09 07:22:58 pc named[2864]:
> > client 172.20.1.124#52329: update 'domain.local/IN' deniedJun 09
> > 07:22:58 pc named[2864]: samba_dlz: cancelling transaction on zone
> > domain.localJun 09 07:23:03 pc named[2864]: samba_dlz: starting
> > transaction on zone domain.localJun 09 07:23:03 pc named[2864]:
> > client 172.20.1.144#56202: update 'domain.local/IN' deniedJun 09
> > 07:23:03 pc named[2864]: samba_dlz: cancelling transaction on zone
> > domain.local I miss something??

Is anything else running on port 53 ?
dnsmasq for instance.

Can you post the following files:
/etc/hostname
/etc/hosts
/etc/resolv.conf

Do you want try this /etc/bind/named.conf.options , it is based on my
working one.

 options {
        directory    "/var/named";
        dump-file    "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        forwarders { 8.8.8.8; 8.8.4.4; };
        dnssec-validation no;
        auth-nxdomain yes;    # conform to RFC1035 =no
        listen-on-v6 { none; };
        listen-on port 53 { 127.0.0.1; any; };
        notify no;
        empty-zones-enable no;
        allow-query { localhost; any; };
        allow-recursion { any; };
        tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab";
};

Rowland


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba