Web lists-archives.com

[Samba] FW: Internal DNS migrate to Bind9_DLZ




Hai, 
 
I've checked out the log you send and i re-read the complete thread. 
 
Based on thats done and what i did see in you logs now, looks like a  * (wildcard)  entry is giving the problem. 
But i am not sure of that, the wildcard bugs should be fixed, when i look in bugzilla.  (#10435 #12952 ) 
 
I've forwarded the mail to Rowland also before we go throw things at you again. ;-)
I've snaped the parts i think where the interesting parts in this mail, but maybe Rowland notices more. 
 
Last, have you tried with the bind config at port 53  in stead of 5353. 
Please note, RedHat is not my cookie so any Centos/Red Hat people here, comments are usefull.. 
last remove this part from you named.conf

# Root Servers
# (Required for recursive DNS queries)
zone "." {
type hint;
file "named.root";
};

# localhost zone
zone "localhost" {
type master;
file "master/localhost.zone";
};

# 127.0.0. zone.
zone "0.0.127.in-addr.arpa" {
type master;
file "master/0.0.127.zone";
};

These zones are also in DC=RootDNSServers,CN=MicrosoftDNS,DC=DomainDnsZones,DC=<domain>,DC=corp

The log parts. 

31-Oct-2018 13:26:56.585 processing statistics channel 127.0.0.1#8653
31-Oct-2018 13:26:56.585 statistics channel listening on 127.0.0.1#8653
31-Oct-2018 13:26:56.585 using default UDP/IPv4 port range: [1024, 65535]
31-Oct-2018 13:26:56.585 using default UDP/IPv6 port range: [1024, 65535]
31-Oct-2018 13:26:56.589 no IPv6 interfaces found
31-Oct-2018 13:26:56.589 listening on IPv4 interface lo, 127.0.0.1#5353
31-Oct-2018 13:26:56.590 clientmgr @0x7f4bcc691010: create
.. 
31-Oct-2018 13:26:56.607 listening on IPv4 interface ens192, <IP>#5353
..
31-Oct-2018 13:26:56.617 generating session key for dynamic DNS
31-Oct-2018 13:26:56.618 sizing zone task pool based on 3 zones
31-Oct-2018 13:26:56.619 decrement_reference: delete from rbt: 0x7f4bcc6acc70 .
31-Oct-2018 13:26:56.620 Loading 'AD DNS Zone' using driver dlopen
31-Oct-2018 13:26:56.620 Loading SDLZ driver.
--
31-Oct-2018 13:26:56.754 samba_dlz: dn: @ROOTDSE
31-Oct-2018 13:26:56.754 samba_dlz: configurationNamingContext: CN=Configuration,DC=<domain>,DC=corp
31-Oct-2018 13:26:56.754 samba_dlz: defaultNamingContext: DC=<domain>,DC=corp
31-Oct-2018 13:26:56.754 samba_dlz: schemaNamingContext: CN=Schema,CN=Configuration,DC=<domain>,DC=corp
 
and then it starts the fail. 
 
 
31-Oct-2018 13:26:56.758 samba_dlz: 
31-Oct-2018 13:26:56.758 samba_dlz: ldb: ldb_asprintf/set_errstring: No such Base DN: CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=<domain>,DC=corp
31-Oct-2018 13:26:56.758 samba_dlz: ldb: ldb_trace_response: DONE
31-Oct-2018 13:26:56.758 samba_dlz: error: 32
31-Oct-2018 13:26:56.758 samba_dlz: msg: No such Base DN: CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=<domain>,DC=corp
31-Oct-2018 13:26:56.758 samba_dlz: 
 
31-Oct-2018 13:26:56.763 samba_dlz: dn: @PARTITION
31-Oct-2018 13:26:56.763 samba_dlz: replicateEntries: @ATTRIBUTES
31-Oct-2018 13:26:56.763 samba_dlz: replicateEntries: @INDEXLIST
31-Oct-2018 13:26:56.763 samba_dlz: replicateEntries: @OPTIONS
31-Oct-2018 13:26:56.763 samba_dlz: partition: CN=SCHEMA,CN=CONFIGURATION,DC=<domain>,DC=CORP:sam.ldb.d/CN=SCHE
31-Oct-2018 13:26:56.763 samba_dlz:  MA,CN=CONFIGURATION,DC=<domain>,DC=CORP.ldb
31-Oct-2018 13:26:56.763 samba_dlz: partition: CN=CONFIGURATION,DC=<domain>,DC=CORP:sam.ldb.d/CN=CONFIGURATION,
31-Oct-2018 13:26:56.764 samba_dlz:  DC=<domain>,DC=CORP.ldb
31-Oct-2018 13:26:56.764 samba_dlz: partition: DC=<domain>,DC=CORP:sam.ldb.d/DC=<domain>,DC=CORP.ldb
31-Oct-2018 13:26:56.764 samba_dlz: partition: DC=DOMAINDNSZONES,DC=<domain>,DC=CORP:sam.ldb.d/DC=DOMAINDNSZONE
31-Oct-2018 13:26:56.764 samba_dlz:  S,DC=<domain>,DC=CORP.ldb
31-Oct-2018 13:26:56.764 samba_dlz: partition: DC=FORESTDNSZONES,DC=<domain>,DC=CORP:sam.ldb.d/DC=FORESTDNSZONE
31-Oct-2018 13:26:56.764 samba_dlz:  S,DC=<domain>,DC=CORP.ldb
 
 
31-Oct-2018 13:26:56.777 samba_dlz: Initial schema load needed, as we have no existing schema, seq_num: 1 
31-Oct-2018 13:26:56.921 samba_dlz: schema_fsmo_init: we are master[no] updates allowed[no] 
 
31-Oct-2018 13:26:56.776 samba_dlz: ldb: ldb_trace_response: ENTRY
31-Oct-2018 13:26:56.776 samba_dlz: dn: DC=<domain>,DC=corp
31-Oct-2018 13:26:56.776 samba_dlz: objectSid: S-1-5-21-123456789-115225906-12345679   ( i've changed this SID for you. )  
31-Oct-2018 13:26:56.776 samba_dlz: 
 
31-Oct-2018 13:26:56.921 samba_dlz: schema_fsmo_init: we are master[no] updates allowed[no]

31-Oct-2018 13:26:57.154 samba_dlz: ldb: ldb_trace_response: ENTRY
31-Oct-2018 13:26:57.154 samba_dlz: dn: CN=NTDS Settings,CN=XXX002AAAAA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=<domain>,DC=corp
31-Oct-2018 13:26:57.154 samba_dlz: msDS-Behavior-Version: 4
 
31-Oct-2018 13:26:57.158 samba_dlz: started for DN DC=<domain>,DC=corp
31-Oct-2018 13:26:57.158 SDLZ driver loaded successfully.
31-Oct-2018 13:26:57.158 DLZ driver loaded successfully.
31-Oct-2018 13:26:57.158 samba_dlz: starting configure
 
31-Oct-2018 13:26:57.218 samba_dlz: ldb: ldb_asprintf/set_errstring: No such Base DN: DC=*,DC=<domain>.corp,CN=MicrosoftDNS,DC=DomainDnsZones,DC=<domain>,DC=corp
31-Oct-2018 13:26:57.218 samba_dlz: ldb: ldb_trace_response: DONE
31-Oct-2018 13:26:57.218 samba_dlz: error: 32
31-Oct-2018 13:26:57.218 samba_dlz: msg: No such Base DN: DC=*,DC=<domain>.corp,CN=MicrosoftDNS,DC=DomainDnsZones,DC=<domain>,DC=corp
 
31-Oct-2018 13:26:57.482 samba_dlz: ldb: ldb_trace_request: SEARCH
31-Oct-2018 13:26:57.482 samba_dlz:  dn: DC=*,DC=<domain>.corp,CN=MicrosoftDNS,DC=ForestDnsZones,DC=<domain>,DC=corp
31-Oct-2018 13:26:57.482 samba_dlz:  scope: base
31-Oct-2018 13:26:57.482 samba_dlz:  expr: (&(objectClass=dnsNode)(!(dNSTombstoned=TRUE)))
31-Oct-2018 13:26:57.482 samba_dlz:  attr: dnsRecord
31-Oct-2018 13:26:57.482 samba_dlz:  attr: dNSTombstoned
31-Oct-2018 13:26:57.482 samba_dlz:  control: <NONE>
 
31-Oct-2018 13:26:57.485 samba_dlz: 
31-Oct-2018 13:26:57.485 samba_dlz: ldb: ldb_asprintf/set_errstring: No such Base DN: DC=*,DC=<domain>.corp,CN=MicrosoftDNS,DC=ForestDnsZones,DC=<domain>,DC=corp
31-Oct-2018 13:26:57.485 samba_dlz: ldb: ldb_trace_response: DONE
31-Oct-2018 13:26:57.485 samba_dlz: error: 32
31-Oct-2018 13:26:57.486 samba_dlz: msg: No such Base DN: DC=*,DC=<domain>.corp,CN=MicrosoftDNS,DC=ForestDnsZones,DC=<domain>,DC=corp
31-Oct-2018 13:26:57.486 samba_dlz: 
 
 
31-Oct-2018 13:26:57.488 samba_dlz: 
31-Oct-2018 13:26:57.488 samba_dlz: ldb: ldb_asprintf/set_errstring: No such Base DN: DC=<domain>.corp,CN=MicrosoftDNS,DC=ForestDnsZones,DC=<domain>,DC=corp
31-Oct-2018 13:26:57.488 samba_dlz: ldb: ldb_trace_response: DONE
31-Oct-2018 13:26:57.488 samba_dlz: error: 32
31-Oct-2018 13:26:57.488 samba_dlz: msg: No such Base DN: DC=<domain>.corp,CN=MicrosoftDNS,DC=ForestDnsZones,DC=<domain>,DC=corp
31-Oct-2018 13:26:57.488 samba_dlz: 
 
 
31-Oct-2018 13:26:57.494 samba_dlz: 
31-Oct-2018 13:26:57.494 zone <domain>.corp/NONE: loaded; checking validity
31-Oct-2018 13:26:57.494 zone <domain>.corp/NONE: has 0 SOA records
31-Oct-2018 13:26:57.494 zone <domain>.corp/NONE: has no NS records
31-Oct-2018 13:26:57.494 samba_dlz: Failed to configure zone '<domain>.corp'
31-Oct-2018 13:26:57.495 load_configuration: bad zone
31-Oct-2018 13:26:57.495 loading configuration: bad zone
31-Oct-2018 13:26:57.495 client @0x7f4bb80ea690: udprecv
31-Oct-2018 13:26:57.495 exiting (due to fatal error)
31-Oct-2018 13:26:57.495 client @0x7f4bb80f8a40: udprecv
 

 
Greetz, 
 
Louis
 


Van: Eben Victor [mailto:eben.victor@xxxxxxxxx] 
Verzonden: woensdag 31 oktober 2018 13:35
Aan: L.P.H. van Belle
CC: samba@xxxxxxxxxxxxxxx
Onderwerp: Re: [Samba] Internal DNS migrate to Bind9_DLZ



Hello Louis,


I finally managed to try and do some testing again.

Apologies for this issue to still popping up, I have tried everything.
See attached samba and named debugging set to 10.


I have currently removed all reverse zones, I ran 'samba-tool dbcheck --fix --yes'
I'm busy testing on 1 of my 7 DC's but no matter same error.



Kind Regards


On Tue, Jul 31, 2018 at 11:33 AM L.P.H. van Belle via samba <samba@xxxxxxxxxxxxxxx> wrote:

Hai, 

Did you make sure that your root and localhost zones are loaded last in the bind config. 

The order matters, at least if you also use bind_DLZ. 

I suggest, you try it. 
Im Just thinking about this,  if your . (root) zone is loaded, and its trying to lookup you company.corp domain. 
It hits resolv.conf then you bind, and bind_dlz is not loaded yet, so lookup on the internet.
Its a possible option this happens, i dont know the bind9_dlz code. 

And this, >>  domain.corp is just an alias, not the actual domain name. 
Setup a with a real zone. 

But pretty im sure your problem is caused by one of these 2. 

I suguest start with making sure your localhost and root zones are loaded last on named.conf.

In my Debian server the order is as followed.
include "/etc/bind/named.conf.options";         < here (withing the options line:  at the bottum of the global options: tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
include "/etc/bind/named.conf.local";           < here only one line:  include "/var/lib/samba/private/named.conf";  
include "/etc/bind/named.conf.default-zones";   < here are my root and localhost zones ( default bind, not in DLZ )


Greetz, 

Louis





> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces@xxxxxxxxxxxxxxx] Namens 
> Rowland Penny via samba
> Verzonden: dinsdag 31 juli 2018 10:23
> Aan: samba@xxxxxxxxxxxxxxx
> Onderwerp: Re: [Samba] Internal DNS migrate to Bind9_DLZ
> 
> On Mon, 30 Jul 2018 23:36:46 +0200
> Eben Victor <eben.victor@xxxxxxxxx> wrote:
> 
> > It is part of the Sernet packages and is currently on 1.3.4
> > /usr/lib64/samba/libldb.so.1.3.4
> > 
> > We started using sernet-samba-ad from v4 using the internal dns and
> > updated as versions were released. We have now recently updated from
> > 4.8.2 to 4.8.3 and still using internal dns.
> > Our DNS is working as it should, it's only been since recently that
> > we have to migrate to bind9.
> > 
> 
> So, you are using Samba without problem, it is just that when you try
> to use Bind9 instead of the internal dns server, your problems start.
> 
> Let's just recap
> 
> You have run 'samba_upgradedns'
> You have altered smb.conf
> You have configured 'named.conf' correctly
> The Samba 'named.conf' file is readable by 'named' (this should be
> 'rw-r--r--' i.e. world readable)
> 
> But, even though everything looks okay, Bind9 will not start.
> 
> This is strange, there doesn't seem to be any reason for it.
> 
> Is anybody using the combination of Centos 7, Samba 4.8.3 and Bind9
> without problems ?
> 
> Rowland
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
> 


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba



-- 
Eben Victor

Cell:  +27 82 759 5266
Email: eben.victor@xxxxxxxxx


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba