Web lists-archives.com

Re: [Samba] FW: Internal DNS migrate to Bind9_DLZ




Hello Louis,

I'm manipulating some data in my production environment seeing as my test
environment is working fine and not getting any errors.
Hence the use of port 5353, but even if I use port 53 I still get the same
errors.

I have removed the portion you mentioned and still same errors.

Kind Regards

On Wed, Oct 31, 2018 at 4:00 PM L.P.H. van Belle via samba <
samba@xxxxxxxxxxxxxxx> wrote:

> Hai,
>
> I've checked out the log you send and i re-read the complete thread.
>
> Based on thats done and what i did see in you logs now, looks like a  *
> (wildcard)  entry is giving the problem.
> But i am not sure of that, the wildcard bugs should be fixed, when i look
> in bugzilla.  (#10435 #12952 )
>
> I've forwarded the mail to Rowland also before we go throw things at you
> again. ;-)
> I've snaped the parts i think where the interesting parts in this mail,
> but maybe Rowland notices more.
>
> Last, have you tried with the bind config at port 53  in stead of 5353.
> Please note, RedHat is not my cookie so any Centos/Red Hat people here,
> comments are usefull..
> last remove this part from you named.conf
>
> # Root Servers
> # (Required for recursive DNS queries)
> zone "." {
> type hint;
> file "named.root";
> };
>
> # localhost zone
> zone "localhost" {
> type master;
> file "master/localhost.zone";
> };
>
> # 127.0.0. zone.
> zone "0.0.127.in-addr.arpa" {
> type master;
> file "master/0.0.127.zone";
> };
>
> These zones are also in
> DC=RootDNSServers,CN=MicrosoftDNS,DC=DomainDnsZones,DC=<domain>,DC=corp
>
> The log parts.
>
> 31-Oct-2018 13:26:56.585 processing statistics channel 127.0.0.1#8653
> 31-Oct-2018 13:26:56.585 statistics channel listening on 127.0.0.1#8653
> 31-Oct-2018 13:26:56.585 using default UDP/IPv4 port range: [1024, 65535]
> 31-Oct-2018 13:26:56.585 using default UDP/IPv6 port range: [1024, 65535]
> 31-Oct-2018 13:26:56.589 no IPv6 interfaces found
> 31-Oct-2018 13:26:56.589 listening on IPv4 interface lo, 127.0.0.1#5353
> 31-Oct-2018 13:26:56.590 clientmgr @0x7f4bcc691010: create
> ..
> 31-Oct-2018 13:26:56.607 listening on IPv4 interface ens192, <IP>#5353
> ..
> 31-Oct-2018 13:26:56.617 generating session key for dynamic DNS
> 31-Oct-2018 13:26:56.618 sizing zone task pool based on 3 zones
> 31-Oct-2018 13:26:56.619 decrement_reference: delete from rbt:
> 0x7f4bcc6acc70 .
> 31-Oct-2018 13:26:56.620 Loading 'AD DNS Zone' using driver dlopen
> 31-Oct-2018 13:26:56.620 Loading SDLZ driver.
> --
> 31-Oct-2018 13:26:56.754 samba_dlz: dn: @ROOTDSE
> 31-Oct-2018 13:26:56.754 samba_dlz: configurationNamingContext:
> CN=Configuration,DC=<domain>,DC=corp
> 31-Oct-2018 13:26:56.754 samba_dlz: defaultNamingContext:
> DC=<domain>,DC=corp
> 31-Oct-2018 13:26:56.754 samba_dlz: schemaNamingContext:
> CN=Schema,CN=Configuration,DC=<domain>,DC=corp
>
> and then it starts the fail.
>
>
> 31-Oct-2018 13:26:56.758 samba_dlz:
> 31-Oct-2018 13:26:56.758 samba_dlz: ldb: ldb_asprintf/set_errstring: No
> such Base DN: CN=Directory Service,CN=Windows
> NT,CN=Services,CN=Configuration,DC=<domain>,DC=corp
> 31-Oct-2018 13:26:56.758 samba_dlz: ldb: ldb_trace_response: DONE
> 31-Oct-2018 13:26:56.758 samba_dlz: error: 32
> 31-Oct-2018 13:26:56.758 samba_dlz: msg: No such Base DN: CN=Directory
> Service,CN=Windows NT,CN=Services,CN=Configuration,DC=<domain>,DC=corp
> 31-Oct-2018 13:26:56.758 samba_dlz:
>
> 31-Oct-2018 13:26:56.763 samba_dlz: dn: @PARTITION
> 31-Oct-2018 13:26:56.763 samba_dlz: replicateEntries: @ATTRIBUTES
> 31-Oct-2018 13:26:56.763 samba_dlz: replicateEntries: @INDEXLIST
> 31-Oct-2018 13:26:56.763 samba_dlz: replicateEntries: @OPTIONS
> 31-Oct-2018 13:26:56.763 samba_dlz: partition:
> CN=SCHEMA,CN=CONFIGURATION,DC=<domain>,DC=CORP:sam.ldb.d/CN=SCHE
> 31-Oct-2018 13:26:56.763 samba_dlz:
> MA,CN=CONFIGURATION,DC=<domain>,DC=CORP.ldb
> 31-Oct-2018 13:26:56.763 samba_dlz: partition:
> CN=CONFIGURATION,DC=<domain>,DC=CORP:sam.ldb.d/CN=CONFIGURATION,
> 31-Oct-2018 13:26:56.764 samba_dlz:  DC=<domain>,DC=CORP.ldb
> 31-Oct-2018 13:26:56.764 samba_dlz: partition:
> DC=<domain>,DC=CORP:sam.ldb.d/DC=<domain>,DC=CORP.ldb
> 31-Oct-2018 13:26:56.764 samba_dlz: partition:
> DC=DOMAINDNSZONES,DC=<domain>,DC=CORP:sam.ldb.d/DC=DOMAINDNSZONE
> 31-Oct-2018 13:26:56.764 samba_dlz:  S,DC=<domain>,DC=CORP.ldb
> 31-Oct-2018 13:26:56.764 samba_dlz: partition:
> DC=FORESTDNSZONES,DC=<domain>,DC=CORP:sam.ldb.d/DC=FORESTDNSZONE
> 31-Oct-2018 13:26:56.764 samba_dlz:  S,DC=<domain>,DC=CORP.ldb
>
>
> 31-Oct-2018 13:26:56.777 samba_dlz: Initial schema load needed, as we have
> no existing schema, seq_num: 1
> 31-Oct-2018 13:26:56.921 samba_dlz: schema_fsmo_init: we are master[no]
> updates allowed[no]
>
> 31-Oct-2018 13:26:56.776 samba_dlz: ldb: ldb_trace_response: ENTRY
> 31-Oct-2018 13:26:56.776 samba_dlz: dn: DC=<domain>,DC=corp
> 31-Oct-2018 13:26:56.776 samba_dlz: objectSid:
> S-1-5-21-123456789-115225906-12345679   ( i've changed this SID for you. )
> 31-Oct-2018 13:26:56.776 samba_dlz:
>
> 31-Oct-2018 13:26:56.921 samba_dlz: schema_fsmo_init: we are master[no]
> updates allowed[no]
>
> 31-Oct-2018 13:26:57.154 samba_dlz: ldb: ldb_trace_response: ENTRY
> 31-Oct-2018 13:26:57.154 samba_dlz: dn: CN=NTDS
> Settings,CN=XXX002AAAAA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=<domain>,DC=corp
> 31-Oct-2018 13:26:57.154 samba_dlz: msDS-Behavior-Version: 4
>
> 31-Oct-2018 13:26:57.158 samba_dlz: started for DN DC=<domain>,DC=corp
> 31-Oct-2018 13:26:57.158 SDLZ driver loaded successfully.
> 31-Oct-2018 13:26:57.158 DLZ driver loaded successfully.
> 31-Oct-2018 13:26:57.158 samba_dlz: starting configure
>
> 31-Oct-2018 13:26:57.218 samba_dlz: ldb: ldb_asprintf/set_errstring: No
> such Base DN:
> DC=*,DC=<domain>.corp,CN=MicrosoftDNS,DC=DomainDnsZones,DC=<domain>,DC=corp
> 31-Oct-2018 13:26:57.218 samba_dlz: ldb: ldb_trace_response: DONE
> 31-Oct-2018 13:26:57.218 samba_dlz: error: 32
> 31-Oct-2018 13:26:57.218 samba_dlz: msg: No such Base DN:
> DC=*,DC=<domain>.corp,CN=MicrosoftDNS,DC=DomainDnsZones,DC=<domain>,DC=corp
>
> 31-Oct-2018 13:26:57.482 samba_dlz: ldb: ldb_trace_request: SEARCH
> 31-Oct-2018 13:26:57.482 samba_dlz:  dn:
> DC=*,DC=<domain>.corp,CN=MicrosoftDNS,DC=ForestDnsZones,DC=<domain>,DC=corp
> 31-Oct-2018 13:26:57.482 samba_dlz:  scope: base
> 31-Oct-2018 13:26:57.482 samba_dlz:  expr:
> (&(objectClass=dnsNode)(!(dNSTombstoned=TRUE)))
> 31-Oct-2018 13:26:57.482 samba_dlz:  attr: dnsRecord
> 31-Oct-2018 13:26:57.482 samba_dlz:  attr: dNSTombstoned
> 31-Oct-2018 13:26:57.482 samba_dlz:  control: <NONE>
>
> 31-Oct-2018 13:26:57.485 samba_dlz:
> 31-Oct-2018 13:26:57.485 samba_dlz: ldb: ldb_asprintf/set_errstring: No
> such Base DN:
> DC=*,DC=<domain>.corp,CN=MicrosoftDNS,DC=ForestDnsZones,DC=<domain>,DC=corp
> 31-Oct-2018 13:26:57.485 samba_dlz: ldb: ldb_trace_response: DONE
> 31-Oct-2018 13:26:57.485 samba_dlz: error: 32
> 31-Oct-2018 13:26:57.486 samba_dlz: msg: No such Base DN:
> DC=*,DC=<domain>.corp,CN=MicrosoftDNS,DC=ForestDnsZones,DC=<domain>,DC=corp
> 31-Oct-2018 13:26:57.486 samba_dlz:
>
>
> 31-Oct-2018 13:26:57.488 samba_dlz:
> 31-Oct-2018 13:26:57.488 samba_dlz: ldb: ldb_asprintf/set_errstring: No
> such Base DN:
> DC=<domain>.corp,CN=MicrosoftDNS,DC=ForestDnsZones,DC=<domain>,DC=corp
> 31-Oct-2018 13:26:57.488 samba_dlz: ldb: ldb_trace_response: DONE
> 31-Oct-2018 13:26:57.488 samba_dlz: error: 32
> 31-Oct-2018 13:26:57.488 samba_dlz: msg: No such Base DN:
> DC=<domain>.corp,CN=MicrosoftDNS,DC=ForestDnsZones,DC=<domain>,DC=corp
> 31-Oct-2018 13:26:57.488 samba_dlz:
>
>
> 31-Oct-2018 13:26:57.494 samba_dlz:
> 31-Oct-2018 13:26:57.494 zone <domain>.corp/NONE: loaded; checking validity
> 31-Oct-2018 13:26:57.494 zone <domain>.corp/NONE: has 0 SOA records
> 31-Oct-2018 13:26:57.494 zone <domain>.corp/NONE: has no NS records
> 31-Oct-2018 13:26:57.494 samba_dlz: Failed to configure zone
> '<domain>.corp'
> 31-Oct-2018 13:26:57.495 load_configuration: bad zone
> 31-Oct-2018 13:26:57.495 loading configuration: bad zone
> 31-Oct-2018 13:26:57.495 client @0x7f4bb80ea690: udprecv
> 31-Oct-2018 13:26:57.495 exiting (due to fatal error)
> 31-Oct-2018 13:26:57.495 client @0x7f4bb80f8a40: udprecv
>
>
>
> Greetz,
>
> Louis
>
>
>
> Van: Eben Victor [mailto:eben.victor@xxxxxxxxx]
> Verzonden: woensdag 31 oktober 2018 13:35
> Aan: L.P.H. van Belle
> CC: samba@xxxxxxxxxxxxxxx
> Onderwerp: Re: [Samba] Internal DNS migrate to Bind9_DLZ
>
>
>
> Hello Louis,
>
>
> I finally managed to try and do some testing again.
>
> Apologies for this issue to still popping up, I have tried everything.
> See attached samba and named debugging set to 10.
>
>
> I have currently removed all reverse zones, I ran 'samba-tool dbcheck
> --fix --yes'
> I'm busy testing on 1 of my 7 DC's but no matter same error.
>
>
>
> Kind Regards
>
>
> On Tue, Jul 31, 2018 at 11:33 AM L.P.H. van Belle via samba <
> samba@xxxxxxxxxxxxxxx> wrote:
>
> Hai,
>
> Did you make sure that your root and localhost zones are loaded last in
> the bind config.
>
> The order matters, at least if you also use bind_DLZ.
>
> I suggest, you try it.
> Im Just thinking about this,  if your . (root) zone is loaded, and its
> trying to lookup you company.corp domain.
> It hits resolv.conf then you bind, and bind_dlz is not loaded yet, so
> lookup on the internet.
> Its a possible option this happens, i dont know the bind9_dlz code.
>
> And this, >>  domain.corp is just an alias, not the actual domain name.
> Setup a with a real zone.
>
> But pretty im sure your problem is caused by one of these 2.
>
> I suguest start with making sure your localhost and root zones are loaded
> last on named.conf.
>
> In my Debian server the order is as followed.
> include "/etc/bind/named.conf.options";         < here (withing the
> options line:  at the bottum of the global options: tkey-gssapi-keytab
> "/var/lib/samba/private/dns.keytab";
> include "/etc/bind/named.conf.local";           < here only one line:
> include "/var/lib/samba/private/named.conf";
> include "/etc/bind/named.conf.default-zones";   < here are my root and
> localhost zones ( default bind, not in DLZ )
>
>
> Greetz,
>
> Louis
>
>
>
>
>
> > -----Oorspronkelijk bericht-----
> > Van: samba [mailto:samba-bounces@xxxxxxxxxxxxxxx] Namens
> > Rowland Penny via samba
> > Verzonden: dinsdag 31 juli 2018 10:23
> > Aan: samba@xxxxxxxxxxxxxxx
> > Onderwerp: Re: [Samba] Internal DNS migrate to Bind9_DLZ
> >
> > On Mon, 30 Jul 2018 23:36:46 +0200
> > Eben Victor <eben.victor@xxxxxxxxx> wrote:
> >
> > > It is part of the Sernet packages and is currently on 1.3.4
> > > /usr/lib64/samba/libldb.so.1.3.4
> > >
> > > We started using sernet-samba-ad from v4 using the internal dns and
> > > updated as versions were released. We have now recently updated from
> > > 4.8.2 to 4.8.3 and still using internal dns.
> > > Our DNS is working as it should, it's only been since recently that
> > > we have to migrate to bind9.
> > >
> >
> > So, you are using Samba without problem, it is just that when you try
> > to use Bind9 instead of the internal dns server, your problems start.
> >
> > Let's just recap
> >
> > You have run 'samba_upgradedns'
> > You have altered smb.conf
> > You have configured 'named.conf' correctly
> > The Samba 'named.conf' file is readable by 'named' (this should be
> > 'rw-r--r--' i.e. world readable)
> >
> > But, even though everything looks okay, Bind9 will not start.
> >
> > This is strange, there doesn't seem to be any reason for it.
> >
> > Is anybody using the combination of Centos 7, Samba 4.8.3 and Bind9
> > without problems ?
> >
> > Rowland
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
> >
> >
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>
>
>
> --
> Eben Victor
>
> Cell:  +27 82 759 5266
> Email: eben.victor@xxxxxxxxx
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


-- 
Eben Victor
Cell:  +27 82 759 5266
Email: eben.victor@xxxxxxxxx
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba