Web lists-archives.com

Re: [Samba] Issues with bind9 dlz




On Sun, 5 May 2019 00:11:40 +1000
Rob Thoman via samba <samba@xxxxxxxxxxxxxxx> wrote:

> Hi,
> 
> We migrated the domain to AD on a ubuntu 18.04 box with samba 4.7.6.
> The DNS backend is DLZ
> 
> We are seeing DNS issues as per below
> 
> When using dnsupdate we get the following error. The server can
> resolve the hostname(itself)
> 
> added interface eth0 ip=192.168.117.10 bcast=192.168.117.255
> netmask=255.255.255.0
> IPs: ['192.168.117.10']
> need cache add: A server5.intdom.group 192.168.117.10
> Looking for DNS entry A server5.intdom.group 192.168.117.10 as
> server5.intdom.group.
> Traceback (most recent call last):
>   File "/usr/sbin/samba_dnsupdate", line 827, in <module>
>     elif not check_dns_name(d):
>   File "/usr/sbin/samba_dnsupdate", line 317, in check_dns_name
>     raise Exception("Timeout while waiting to contact a working DNS
> server while looking for %s as %s" % (d, normalised_na$
> Exception: Timeout while waiting to contact a working DNS server while
> looking for A server5.intdom.group 192.168.117.10 $
> ;; connection timed out; no servers could be reached
> ;; connection timed out; no servers could be reached
> ;; connection timed out; no servers could be reached
> 
> service bind9 status
> 
> May 04 13:50:40 server5-new named[2079]: sizing zone task pool based
> on 5 zones

Why '5' zones ?

> May 04 13:50:40 server5-new named[2079]: Loading 'AD DNS Zone' using
> driver dlopen
> May 04 13:50:40 server5-new named[2079]: dlz_dlopen failed to open
> library '/usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9$

Does /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_11.so exist and if
so, who owns it and what are the permissions ?

> May 04 13:50:40 server5-new named[2079]: dlz_dlopen of 'AD DNS Zone'
> failed May 04 13:50:40 server5-new named[2079]: SDLZ driver failed to
> load. May 04 13:50:40 server5-new named[2079]: DLZ driver failed to
> load. May 04 13:50:40 server5-new named[2079]: loading configuration:
> failure May 04 13:50:40 server5-new named[2079]: exiting (due to
> fatal error) May 04 13:50:40 server5-new systemd[1]: bind9.service:
> Main process exited, code=exited, status=1/FAILURE
> May 04 13:50:40 server5-new systemd[1]: bind9.service: Failed with
> result 'exit-code'.
> 
> /etc/bind/name.conf has the following
> 
> include "/etc/bind/named.conf.options";
> include "/etc/bind/named.conf.local";
> include "/etc/bind/named.conf.default-zones";
> include "/var/lib/samba/private/named.conf";
> 
> named.conf.options has
> 
> dnssec-validation auto;
>         tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
>         auth-nxdomain no;    # conform to RFC1035
>         listen-on-v6 { any; };

If that is all there is, there isn't enough.
If it isn't all there is, please post the entire contents.

> /etc/krb5.conf has
> 
> [libdefaults]
>         default_realm = intdom.GROUP

All the REALM should be in UPPERCASE

>         dns_lookup_realm = false
>         dns_lookup_kdc = true
> 
> [realms]
>         intdom.GROUP = {
>                 kdc = server5
>                 admin_server = server5

You do not require the [realms] part.
 
> }
> 
> /etc/resolv.conf has
> 
> nameserver 192.168.117.10
> search intdom.group
> 
> smb.conf has
> 
> [global]
>         workgroup = intdom
>         realm = intdom.GROUP
>         netbios name = server5
>         server role = active directory domain controller
>         idmap_ldb:use rfc2307 = yes
>         log file = /var/log/samba/log.%m
>         log level = 4
>         acl allow execute always = True
>         server services = -dns
>         allow dns updates = nonsecure
> 

Can you post the contents of /etc/hostname & /etc/hosts

Rowland


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba