I just upgraded bind9 on my backup DC to 9.9.5-7-Debian and restarting the service failed: Dec 22 12:25:55 verdandi named[18534]: starting BIND 9.9.5-7-Debian -u bind -4 Dec 22 12:25:55 verdandi named[18534]: built with '--prefix=/usr' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' '--with-geoip=/usr' '--with-atf=no' '--enable-ipv6' '--enable-rrl' '--enable-filter-aaaa' 'CFLAGS=-fno-strict-aliasing -fno-delete-null-pointer-checks -DDIG_SIGCHASE -O2' Dec 22 12:25:55 verdandi named[18534]: ---------------------------------------------------- Dec 22 12:25:55 verdandi named[18534]: BIND 9 is maintained by Internet Systems Consortium, Dec 22 12:25:55 verdandi named[18534]: Inc. (ISC), a non-profit 501(c)(3) public-benefit Dec 22 12:25:55 verdandi named[18534]: corporation. Support and training for BIND 9 are Dec 22 12:25:55 verdandi named[18534]: available at https://www.isc.org/support Dec 22 12:25:55 verdandi named[18534]: ---------------------------------------------------- Dec 22 12:25:55 verdandi named[18534]: adjusted limit on open files from 4096 to 1048576 Dec 22 12:25:55 verdandi named[18534]: found 4 CPUs, using 4 worker threads Dec 22 12:25:55 verdandi named[18534]: using 4 UDP listeners per interface Dec 22 12:25:55 verdandi named[18534]: using up to 4096 sockets Dec 22 12:25:55 verdandi named[18534]: loading configuration from '/etc/bind/named.conf' Dec 22 12:25:55 verdandi named[18534]: reading built-in trusted keys from file '/etc/bind/bind.keys' Dec 22 12:25:55 verdandi named[18534]: using default UDP/IPv4 port range: [1024, 65535] Dec 22 12:25:55 verdandi named[18534]: using default UDP/IPv6 port range: [1024, 65535] Dec 22 12:25:55 verdandi named[18534]: no IPv6 interfaces found Dec 22 12:25:55 verdandi named[18534]: listening on IPv4 interface lo, 127.0.0.1#53 Dec 22 12:25:55 verdandi named[18534]: listening on IPv4 interface eth0, 172.16.10.17#53 Dec 22 12:25:55 verdandi named[18534]: generating session key for dynamic DNS Dec 22 12:25:55 verdandi named[18534]: sizing zone task pool based on 22 zones Dec 22 12:25:55 verdandi named[18534]: Loading 'ad.microsult.de' using driver dlopen Dec 22 12:25:56 verdandi named[18534]: samba_dlz: started for DN DC=ad,DC=microsult,DC=de Dec 22 12:25:56 verdandi named[18534]: samba_dlz: starting configure Dec 22 12:25:56 verdandi named[18534]: zone 10.16.172.in-addr.arpa/NONE: has 0 SOA records Dec 22 12:25:56 verdandi named[18534]: zone 10.16.172.in-addr.arpa/NONE: has no NS records Dec 22 12:25:56 verdandi named[18534]: samba_dlz: Failed to configure zone '10.16.172.in-addr.arpa.' Dec 22 12:25:56 verdandi named[18534]: loading configuration: bad zone Dec 22 12:25:56 verdandi named[18534]: exiting (due to fatal error) Dec 22 12:25:56 verdandi named[18534]: samba_dlz: shutting down It used to run before the update, but a zone with SOA and NS entries is of course something strange. The failing zone was fresh, when it first started. In fact as viewed from the DC it may only have contained - and still contain - the secondary DC itself. Thanks for your help, - lars.
I dug somewhat deeper into what is going on below and it seems even
stranger. The reverse zone without SOA or NS does not even exist:
root at verdandi:~# samba-tool dns query localhost 10.16.172.in-addr.arpa @
ALL -U Administrator
Password for [AD\Administrator]:
ERROR(runtime): uncaught exception - (9714,
'WERR_DNS_ERROR_NAME_DOES_NOT_EXIST')
File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
line 175, in _run
return self.run(*args, **kwargs)
File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line
988, in run
None, record_type, select_flags, None, None)
So if this zone does not exist, why does BIND_DLZ want to serve it?
Thanks for your help and merry x-mas,
- lars.
Am 22.12.2014 um 12:57 schrieb Lars Hanke:> I just upgraded bind9 on my backup DC to 9.9.5-7-Debian and restarting
> the service failed:
>
>
> Dec 22 12:25:55 verdandi named[18534]: starting BIND 9.9.5-7-Debian -u
> bind -4
> Dec 22 12:25:55 verdandi named[18534]: built with '--prefix=/usr'
> '--mandir=/usr/share/man' '--infodir=/usr/share/info'
> '--sysconfdir=/etc/bind' '--localstatedir=/var'
'--enable-threads'
> '--enable-largefile' '--with-libtool'
'--enable-shared'
> '--enable-static' '--with-openssl=/usr'
'--with-gssapi=/usr'
> '--with-gnu-ld' '--with-geoip=/usr' '--with-atf=no'
'--enable-ipv6'
> '--enable-rrl' '--enable-filter-aaaa'
'CFLAGS=-fno-strict-aliasing
> -fno-delete-null-pointer-checks -DDIG_SIGCHASE -O2'
> Dec 22 12:25:55 verdandi named[18534]:
> ----------------------------------------------------
> Dec 22 12:25:55 verdandi named[18534]: BIND 9 is maintained by Internet
> Systems Consortium,
> Dec 22 12:25:55 verdandi named[18534]: Inc. (ISC), a non-profit
> 501(c)(3) public-benefit
> Dec 22 12:25:55 verdandi named[18534]: corporation. Support and
> training for BIND 9 are
> Dec 22 12:25:55 verdandi named[18534]: available at
> https://www.isc.org/support
> Dec 22 12:25:55 verdandi named[18534]:
> ----------------------------------------------------
> Dec 22 12:25:55 verdandi named[18534]: adjusted limit on open files from
> 4096 to 1048576
> Dec 22 12:25:55 verdandi named[18534]: found 4 CPUs, using 4 worker threads
> Dec 22 12:25:55 verdandi named[18534]: using 4 UDP listeners per interface
> Dec 22 12:25:55 verdandi named[18534]: using up to 4096 sockets
> Dec 22 12:25:55 verdandi named[18534]: loading configuration from
> '/etc/bind/named.conf'
> Dec 22 12:25:55 verdandi named[18534]: reading built-in trusted keys
> from file '/etc/bind/bind.keys'
> Dec 22 12:25:55 verdandi named[18534]: using default UDP/IPv4 port
> range: [1024, 65535]
> Dec 22 12:25:55 verdandi named[18534]: using default UDP/IPv6 port
> range: [1024, 65535]
> Dec 22 12:25:55 verdandi named[18534]: no IPv6 interfaces found
> Dec 22 12:25:55 verdandi named[18534]: listening on IPv4 interface lo,
> 127.0.0.1#53
> Dec 22 12:25:55 verdandi named[18534]: listening on IPv4 interface eth0,
> 172.16.10.17#53
> Dec 22 12:25:55 verdandi named[18534]: generating session key for
> dynamic DNS
> Dec 22 12:25:55 verdandi named[18534]: sizing zone task pool based on 22
> zones
> Dec 22 12:25:55 verdandi named[18534]: Loading 'ad.microsult.de'
using
> driver dlopen
> Dec 22 12:25:56 verdandi named[18534]: samba_dlz: started for DN
> DC=ad,DC=microsult,DC=de
> Dec 22 12:25:56 verdandi named[18534]: samba_dlz: starting configure
> Dec 22 12:25:56 verdandi named[18534]: zone 10.16.172.in-addr.arpa/NONE:
> has 0 SOA records
> Dec 22 12:25:56 verdandi named[18534]: zone 10.16.172.in-addr.arpa/NONE:
> has no NS records
> Dec 22 12:25:56 verdandi named[18534]: samba_dlz: Failed to configure
> zone '10.16.172.in-addr.arpa.'
> Dec 22 12:25:56 verdandi named[18534]: loading configuration: bad zone
> Dec 22 12:25:56 verdandi named[18534]: exiting (due to fatal error)
> Dec 22 12:25:56 verdandi named[18534]: samba_dlz: shutting down
>
> It used to run before the update, but a zone with SOA and NS entries is
> of course something strange. The failing zone was fresh, when it first
> started. In fact as viewed from the DC it may only have contained - and
> still contain - the secondary DC itself.
>
> Thanks for your help,
> - lars.
And some more information about this strange effect apparently no-one has seen before. I now added the missing zone: samba-tool dns zonecreate verdandi 10.16.172.in-addr.arpa -U Administrator and it claims that the zone is okay, but the next one is missing: Dec 29 10:31:12 verdandi named[2601]: Loading 'ad.microsult.de' using driver dlopen Dec 29 10:31:12 verdandi named[2601]: samba_dlz: started for DN DC=ad,DC=microsult,DC=de Dec 29 10:31:12 verdandi named[2601]: samba_dlz: starting configure Dec 29 10:31:12 verdandi named[2601]: samba_dlz: configured writeable zone '10.16.172.in-addr.arpa.' Dec 29 10:31:12 verdandi named[2601]: zone 1.16.172.in-addr.arpa/NONE: has 0 SOA records Dec 29 10:31:12 verdandi named[2601]: zone 1.16.172.in-addr.arpa/NONE: has no NS records Dec 29 10:31:12 verdandi named[2601]: samba_dlz: Failed to configure zone '1.16.172.in-addr.arpa.' Dec 29 10:31:12 verdandi named[2601]: loading configuration: bad zone Dec 29 10:31:12 verdandi named[2601]: exiting (due to fatal error) Dec 29 10:31:12 verdandi named[2601]: samba_dlz: shutting down Okay, don't know why it wants it, but it ought to be helped in the same fashion: samba-tool dns zonecreate verdandi 1.16.172.in-addr.arpa -U Administrator And, expect more zones to pop up, but no: Dec 29 10:29:20 verdandi named[2522]: Loading 'ad.microsult.de' using driver dlopen Dec 29 10:29:20 verdandi named[2522]: samba_dlz: started for DN DC=ad,DC=microsult,DC=de Dec 29 10:29:20 verdandi named[2522]: samba_dlz: starting configure Dec 29 10:29:20 verdandi named[2522]: samba_dlz: configured writeable zone '10.16.172.in-addr.arpa.' Dec 29 10:29:20 verdandi named[2522]: samba_dlz: configured writeable zone '1.16.172.in-addr.arpa.' Dec 29 10:29:20 verdandi named[2522]: samba_dlz: Failed to configure zone '10.16.172.in-addr.arpa' Dec 29 10:29:20 verdandi named[2522]: loading configuration: already exists Dec 29 10:29:20 verdandi named[2522]: exiting (due to fatal error) Dec 29 10:29:20 verdandi named[2522]: samba_dlz: shutting down (and as you can see from the dates, this is repeatable) This becomes more and more confusing. Any ideas? Thanks, - lars. Am 24.12.2014 um 13:43 schrieb Lars Hanke:> I dug somewhat deeper into what is going on below and it seems even > stranger. The reverse zone without SOA or NS does not even exist: > > root at verdandi:~# samba-tool dns query localhost 10.16.172.in-addr.arpa @ > ALL -U Administrator > Password for [AD\Administrator]: > ERROR(runtime): uncaught exception - (9714, > 'WERR_DNS_ERROR_NAME_DOES_NOT_EXIST') > File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", > line 175, in _run > return self.run(*args, **kwargs) > File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line > 988, in run > None, record_type, select_flags, None, None) > > So if this zone does not exist, why does BIND_DLZ want to serve it? > > Thanks for your help and merry x-mas, > - lars. > > Am 22.12.2014 um 12:57 schrieb Lars Hanke: >> I just upgraded bind9 on my backup DC to 9.9.5-7-Debian and restarting >> the service failed: >> >> >> Dec 22 12:25:55 verdandi named[18534]: starting BIND 9.9.5-7-Debian -u >> bind -4 >> Dec 22 12:25:55 verdandi named[18534]: built with '--prefix=/usr' >> '--mandir=/usr/share/man' '--infodir=/usr/share/info' >> '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads' >> '--enable-largefile' '--with-libtool' '--enable-shared' >> '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' >> '--with-gnu-ld' '--with-geoip=/usr' '--with-atf=no' '--enable-ipv6' >> '--enable-rrl' '--enable-filter-aaaa' 'CFLAGS=-fno-strict-aliasing >> -fno-delete-null-pointer-checks -DDIG_SIGCHASE -O2' >> Dec 22 12:25:55 verdandi named[18534]: >> ---------------------------------------------------- >> Dec 22 12:25:55 verdandi named[18534]: BIND 9 is maintained by Internet >> Systems Consortium, >> Dec 22 12:25:55 verdandi named[18534]: Inc. (ISC), a non-profit >> 501(c)(3) public-benefit >> Dec 22 12:25:55 verdandi named[18534]: corporation. Support and >> training for BIND 9 are >> Dec 22 12:25:55 verdandi named[18534]: available at >> https://www.isc.org/support >> Dec 22 12:25:55 verdandi named[18534]: >> ---------------------------------------------------- >> Dec 22 12:25:55 verdandi named[18534]: adjusted limit on open files from >> 4096 to 1048576 >> Dec 22 12:25:55 verdandi named[18534]: found 4 CPUs, using 4 worker >> threads >> Dec 22 12:25:55 verdandi named[18534]: using 4 UDP listeners per >> interface >> Dec 22 12:25:55 verdandi named[18534]: using up to 4096 sockets >> Dec 22 12:25:55 verdandi named[18534]: loading configuration from >> '/etc/bind/named.conf' >> Dec 22 12:25:55 verdandi named[18534]: reading built-in trusted keys >> from file '/etc/bind/bind.keys' >> Dec 22 12:25:55 verdandi named[18534]: using default UDP/IPv4 port >> range: [1024, 65535] >> Dec 22 12:25:55 verdandi named[18534]: using default UDP/IPv6 port >> range: [1024, 65535] >> Dec 22 12:25:55 verdandi named[18534]: no IPv6 interfaces found >> Dec 22 12:25:55 verdandi named[18534]: listening on IPv4 interface lo, >> 127.0.0.1#53 >> Dec 22 12:25:55 verdandi named[18534]: listening on IPv4 interface eth0, >> 172.16.10.17#53 >> Dec 22 12:25:55 verdandi named[18534]: generating session key for >> dynamic DNS >> Dec 22 12:25:55 verdandi named[18534]: sizing zone task pool based on 22 >> zones >> Dec 22 12:25:55 verdandi named[18534]: Loading 'ad.microsult.de' using >> driver dlopen >> Dec 22 12:25:56 verdandi named[18534]: samba_dlz: started for DN >> DC=ad,DC=microsult,DC=de >> Dec 22 12:25:56 verdandi named[18534]: samba_dlz: starting configure >> Dec 22 12:25:56 verdandi named[18534]: zone 10.16.172.in-addr.arpa/NONE: >> has 0 SOA records >> Dec 22 12:25:56 verdandi named[18534]: zone 10.16.172.in-addr.arpa/NONE: >> has no NS records >> Dec 22 12:25:56 verdandi named[18534]: samba_dlz: Failed to configure >> zone '10.16.172.in-addr.arpa.' >> Dec 22 12:25:56 verdandi named[18534]: loading configuration: bad zone >> Dec 22 12:25:56 verdandi named[18534]: exiting (due to fatal error) >> Dec 22 12:25:56 verdandi named[18534]: samba_dlz: shutting down >> >> It used to run before the update, but a zone with SOA and NS entries is >> of course something strange. The failing zone was fresh, when it first >> started. In fact as viewed from the DC it may only have contained - and >> still contain - the secondary DC itself. >> >> Thanks for your help, >> - lars. >