Samba 4.1.16, Centos 6.6 x86-64, BIND_DLZ 9.9. I have three AD DC's that were functioning normally. However, today I restarted BIND on one node, and it failed to start with this message in the log (names changed): May 10 07:02:49 benford named[6767]: Loading 'AD DNS Zone' using driver dlopen May 10 07:02:49 benford named[6767]: samba_dlz: started for DN DC=samdom,DC=example,DC=com May 10 07:02:49 benford named[6767]: samba_dlz: starting configure May 10 07:02:49 benford named[6767]: samba_dlz: configured writeable zone 'samdom.example.com' May 10 07:02:49 benford named[6767]: zone _msdcs.samdom.example.com/NONE: has no NS records May 10 07:02:49 benford named[6767]: samba_dlz: Failed to configure zone '_msdcs.samdom.example.com' May 10 07:02:49 benford named[6767]: loading configuration: bad zone May 10 07:02:49 benford named[6767]: exiting (due to fatal error) For now, I have excluded samba's named.conf from the BIND configuration, and have manually inserted the relevant _ldap, _kerberos (etc) entries into the relevant zone file. This is the only way I can get BIND to start, and the domain seems to be normally functional in this state. The other two DC's suffer from the same problem. I'd appreciate some insight into how I might fix this in the database. Thanks, Steve -- ---------------------------------------------------------------------------- Steve Thompson E-mail: smt AT vgersoft DOT com Voyager Software LLC Web: http://www DOT vgersoft DOT com 39 Smugglers Path VSW Support: support AT vgersoft DOT com Ithaca, NY 14850 "186,282 miles per second: it's not just a good idea, it's the law" ----------------------------------------------------------------------------
On 10/05/15 12:18, Steve Thompson wrote:> Samba 4.1.16, Centos 6.6 x86-64, BIND_DLZ 9.9. I have three AD DC's that > were functioning normally. However, today I restarted BIND on one node, > and it failed to start with this message in the log (names changed): > > May 10 07:02:49 benford named[6767]: Loading 'AD DNS Zone' using > driver dlopen > May 10 07:02:49 benford named[6767]: samba_dlz: started for DN > DC=samdom,DC=example,DC=com > May 10 07:02:49 benford named[6767]: samba_dlz: starting configure > May 10 07:02:49 benford named[6767]: samba_dlz: configured writeable > zone 'samdom.example.com' > May 10 07:02:49 benford named[6767]: zone > _msdcs.samdom.example.com/NONE: has no NS records > May 10 07:02:49 benford named[6767]: samba_dlz: Failed to configure > zone '_msdcs.samdom.example.com' > May 10 07:02:49 benford named[6767]: loading configuration: bad zone > May 10 07:02:49 benford named[6767]: exiting (due to fatal error) > > For now, I have excluded samba's named.conf from the BIND > configuration, and have manually inserted the relevant _ldap, > _kerberos (etc) entries into the relevant zone file. This is the only > way I can get BIND to start, and the domain seems to be normally > functional in this state. > > The other two DC's suffer from the same problem. I'd appreciate some > insight into how I might fix this in the database. Thanks, > > Steve > -- > ---------------------------------------------------------------------------- > Steve Thompson E-mail: smt AT vgersoft DOT com > Voyager Software LLC Web: http://www DOT vgersoft > DOT com > 39 Smugglers Path VSW Support: support AT vgersoft DOT com > Ithaca, NY 14850 > "186,282 miles per second: it's not just a good idea, it's the law" > ---------------------------------------------------------------------------- >can you post your named conf files. Rowland
On Sun, 10 May 2015, Rowland Penny wrote:> can you post your named conf files.Sure. This is samba's: dlz "AD DNS Zone" { database "dlopen /mnt/domain/samba/europa/lib/bind9/dlz_bind9_9.so"; }; and this is BIND's (notice the last line commented out): options { directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; forwarders {132.236.56.250; 128.253.180.2;}; tkey-gssapi-keytab "/mnt/domain/samba/europa/private/dns.keytab"; allow-recursion { 10.22.200.0/23; 10.84.104.0/26; 192.168.4.0/22; 192.168.12.0/22; 192.168.16.0/22; }; }; controls { inet 127.0.0.1 allow { localhost; }; }; zone "." IN { type hint; file "named.ca"; }; zone "icse.cornell.edu" IN { type master; notify no; file "named.icse.cornell.edu"; }; zone "104.84.10.in-addr.arpa" IN { type master; notify no; file "named.10.84.104"; }; zone "200.22.10.in-addr.arpa" IN { type master; notify no; file "named.10.22.200"; }; zone "201.22.10.in-addr.arpa" IN { type master; notify no; file "named.10.22.201"; }; zone "4.168.192.in-addr.arpa" IN { type master; notify no; file "named.192.168.4"; }; zone "5.168.192.in-addr.arpa" IN { type master; notify no; file "named.192.168.5"; }; zone "6.168.192.in-addr.arpa" IN { type master; notify no; file "named.192.168.6"; }; zone "7.168.192.in-addr.arpa" IN { type master; notify no; file "named.192.168.7"; }; zone "8.168.192.in-addr.arpa" IN { type master; notify no; file "named.192.168.8"; }; zone "9.168.192.in-addr.arpa" IN { type master; notify no; file "named.192.168.9"; }; zone "10.168.192.in-addr.arpa" IN { type master; notify no; file "named.192.168.10"; }; zone "11.168.192.in-addr.arpa" IN { type master; notify no; file "named.192.168.11"; }; zone "12.168.192.in-addr.arpa" IN { type master; notify no; file "named.192.168.12"; }; zone "13.168.192.in-addr.arpa" IN { type master; notify no; file "named.192.168.13"; }; zone "14.168.192.in-addr.arpa" IN { type master; notify no; file "named.192.168.14"; }; zone "15.168.192.in-addr.arpa" IN { type master; notify no; file "named.192.168.15"; }; zone "16.168.192.in-addr.arpa" IN { type master; notify no; file "named.192.168.16"; }; zone "17.168.192.in-addr.arpa" IN { type master; notify no; file "named.192.168.17"; }; zone "18.168.192.in-addr.arpa" IN { type master; notify no; file "named.192.168.18"; }; zone "19.168.192.in-addr.arpa" IN { type master; notify no; file "named.192.168.19"; }; include "/etc/rndc.key"; #include "/mnt/domain/samba/europa/private/named.conf"; -Steve