Santiago Londoño Mejía
2017-Mar-30 13:29 UTC
[Samba] " a misconfigured DNS zone" (was Provision new domain keeping users and passwords (Santiago))
Hello, Thank you very much for your reply. I changed named.conf And this is the log: Mar 30 08:23:35 neptuno named[3419]: sizing zone task pool based on 1 zones Mar 30 08:23:35 neptuno named[3419]: Loading 'AD DNS Zone' using driver dlopen Mar 30 08:23:35 neptuno named[3419]: samba_dlz: started for DN DC=pragma,DC=com,DC=co Mar 30 08:23:35 neptuno named[3419]: samba_dlz: starting configure Mar 30 08:23:35 neptuno named[3419]: samba_dlz: configured writeable zone 'waspruebas.proteccion.com.co' Mar 30 08:23:35 neptuno named[3419]: samba_dlz: configured writeable zone 'segdllo02.suranet.com' Mar 30 08:23:35 neptuno named[3419]: zone dbmed04.pragma.com.co/NONE: has no NS records Mar 30 08:23:35 neptuno named[3419]: samba_dlz: Failed to configure zone 'dbmed04.pragma.com.co' Mar 30 08:23:35 neptuno named[3419]: loading configuration: bad zone Mar 30 08:23:35 neptuno named[3419]: exiting (due to fatal error) Best regards, Santiago. 2017-03-30 2:13 GMT-05:00, L.P.H. van Belle via samba <samba at lists.samba.org>:> Hai, > > Ok, first, 15--03-2017 Rowland replied on your subject : > "Re: [Samba] Problems with replication and dns" > Did you try to setup that config exact as he did show? > > If not, and even if you did, below is your config, but adjusted, at least > now it "usable" for the AD DC. > So please setup this up, restart bind and post the log again. > (more info : https://wiki.samba.org/index.php/Setting_up_a_BIND_DNS_Server) > > I tried to keep your config as much as is, so its easier to track the > changes. Nothing is removed, only remarked where needed. > > > options { > auth-nxdomain yes; > > //listen-on port 53 { 127.0.0.1; }; > //listen-on-v6 port 53 { ::1; }; > directory "/var/named"; > dump-file "/var/named/data/cache_dump.db"; > statistics-file "/var/named/data/named_stats.txt"; > memstatistics-file "/var/named/data/named_mem_stats.txt"; > //allow-query { localhost; }; > recursion yes; > empty-zones-enable no; > > dnssec-enable yes; > dnssec-validation yes; > > tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab"; > > /* Path to ISC DLV key */ > bindkeys-file "/etc/named.iscdlv.key"; > managed-keys-directory "/var/named/dynamic"; > }; > > logging { > channel default_debug { > file "data/named.run"; > severity dynamic; > }; > }; > > // I changed the load order here, make user the DLZ zones are loaded first. > include "/usr/local/samba/private/named.conf"; > > //include "/etc/named.rfc1912.zones"; > include "/etc/named.root.key"; > > zone "." IN { > type hint; > file "named.ca"; > }; > > > Greetz, > > Louis > > > > >> -----Oorspronkelijk bericht----- >> Van: Santiago Londoño Mejía [mailto:santiago.londono at pragma.com.co] >> Verzonden: woensdag 29 maart 2017 17:33 >> Aan: L.P.H. van Belle >> Onderwerp: Re: [Samba] Provision new domain keeping users and passwords >> (Santiago) >> >> Hello, >> >> Thank you very much for your reply >> named.conf: >> >> options { >> listen-on port 53 { 127.0.0.1; }; >> listen-on-v6 port 53 { ::1; }; >> directory "/var/named"; >> dump-file "/var/named/data/cache_dump.db"; >> statistics-file "/var/named/data/named_stats.txt"; >> memstatistics-file "/var/named/data/named_mem_stats.txt"; >> allow-query { localhost; }; >> recursion yes; >> >> dnssec-enable yes; >> dnssec-validation yes; >> tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab"; >> /* Path to ISC DLV key */ >> bindkeys-file "/etc/named.iscdlv.key"; >> >> managed-keys-directory "/var/named/dynamic"; >> }; >> >> logging { >> channel default_debug { >> file "data/named.run"; >> severity dynamic; >> }; >> }; >> >> zone "." IN { >> type hint; >> file "named.ca"; >> }; >> >> include "/etc/named.rfc1912.zones"; >> include "/etc/named.root.key"; >> include "/usr/local/samba/private/named.conf"; >> >> named log: >> >> Mar 29 10:31:00 neptuno named[32096]: sizing zone task pool based on 6 >> zones >> Mar 29 10:31:00 neptuno named[32096]: Loading 'AD DNS Zone' using driver >> dlopen >> Mar 29 10:31:00 neptuno named[32096]: samba_dlz: started for DN >> DC=pragma,DC=com,DC=co >> Mar 29 10:31:00 neptuno named[32096]: samba_dlz: starting configure >> Mar 29 10:31:00 neptuno named[32096]: samba_dlz: configured writeable >> zone 'waspruebas.proteccion.com.co' >> Mar 29 10:31:00 neptuno named[32096]: samba_dlz: configured writeable >> zone 'segdllo02.suranet.com' >> Mar 29 10:31:00 neptuno named[32096]: zone dbmed04.pragma.com.co/NONE: >> has no NS records >> Mar 29 10:31:00 neptuno named[32096]: samba_dlz: Failed to configure >> zone 'dbmed04.pragma.com.co' >> Mar 29 10:31:00 neptuno named[32096]: loading configuration: bad zone >> Mar 29 10:31:00 neptuno named[32096]: exiting (due to fatal error) >> >> Best regards, >> >> Santiago. >> >> 2017-03-29 9:48 GMT-05:00, L.P.H. van Belle via samba >> <samba at lists.samba.org>: >> > Hai Santiago, >> > >> > >> > >> > Your welkom, i hope i can help you out. >> > >> > >> > >> > Post my your bind9 configuration, you can anonimize it if needed, >> > >> > but dont remove any lines from it. >> > >> > >> > >> > And i need a snap of the log when bind is starting up. >> > >> > Like this one : >> > >> > Mar 29 16:42:58 dc1 named[21921]: starting BIND 9.9.5-9+deb8u10-Debian >> > - >> f -u >> > bind >> > >> > Mar 29 16:42:58 dc1 named[21921]: built with '?pr.... etc. . >> > >> > Mar 29 16:42:58 dc1 named[21921]: ---bla bla..... >> > >> > ..... and from this point is what i really want. >> > >> > >> > >> > Mar 29 16:42:58 dc1 named[21921]: using up to 4096 sockets >> > >> > Mar 29 16:42:58 dc1 named[21921]: loading configuration from >> > '/etc/bind/named.conf' >> > >> > Mar 29 16:42:58 dc1 named[21921]: reading built-in trusted keys from >> file >> > '/etc/bind/bind.keys' >> > >> > Mar 29 16:42:58 dc1 named[21921]: using default UDP/IPv4 port range: >> [1024, >> > 65535] >> > >> > Mar 29 16:42:58 dc1 named[21921]: using default UDP/IPv6 port range: >> [1024, >> > 65535] >> > >> > Mar 29 16:42:58 dc1 named[21921]: listening on IPv4 interface lo, >> > 127.0.0.1#53 >> > >> > Mar 29 16:42:58 dc1 named[21921]: listening on IPv4 interface eth0, >> > 192.168.1.1#53 >> > >> > Mar 29 16:42:58 dc1 named[21921]: generating session key for dynamic >> > DNS >> > >> > Mar 29 16:42:58 dc1 named[21921]: sizing zone task pool based on 5 >> > zones >> > >> > Mar 29 16:42:58 dc1 named[21921]: Loading 'AD DNS Zone' using driver >> dlopen >> > >> > Mar 29 16:42:58 dc1 named[21921]: samba_dlz: started for DN >> > DC=officemain,DC=domain,DC=tld >> > >> > Mar 29 16:42:58 dc1 named[21921]: samba_dlz: starting configure >> > >> > Mar 29 16:42:58 dc1 named[21921]: samba_dlz: configured writeable zone >> > '1.168.192.in-addr.arpa' >> > >> > Mar 29 16:42:58 dc1 named[21921]: samba_dlz: configured writeable zone >> > '0.1.10.in-addr.arpa' >> > >> > Mar 29 16:42:58 dc1 named[21921]: samba_dlz: configured writeable zone >> > '1.2.10.in-addr.arpa' >> > >> > Mar 29 16:42:58 dc1 named[21921]: samba_dlz: configured writeable zone >> > '2.3.10.in-addr.arpa' >> > >> > Mar 29 16:42:58 dc1 named[21921]: samba_dlz: configured writeable zone >> > '3.4.10.in-addr.arpa' >> > >> > Mar 29 16:42:58 dc1 named[21921]: samba_dlz: configured writeable zone >> > '4.5.10.in-addr.arpa' >> > >> > Mar 29 16:42:58 dc1 named[21921]: samba_dlz: configured writeable zone >> > 'officemain.domain.tld' >> > >> > Mar 29 16:42:58 dc1 named[21921]: samba_dlz: configured writeable zone >> > 'office1.domain.tld' >> > >> > Mar 29 16:42:58 dc1 named[21921]: samba_dlz: configured writeable zone >> > 'office2.domain.tld' >> > >> > Mar 29 16:42:58 dc1 named[21921]: samba_dlz: configured writeable zone >> > 'office3.domain.tld' >> > >> > Mar 29 16:42:58 dc1 named[21921]: samba_dlz: configured writeable zone >> > 'office4.domain.tld' >> > >> > Mar 29 16:42:58 dc1 named[21921]: samba_dlz: configured writeable zone >> > 'office5.domain.tld' >> > >> > Mar 29 16:42:58 dc1 named[21921]: samba_dlz: configured writeable zone >> > 'domain.tld' >> > >> > Mar 29 16:42:58 dc1 named[21921]: samba_dlz: configured writeable zone >> > '_msdcs.officemain.domain.tld' >> > >> > Mar 29 16:42:58 dc1 named[21921]: set up managed keys zone for view >> > _default, file 'managed-keys.bind' >> > >> > Mar 29 16:42:58 dc1 named[21921]: command channel listening on >> > 127.0.0.1#953 >> > >> > Mar 29 16:42:58 dc1 named[21921]: managed-keys-zone: loaded serial 715 >> > >> > Mar 29 16:42:58 dc1 named[21921]: zone 0.in-addr.arpa/IN: loaded serial >> 1 >> > >> > Mar 29 16:42:58 dc1 named[21921]: zone localhost/IN: loaded serial 2 >> > >> > Mar 29 16:42:58 dc1 named[21921]: zone 127.in-addr.arpa/IN: loaded >> serial 1 >> > >> > Mar 29 16:42:58 dc1 named[21921]: zone 255.in-addr.arpa/IN: loaded >> serial 1 >> > >> > Mar 29 16:42:58 dc1 named[21921]: all zones loaded >> > >> > Mar 29 16:42:58 dc1 named[21921]: running >> > >> > >> > >> > >> > >> >> -----Oorspronkelijk bericht----- >> > >> >> Van: Santiago Londoño Mejía [mailto:santiago.londono at pragma.com.co] >> > >> >> Verzonden: woensdag 29 maart 2017 16:33 >> > >> >> Aan: L.P.H. van Belle >> > >> >> Onderwerp: Re: [Samba] Provision new domain keeping users and >> >> passwords >> > >> >> (Santiago) >> > >> >> >> > >> >> Hello, >> > >> >> backend: bind9_DLZ >> > >> >> >> > >> >> deleting zone WASPRUEBAS.PROTECCION.COM.CO >> > >> >> >> > >> >> ./samba-tool dns zonedelete neptuno waspruebas.proteccion.com.co >> > >> >> ERROR(runtime): uncaught exception - (9717, >> > >> >> 'WERR_DNS_ERROR_DS_UNAVAILABLE') >> > >> >> File "/usr/local/samba/lib64/python2.7/site- >> > >> >> packages/samba/netcmd/__init__.py", >> > >> >> line 175, in _run >> > >> >> return self.run(*args, **kwargs) >> > >> >> File "/usr/local/samba/lib64/python2.7/site- >> > >> >> packages/samba/netcmd/dns.py", >> > >> >> line 925, in run >> > >> >> None) >> > >> >> >> > >> >> Thank you very much for your response >> > >> >> Best regards, >> > >> >> >> > >> >> Santiago. >> > >> >> >> > >> >> >> > >> >> >> > >> >> >> > >> >> >> > >> >> >> > >> >> >> > >> >> >> > >> >> 2017-03-29 9:17 GMT-05:00, L.P.H. van Belle via samba >> > >> >> <samba at lists.samba.org>: >> > >> >> > Hi Santiago, >> > >> >> > >> > >> >> > Same for you? >> > >> >> > Are you running samba internal DNS or bind9_DLZ? >> > >> >> > >> > >> >> > Can you explain a bit more about this? >> > >> >> > >> > >> >> > >> > >> >> > I know the sitiuantion to have problems with zones, and i may know a >> >> > way >> > >> >> to >> > >> >> > get around it. >> > >> >> > At least i did fix something like this about 2 years ago with samba >> > >> >> 4.1.x >> > >> >> > and bind9_dlz. >> > >> >> > >> > >> >> > >> > >> >> > Greetz, >> > >> >> > >> > >> >> > Louis >> > >> >> > >> > >> >> > >> > >> >> > >> > >> >> > -- >> > >> >> > To unsubscribe from this list go to the following URL and read the >> > >> >> > instructions: https://lists.samba.org/mailman/options/samba >> > >> >> > >> > >> >> >> > >> >> >> > >> >> -- >> > >> >> Santiago Londoño Mejía >> > >> >> Analista de Infraestructura >> > >> >> t. (574) 605 25 23 ext. 1232 >> > >> >> m. (57) 3148332567 >> > >> >> Medellín | Carrera 50 C #10 Sur 80 >> > >> >> Bogotá | Medellín | Cali >> > >> >> www.pragma.com.co >> > >> >> >> > >> >> -- >> > >> >> >> > >> >> >> > >> >> Este mensaje es confidencial. Puede contener información privilegiada >> que >> > >> >> pertenece a PRAGMA S.A. y/o a sus clientes, contratistas, directores, >> > >> >> empleados y asesores, por tanto no debe ser usado ni divulgado por >> > >> >> personas distintas a su destinatario. Si obtiene este mensaje por >> error, >> > >> >> equivocación u omisión, por favor bórrelo y avise al remitente. >> > >> >> >> > >> >> Está prohibida su retención, grabación, utilización o divulgación con >> > >> >> cualquier propósito. >> > >> >> >> > >> >> Este mensaje ha sido sometido a programas antivirus. No obstante, >> PRAGMA >> > >> >> S.A. no asume ninguna responsabilidad por eventuales daños generados >> por >> > >> >> el recibo y uso de este material, siendo responsabilidad del >> destinatario >> > >> >> verificar con sus propios medios la existencia de virus u otros >> defectos. >> > >> >> >> > >> >> Las opiniones, conclusiones y otra información contenida en este >> >> correo >> >> no >> > >> >> relacionadas con el negocio oficial de PRAGMA S.A., deben entenderse >> como >> > >> >> personales y de ninguna manera son avaladas por la Compañía. >> > >> > >> > >> > -- >> > To unsubscribe from this list go to the following URL and read the >> > instructions: https://lists.samba.org/mailman/options/samba >> > >> >> >> -- >> Santiago Londoño Mejía >> Analista de Infraestructura >> t. (574) 605 25 23 ext. 1232 >> m. (57) 3148332567 >> Medellín | Carrera 50 C #10 Sur 80 >> Bogotá | Medellín | Cali >> www.pragma.com.co >> >> -- >> >> >> Este mensaje es confidencial. Puede contener información privilegiada que >> pertenece a PRAGMA S.A. y/o a sus clientes, contratistas, directores, >> empleados y asesores, por tanto no debe ser usado ni divulgado por >> personas distintas a su destinatario. Si obtiene este mensaje por error, >> equivocación u omisión, por favor bórrelo y avise al remitente. >> >> Está prohibida su retención, grabación, utilización o divulgación con >> cualquier propósito. >> >> Este mensaje ha sido sometido a programas antivirus. No obstante, PRAGMA >> S.A. no asume ninguna responsabilidad por eventuales daños generados por >> el recibo y uso de este material, siendo responsabilidad del destinatario >> verificar con sus propios medios la existencia de virus u otros defectos. >> >> Las opiniones, conclusiones y otra información contenida en este correo >> no >> relacionadas con el negocio oficial de PRAGMA S.A., deben entenderse como >> personales y de ninguna manera son avaladas por la Compañía. > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >-- Santiago Londoño Mejía Analista de Infraestructura t. (574) 605 25 23 ext. 1232 m. (57) 3148332567 Medellín | Carrera 50 C #10 Sur 80 Bogotá | Medellín | Cali www.pragma.com.co -- Este mensaje es confidencial. Puede contener información privilegiada que pertenece a PRAGMA S.A. y/o a sus clientes, contratistas, directores, empleados y asesores, por tanto no debe ser usado ni divulgado por personas distintas a su destinatario. Si obtiene este mensaje por error, equivocación u omisión, por favor bórrelo y avise al remitente. Está prohibida su retención, grabación, utilización o divulgación con cualquier propósito. Este mensaje ha sido sometido a programas antivirus. No obstante, PRAGMA S.A. no asume ninguna responsabilidad por eventuales daños generados por el recibo y uso de este material, siendo responsabilidad del destinatario verificar con sus propios medios la existencia de virus u otros defectos. Las opiniones, conclusiones y otra información contenida en este correo no relacionadas con el negocio oficial de PRAGMA S.A., deben entenderse como personales y de ninguna manera son avaladas por la Compañía.
Rowland Penny
2017-Mar-30 13:49 UTC
[Samba] " a misconfigured DNS zone" (was Provision new domain keeping users and passwords (Santiago))
On Thu, 30 Mar 2017 08:29:10 -0500 Santiago Londoño Mejía via samba <samba at lists.samba.org> wrote:> Hello, > Thank you very much for your reply. > I changed named.conf And this is the log: > > Mar 30 08:23:35 neptuno named[3419]: sizing zone task pool based on 1 > zones Mar 30 08:23:35 neptuno named[3419]: Loading 'AD DNS Zone' > using driver dlopen Mar 30 08:23:35 neptuno named[3419]: samba_dlz: > started for DN DC=pragma,DC=com,DC=co > Mar 30 08:23:35 neptuno named[3419]: samba_dlz: starting configure > Mar 30 08:23:35 neptuno named[3419]: samba_dlz: configured writeable > zone 'waspruebas.proteccion.com.co' > Mar 30 08:23:35 neptuno named[3419]: samba_dlz: configured writeable > zone 'segdllo02.suranet.com' > Mar 30 08:23:35 neptuno named[3419]: zone dbmed04.pragma.com.co/NONE: > has no NS records > Mar 30 08:23:35 neptuno named[3419]: samba_dlz: Failed to configure > zone 'dbmed04.pragma.com.co' > Mar 30 08:23:35 neptuno named[3419]: loading configuration: bad zone > Mar 30 08:23:35 neptuno named[3419]: exiting (due to fatal error) >Why have you got three forward zones in AD ? waspruebas.proteccion.com.co segdllo02.suranet.com dbmed04.pragma.com.co Especially as none of them is: pragma.com.co Which it should be be because of: DC=pragma,DC=com,DC=co Have you tried to remove them with: samba-tool dns zonedelete <server> <zone> It might help if you can confirm just what zones you have in AD with: samba-tool dns zonelist <server> Rowland
Santiago Londoño Mejía
2017-Apr-06 18:31 UTC
[Samba] " a misconfigured DNS zone" (was Provision new domain keeping users and passwords (Santiago))
Hello, Thank you very much for your response, sorry for the delay I can not list the zones, get this error: ¿What else could I verify so I did not reinstall the domain? Best regards, Santiago. Password for [PRAGMA\ADMINISTRATOR]: ERROR(runtime): uncaught exception - (9717, 'WERR_DNS_ERROR_DS_UNAVAILABLE') File "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/__init__.py" , line 175, in _run return self.run(*args, **kwargs) File "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/dns.py", lin e 821, in run request_filter) 2017-03-30 8:49 GMT-05:00, Rowland Penny via samba <samba at lists.samba.org>:> On Thu, 30 Mar 2017 08:29:10 -0500 > Santiago Londoño Mejía via samba <samba at lists.samba.org> wrote: > >> Hello, >> Thank you very much for your reply. >> I changed named.conf And this is the log: >> >> Mar 30 08:23:35 neptuno named[3419]: sizing zone task pool based on 1 >> zones Mar 30 08:23:35 neptuno named[3419]: Loading 'AD DNS Zone' >> using driver dlopen Mar 30 08:23:35 neptuno named[3419]: samba_dlz: >> started for DN DC=pragma,DC=com,DC=co >> Mar 30 08:23:35 neptuno named[3419]: samba_dlz: starting configure >> Mar 30 08:23:35 neptuno named[3419]: samba_dlz: configured writeable >> zone 'waspruebas.proteccion.com.co' >> Mar 30 08:23:35 neptuno named[3419]: samba_dlz: configured writeable >> zone 'segdllo02.suranet.com' >> Mar 30 08:23:35 neptuno named[3419]: zone dbmed04.pragma.com.co/NONE: >> has no NS records >> Mar 30 08:23:35 neptuno named[3419]: samba_dlz: Failed to configure >> zone 'dbmed04.pragma.com.co' >> Mar 30 08:23:35 neptuno named[3419]: loading configuration: bad zone >> Mar 30 08:23:35 neptuno named[3419]: exiting (due to fatal error) >> > > Why have you got three forward zones in AD ? > > waspruebas.proteccion.com.co > segdllo02.suranet.com > dbmed04.pragma.com.co > > Especially as none of them is: > > pragma.com.co > > Which it should be be because of: > > DC=pragma,DC=com,DC=co > > Have you tried to remove them with: > > samba-tool dns zonedelete <server> <zone> > > It might help if you can confirm just what zones you have in AD with: > > samba-tool dns zonelist <server> > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >-- Santiago Londoño Mejía Analista de Infraestructura t. (574) 605 25 23 ext. 1232 m. (57) 3148332567 Medellín | Carrera 50 C #10 Sur 80 Bogotá | Medellín | Cali www.pragma.com.co -- Este mensaje es confidencial. Puede contener información privilegiada que pertenece a PRAGMA S.A. y/o a sus clientes, contratistas, directores, empleados y asesores, por tanto no debe ser usado ni divulgado por personas distintas a su destinatario. Si obtiene este mensaje por error, equivocación u omisión, por favor bórrelo y avise al remitente. Está prohibida su retención, grabación, utilización o divulgación con cualquier propósito. Este mensaje ha sido sometido a programas antivirus. No obstante, PRAGMA S.A. no asume ninguna responsabilidad por eventuales daños generados por el recibo y uso de este material, siendo responsabilidad del destinatario verificar con sus propios medios la existencia de virus u otros defectos. Las opiniones, conclusiones y otra información contenida en este correo no relacionadas con el negocio oficial de PRAGMA S.A., deben entenderse como personales y de ninguna manera son avaladas por la Compañía.
Possibly Parallel Threads
- " a misconfigured DNS zone" (was Provision new domain keeping users and passwords (Santiago))
- " a misconfigured DNS zone" (was Provision new domain keeping users and passwords (Santiago))
- Problems with replication and dns
- Problems with replication and dns
- " a misconfigured DNS zone" (was Provision new domain keeping users and passwords (Santiago))