I'm testing to a seamless upgrade from 4.3.11 to 4.8.3 on my test setup. Database migrating from 4.3.11 was successful. After "samba-tool dbdcheck --cross-ncs --fix --yes", 4.8.3 was launching ok except replication (4.3.11 to 4.8.3 : WERR_BADFILE). After demoting older ones and seize (transfer doesn't work) all roles to 4.8.3, dns (bind_dlz) service won't start anymore due to the bad zone error. Before demoting and stopping services (samba and bind) on 4.3 DC's, samba_dnsupdate and dns service was working on new 4.8.3. I have 10+ subdomains with reverse dns records. These zones were probably added using RSAT DNS tool in the past. If I did something wrong during join & demote, it would be nice to know if I have any option except deleting/re-adding all subdomain dns records in order to make dns service work again. Jul 24 08:19:21 dc4 named[1526]: loading configuration from '/etc/bind /named.conf' Jul 24 08:19:21 dc4 named[1526]: reading built-in trusted keys from file '/etc/bind/bind.keys' Jul 24 08:19:21 dc4 named[1526]: using default UDP/IPv4 port range: [32768, 60999] Jul 24 08:19:21 dc4 named[1526]: using default UDP/IPv6 port range: [32768, 60999] Jul 24 08:19:21 dc4 named[1526]: listening on IPv6 interfaces, port 53 Jul 24 08:19:21 dc4 named[1526]: listening on IPv4 interface lo, 127.0.0.1#53 Jul 24 08:19:21 dc4 named[1526]: listening on IPv4 interface enp0s3, 10.220.1.22#53 Jul 24 08:19:21 dc4 named[1526]: listening on IPv4 interface enp0s8, 10.0.2.22#53 Jul 24 08:19:21 dc4 named[1526]: generating session key for dynamic DNS Jul 24 08:19:21 dc4 named[1526]: sizing zone task pool based on 5 zones Jul 24 08:19:21 dc4 named[1526]: Loading 'AD DNS Zone' using driver dlopen Jul 24 08:19:21 dc4 named[1526]: samba_dlz: started for DN DC=testdomain,DC=org,DC=tr Jul 24 08:19:21 dc4 named[1526]: samba_dlz: starting configure Jul 24 08:19:21 dc4 named[1526]: zone 0.210.10.in-addr.arpa/NONE: has no NS records Jul 24 08:19:21 dc4 named[1526]: samba_dlz: Failed to configure zone '0.210.10.in-addr.arpa' Jul 24 08:19:21 dc4 named[1526]: loading configuration: bad zone Jul 24 08:19:21 dc4 named[1526]: exiting (due to fatal Jul 24 08:19:21 dc4 systemd[1]: bind9.service: Main process exited, code=exited, status=1/FAILURE Thanks.
On Tue, 24 Jul 2018 09:17:41 +0300 Taner Tas via samba <samba at lists.samba.org> wrote:> I'm testing to a seamless upgrade from 4.3.11 to 4.8.3 on my test > setup. Database migrating from 4.3.11 was successful. After > "samba-tool dbdcheck --cross-ncs --fix --yes", 4.8.3 was launching ok > except replication (4.3.11 to 4.8.3 : WERR_BADFILE). After demoting > older ones and seize (transfer doesn't work) all roles to 4.8.3, dns > (bind_dlz) service won't start anymore due to the bad zone error. > > Before demoting and stopping services (samba and bind) on 4.3 DC's, > samba_dnsupdate and dns service was working on new 4.8.3. > > I have 10+ subdomains with reverse dns records. These zones were > probably added using RSAT DNS tool in the past. If I did something > wrong during join & demote, it would be nice to know if I have any > option except deleting/re-adding all subdomain dns records in order > to make dns service work again. > > Jul 24 08:19:21 dc4 named[1526]: loading configuration from > '/etc/bind /named.conf' > Jul 24 08:19:21 dc4 named[1526]: reading built-in trusted keys from > file '/etc/bind/bind.keys' > Jul 24 08:19:21 dc4 named[1526]: using default UDP/IPv4 port range: > [32768, 60999] > Jul 24 08:19:21 dc4 named[1526]: using default UDP/IPv6 port range: > [32768, 60999] > Jul 24 08:19:21 dc4 named[1526]: listening on IPv6 interfaces, port 53 > Jul 24 08:19:21 dc4 named[1526]: listening on IPv4 interface lo, > 127.0.0.1#53 > Jul 24 08:19:21 dc4 named[1526]: listening on IPv4 interface enp0s3, > 10.220.1.22#53 > Jul 24 08:19:21 dc4 named[1526]: listening on IPv4 interface enp0s8, > 10.0.2.22#53 > Jul 24 08:19:21 dc4 named[1526]: generating session key for dynamic > DNS Jul 24 08:19:21 dc4 named[1526]: sizing zone task pool based on 5 > zones Jul 24 08:19:21 dc4 named[1526]: Loading 'AD DNS Zone' using > driver dlopen Jul 24 08:19:21 dc4 named[1526]: samba_dlz: started for > DN DC=testdomain,DC=org,DC=tr > Jul 24 08:19:21 dc4 named[1526]: samba_dlz: starting configure > Jul 24 08:19:21 dc4 named[1526]: zone 0.210.10.in-addr.arpa/NONE: has > no NS records > Jul 24 08:19:21 dc4 named[1526]: samba_dlz: Failed to configure zone > '0.210.10.in-addr.arpa' > Jul 24 08:19:21 dc4 named[1526]: loading configuration: bad zone > Jul 24 08:19:21 dc4 named[1526]: exiting (due to fatal > Jul 24 08:19:21 dc4 systemd[1]: bind9.service: Main process exited, > code=exited, status=1/FAILURE > > Thanks. >Using samba-tool, delete then recreate the faulty reverse zone(s) Rowland
On 24.07.2018 10:09, Rowland Penny via samba wrote:> On Tue, 24 Jul 2018 09:17:41 +0300 > Taner Tas via samba <samba at lists.samba.org> wrote: > >> I'm testing to a seamless upgrade from 4.3.11 to 4.8.3 on my test >> setup. Database migrating from 4.3.11 was successful. After >> "samba-tool dbdcheck --cross-ncs --fix --yes", 4.8.3 was launching ok >> except replication (4.3.11 to 4.8.3 : WERR_BADFILE). After demoting >> older ones and seize (transfer doesn't work) all roles to 4.8.3, dns >> (bind_dlz) service won't start anymore due to the bad zone error. >> >> Before demoting and stopping services (samba and bind) on 4.3 DC's, >> samba_dnsupdate and dns service was working on new 4.8.3. >> >> I have 10+ subdomains with reverse dns records. These zones were >> probably added using RSAT DNS tool in the past. If I did something >> wrong during join & demote, it would be nice to know if I have any >> option except deleting/re-adding all subdomain dns records in order >> to make dns service work again. >> >> Jul 24 08:19:21 dc4 named[1526]: loading configuration from >> '/etc/bind /named.conf' >> Jul 24 08:19:21 dc4 named[1526]: reading built-in trusted keys from >> file '/etc/bind/bind.keys' >> Jul 24 08:19:21 dc4 named[1526]: using default UDP/IPv4 port range: >> [32768, 60999] >> Jul 24 08:19:21 dc4 named[1526]: using default UDP/IPv6 port range: >> [32768, 60999] >> Jul 24 08:19:21 dc4 named[1526]: listening on IPv6 interfaces, port 53 >> Jul 24 08:19:21 dc4 named[1526]: listening on IPv4 interface lo, >> 127.0.0.1#53 >> Jul 24 08:19:21 dc4 named[1526]: listening on IPv4 interface enp0s3, >> 10.220.1.22#53 >> Jul 24 08:19:21 dc4 named[1526]: listening on IPv4 interface enp0s8, >> 10.0.2.22#53 >> Jul 24 08:19:21 dc4 named[1526]: generating session key for dynamic >> DNS Jul 24 08:19:21 dc4 named[1526]: sizing zone task pool based on 5 >> zones Jul 24 08:19:21 dc4 named[1526]: Loading 'AD DNS Zone' using >> driver dlopen Jul 24 08:19:21 dc4 named[1526]: samba_dlz: started for >> DN DC=testdomain,DC=org,DC=tr >> Jul 24 08:19:21 dc4 named[1526]: samba_dlz: starting configure >> Jul 24 08:19:21 dc4 named[1526]: zone 0.210.10.in-addr.arpa/NONE: has >> no NS records >> Jul 24 08:19:21 dc4 named[1526]: samba_dlz: Failed to configure zone >> '0.210.10.in-addr.arpa' >> Jul 24 08:19:21 dc4 named[1526]: loading configuration: bad zone >> Jul 24 08:19:21 dc4 named[1526]: exiting (due to fatal >> Jul 24 08:19:21 dc4 systemd[1]: bind9.service: Main process exited, >> code=exited, status=1/FAILURE >> >> Thanks. >> > > Using samba-tool, delete then recreate the faulty reverse zone(s) > > Rowland >Ok, I will. Btw, I have to notice that I have to correct some info that I gave in previous email. First, "demote" operation never done at all because replication didn't work after join. Then I did "seize" after shutting down older ones. Second, those faulty zone records weren't belong to "subdomains", they're just different domains assigned to internal IP's. So, keeping these records on a forwarder seems a viable solution. Thanks.
Apparently Analagous Threads
- Bad zone problem after join, seize, demote
- after DCs migration to 4.7, two things
- Issue with DHCP Updating DNS Records on AD DC
- samba_dnsupdate options: --use-samba-tool vs. --use-nsupdate, and dhcpd dynamic updates
- Samba fsmo/demote/unjoin trouble after crash