samba - Jun 2019 - DLZ Backend DNS Hosed

Hello,


I'm in trouble here with what appears to be a total meltdown of my DNS on my
Domain Controllers.


I only have two DCs right now and I cannot resolve anything on either of them. I
am on Ubuntu 16.04 with a compiled version of Samba 4.10.4.


I also have a compiled version of BIND 9.10.3-P4-Ubuntu <id:ebd72b3>


# service bind9 status
? bind9.service - BIND Domain Name Server
? ?Loaded: loaded (/lib/systemd/system/bind9.service; enabled; vendor preset:
enabled)
? Drop-In: /run/systemd/generator/bind9.service.d
? ? ? ? ? ???50-insserv.conf-$named.conf
? ?Active: failed (Result: exit-code) since Tue 2019-06-18 21:14:39 CDT; 27min
ago
? ? ?Docs: man:named(8)
? Process: 28347 ExecStop=/usr/sbin/rndc stop (code=exited, status=1/FAILURE)
? Process: 28329 ExecStart=/usr/sbin/named -f $OPTIONS (code=exited,
status=1/FAILURE)
?Main PID: 28329 (code=exited, status=1/FAILURE)


Jun 18 21:14:39 cordelia named[28329]: samba_dlz: starting configure
Jun 18 21:14:39 cordelia named[28329]: zone mydomain.com/NONE: has no NS records
Jun 18 21:14:39 cordelia named[28329]: samba_dlz: Failed to configure zone
'mydomain.com'
Jun 18 21:14:39 cordelia named[28329]: loading configuration: bad zone
Jun 18 21:14:39 cordelia named[28329]: exiting (due to fatal error)
Jun 18 21:14:39 cordelia systemd[1]: bind9.service: Main process exited,
code=exited, status=1/FAILURE
Jun 18 21:14:39 cordelia rndc[28347]: rndc: connect failed: 127.0.0.1#953:
connection refused
Jun 18 21:14:39 cordelia systemd[1]: bind9.service: Control process exited,
code=exited status=1
Jun 18 21:14:39 cordelia systemd[1]: bind9.service: Unit entered failed state.
Jun 18 21:14:39 cordelia systemd[1]: bind9.service: Failed with result
'exit-code'.


It appears that somehow I lost my NS records for one of my zones. It seems that
I cannot get BIND up long enough to edit anything.


I've been able to delete my non-essential zones with samba-tool:



?# ?samba-tool dns zonedelete localhost mydomain.com
?# ?samba-tool dns zonedelete localhost 7.168.192.in-addr.arpa
?# ?samba-tool dns zonedelete localhost 3.168.192.in-addr.arpa
?# ?samba-tool dns zonedelete localhost 2.168.192.in-addr.arpa
?# ?samba-tool dns zonedelete localhost 11.168.192.in-addr.arpa
?# ?samba-tool dns zonedelete localhost 5.168.192.in-addr.arpa


But now my error is "zone _msdcs.samdom.mydomain.net/NONE: has no NS
records" and I am real nervous to delete that zone.


Does anyone know what I can do to get my samba DC to have NS records that my
BIND DNS server will understand and therefore load?



Thanks,
Matthew

? 2019 KNOCK, inc. All rights reserved. KNOCK is a registered trademark of
KNOCK, inc. This message and any attachments contain information, which is
confidential and/or privileged. If you are not the intended recipient, please
refrain from any disclosure, copying, distribution or use of this information.
Please be aware that such actions are prohibited. If you have received this
transmission in error, kindly notify the sender by e-mail. Your cooperation is
appreciated.

I bought myself some time by recovering from backups. But now I'm back to
the beginning of my problem: My DNS Updates are failing.

> # tail -f /var/log/syslog
> Jun 19 00:03:54 hyperion samba: task[dnsupdate][1408]: ?
/usr/sbin/samba_dnsupdate: ? File "/usr/sbin/samba_dnsupdate", line
324, in check_dns_name
> Jun 19 00:03:54 hyperion samba: task[dnsupdate][1408]: [2019/06/19
00:03:54.111392, ?0] ../../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
> Jun 19 00:03:54 hyperion samba: task[dnsupdate][1408]: ?
/usr/sbin/samba_dnsupdate: ? ? raise Exception("Unable to contact a working
DNS server while looking for %s as %s" % (d, normalised_name))
> Jun 19 00:03:54 hyperion samba: task[dnsupdate][1408]: [2019/06/19
00:03:54.111459, ?0] ../../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
> Jun 19 00:03:54 hyperion samba: task[dnsupdate][1408]: ?
/usr/sbin/samba_dnsupdate: Exception: Unable to contact a working DNS server
while looking for NS samdom.mydomain.net hyperion.samdom.mydomain.net as
samdom.mydomain.net.
> Jun 19 00:03:54 hyperion samba: task[dnsupdate][1408]: [2019/06/19
00:03:54.174939, ?0]
../../source4/dsdb/dns/dns_update.c:331(dnsupdate_nameupdate_done)
> Jun 19 00:03:54 hyperion samba: task[dnsupdate][1408]: ?
dnsupdate_nameupdate_done: Failed DNS update with exit code 1
> Jun 19 00:09:16 hyperion systemd[1]: Starting Cleanup of Temporary
Directories...
> Jun 19 00:09:16 hyperion systemd-tmpfiles[3341]:
[/usr/lib/tmpfiles.d/var.conf:14] Duplicate line for path "/var/log",
ignoring.
> Jun 19 00:09:17 hyperion systemd[1]: Started Cleanup of Temporary
Directories.
> Jun 19 00:13:54 hyperion samba: task[dnsupdate][1408]: [2019/06/19
00:13:54.224346, ?0] ../../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
> Jun 19 00:13:54 hyperion samba: task[dnsupdate][1408]: ?
/usr/sbin/samba_dnsupdate: Traceback (most recent call last):
> Jun 19 00:13:54 hyperion samba: task[dnsupdate][1408]: [2019/06/19
00:13:54.224592, ?0] ../../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
> Jun 19 00:13:54 hyperion samba: task[dnsupdate][1408]: ?
/usr/sbin/samba_dnsupdate: ? File "/usr/sbin/samba_dnsupdate", line
320, in check_dns_name
> Jun 19 00:13:54 hyperion samba: task[dnsupdate][1408]: [2019/06/19
00:13:54.224686, ?0] ../../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
> Jun 19 00:13:54 hyperion samba: task[dnsupdate][1408]: ?
/usr/sbin/samba_dnsupdate: ? ? ans = check_one_dns_name(normalised_name, d.type,
d)
> Jun 19 00:13:54 hyperion samba: task[dnsupdate][1408]: [2019/06/19
00:13:54.226397, ?0] ../../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
> Jun 19 00:13:54 hyperion samba: task[dnsupdate][1408]: ?
/usr/sbin/samba_dnsupdate: ? File "/usr/sbin/samba_dnsupdate", line
296, in check_one_dns_name
> Jun 19 00:13:54 hyperion samba: task[dnsupdate][1408]: [2019/06/19
00:13:54.226465, ?0] ../../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
> Jun 19 00:13:54 hyperion samba: task[dnsupdate][1408]: ?
/usr/sbin/samba_dnsupdate: ? ? ans = resolver.query(name, name_type)
> Jun 19 00:13:54 hyperion samba: task[dnsupdate][1408]: [2019/06/19
00:13:54.226528, ?0] ../../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
> Jun 19 00:13:54 hyperion samba: task[dnsupdate][1408]: ?
/usr/sbin/samba_dnsupdate: ? File
"/usr/lib/python3/dist-packages/dns/resolver.py", line 821, in query
> Jun 19 00:13:54 hyperion samba: task[dnsupdate][1408]: [2019/06/19
00:13:54.226592, ?0] ../../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
> Jun 19 00:13:54 hyperion samba: task[dnsupdate][1408]: ?
/usr/sbin/samba_dnsupdate: ? ? raise NoNameservers
> Jun 19 00:13:54 hyperion samba: task[dnsupdate][1408]: [2019/06/19
00:13:54.226654, ?0] ../../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
> Jun 19 00:13:54 hyperion samba: task[dnsupdate][1408]: ?
/usr/sbin/samba_dnsupdate: dns.resolver.NoNameservers
> Jun 19 00:13:54 hyperion samba: task[dnsupdate][1408]: [2019/06/19
00:13:54.226733, ?0] ../../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
> Jun 19 00:13:54 hyperion samba: task[dnsupdate][1408]: ?
/usr/sbin/samba_dnsupdate:
> Jun 19 00:13:54 hyperion samba: task[dnsupdate][1408]: [2019/06/19
00:13:54.226916, ?0] ../../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
> Jun 19 00:13:54 hyperion samba: task[dnsupdate][1408]: ?
/usr/sbin/samba_dnsupdate: During handling of the above exception, another
exception occurred:
> Jun 19 00:13:54 hyperion samba: task[dnsupdate][1408]: [2019/06/19
00:13:54.226996, ?0] ../../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
> Jun 19 00:13:54 hyperion samba: task[dnsupdate][1408]: ?
/usr/sbin/samba_dnsupdate:
> Jun 19 00:13:54 hyperion samba: task[dnsupdate][1408]: [2019/06/19
00:13:54.227077, ?0] ../../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
> Jun 19 00:13:54 hyperion samba: task[dnsupdate][1408]: ?
/usr/sbin/samba_dnsupdate: Traceback (most recent call last):
> Jun 19 00:13:54 hyperion samba: task[dnsupdate][1408]: [2019/06/19
00:13:54.227142, ?0] ../../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
> Jun 19 00:13:54 hyperion samba: task[dnsupdate][1408]: ?
/usr/sbin/samba_dnsupdate: ? File "/usr/sbin/samba_dnsupdate", line
851, in <module>
> Jun 19 00:13:54 hyperion samba: task[dnsupdate][1408]: [2019/06/19
00:13:54.227205, ?0] ../../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
> Jun 19 00:13:54 hyperion samba: task[dnsupdate][1408]: ?
/usr/sbin/samba_dnsupdate: ? ? elif not check_dns_name(d):
> Jun 19 00:13:54 hyperion samba: task[dnsupdate][1408]: [2019/06/19
00:13:54.227267, ?0] ../../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
> Jun 19 00:13:54 hyperion samba: task[dnsupdate][1408]: ?
/usr/sbin/samba_dnsupdate: ? File "/usr/sbin/samba_dnsupdate", line
324, in check_dns_name
> Jun 19 00:13:54 hyperion samba: task[dnsupdate][1408]: [2019/06/19
00:13:54.227328, ?0] ../../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
> Jun 19 00:13:54 hyperion samba: task[dnsupdate][1408]: ?
/usr/sbin/samba_dnsupdate: ? ? raise Exception("Unable to contact a working
DNS server while looking for %s as %s" % (d, normalised_name))
> Jun 19 00:13:54 hyperion samba: task[dnsupdate][1408]: [2019/06/19
00:13:54.227392, ?0] ../../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
> Jun 19 00:13:54 hyperion samba: task[dnsupdate][1408]: ?
/usr/sbin/samba_dnsupdate: Exception: Unable to contact a working DNS server
while looking for NS samdom.mydomain.net hyperion.samdom.mydomain.net as
samdom.mydomain.net.
> Jun 19 00:13:54 hyperion samba: task[dnsupdate][1408]: [2019/06/19
00:13:54.299788, ?0]
../../source4/dsdb/dns/dns_update.c:331(dnsupdate_nameupdate_done)
> Jun 19 00:13:54 hyperion samba: task[dnsupdate][1408]: ?
dnsupdate_nameupdate_done: Failed DNS update with exit code 1


> # samba_dnsupdate --verbos --all-names
> IPs: ['192.168.123.202']
> force update: A hyperion.samdom.mydomain.net 192.168.123.202
> force update: NS samdom.mydomain.net hyperion.samdom.mydomain.net
> force update: NS _msdcs.samdom.mydomain.net hyperion.samdom.mydomain.net
> force update: A samdom.mydomain.net 192.168.123.202
> force update: SRV _ldap._tcp.samdom.mydomain.net
hyperion.samdom.mydomain.net 389
> force update: SRV _ldap._tcp.dc._msdcs.samdom.mydomain.net
hyperion.samdom.mydomain.net 389
> force update: SRV
_ldap._tcp.02418c22-7df8-4ea3-aee8-ad1ce0c03cd8.domains._msdcs.samdom.mydomain.net
hyperion.samdom.mydomain.net 389
> force update: SRV _kerberos._tcp.samdom.mydomain.net
hyperion.samdom.mydomain.net 88
> force update: SRV _kerberos._udp.samdom.mydomain.net
hyperion.samdom.mydomain.net 88
> force update: SRV _kerberos._tcp.dc._msdcs.samdom.mydomain.net
hyperion.samdom.mydomain.net 88
> force update: SRV _kpasswd._tcp.samdom.mydomain.net
hyperion.samdom.mydomain.net 464
> force update: SRV _kpasswd._udp.samdom.mydomain.net
hyperion.samdom.mydomain.net 464
> force update: CNAME
6b121b6c-7bbe-48fb-8c71-915e1bb3920f._msdcs.samdom.mydomain.net
hyperion.samdom.mydomain.net
> force update: SRV
_ldap._tcp.Default-First-Site-Name._sites.samdom.mydomain.net
hyperion.samdom.mydomain.net 389
> force update: SRV
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.samdom.mydomain.net
hyperion.samdom.mydomain.net 389
> force update: SRV
_kerberos._tcp.Default-First-Site-Name._sites.samdom.mydomain.net
hyperion.samdom.mydomain.net 88
> force update: SRV
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.samdom.mydomain.net
hyperion.samdom.mydomain.net 88
> force update: A gc._msdcs.samdom.mydomain.net 192.168.123.202
> force update: SRV _gc._tcp.samdom.mydomain.net hyperion.samdom.mydomain.net
3268
> force update: SRV _ldap._tcp.gc._msdcs.samdom.mydomain.net
hyperion.samdom.mydomain.net 3268
> force update: SRV
_gc._tcp.Default-First-Site-Name._sites.samdom.mydomain.net
hyperion.samdom.mydomain.net 3268
> force update: SRV
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.samdom.mydomain.net
hyperion.samdom.mydomain.net 3268
> force update: A DomainDnsZones.samdom.mydomain.net 192.168.123.202
> force update: SRV _ldap._tcp.DomainDnsZones.samdom.mydomain.net
hyperion.samdom.mydomain.net 389
> force update: SRV
_ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.samdom.mydomain.net
hyperion.samdom.mydomain.net 389
> force update: A ForestDnsZones.samdom.mydomain.net 192.168.123.202
> force update: SRV _ldap._tcp.ForestDnsZones.samdom.mydomain.net
hyperion.samdom.mydomain.net 389
> force update: SRV
_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.samdom.mydomain.net
hyperion.samdom.mydomain.net 389
> 28 DNS updates and 0 DNS deletes needed
> Traceback (most recent call last):
> ? File "/usr/sbin/samba_dnsupdate", line 886, in <module>
> ? ? creds = get_credentials(lp)
> ? File "/usr/sbin/samba_dnsupdate", line 204, in get_credentials
> ? ? get_krb5_rw_dns_server(creds, sub_vars['DNSDOMAIN'] +
'.')
> ? File "/usr/sbin/samba_dnsupdate", line 161, in
get_krb5_rw_dns_server
> ? ? rw_dns_servers = get_possible_rw_dns_server(creds, domain)
> ? File "/usr/sbin/samba_dnsupdate", line 136, in
get_possible_rw_dns_server
> ? ? ans_soa = check_one_dns_name(domain, 'SOA')
> ? File "/usr/sbin/samba_dnsupdate", line 296, in
check_one_dns_name
> ? ? ans = resolver.query(name, name_type)
> ? File "/usr/lib/python3/dist-packages/dns/resolver.py", line
821, in query
> ? ? raise NoNameservers
> dns.resolver.NoNameservers

So, while my backup got me to a place where DNS sort of works again, there's
still some problem in there and I would really appreeciate some help from the
experts on what might be causing this / how I can fix it.


Thanks,
Matthew




 From:   Matthew Delfino via samba <samba at lists.samba.org> 
 To:   "samba at lists.samba.org" <samba at lists.samba.org> 
 Sent:   6/18/2019 10:00 PM 
 Subject:   [Samba] DLZ Backend DNS Hosed 

 
Hello, 
 
 
I'm in trouble here with what appears to be a total meltdown of my DNS on my
Domain Controllers.
 
 
I only have two DCs right now and I cannot resolve anything on either of them. I
am on Ubuntu 16.04 with a compiled version of Samba 4.10.4.
 
 
I also have a compiled version of BIND 9.10.3-P4-Ubuntu <id:ebd72b3> 
 
 
# service bind9 status 
? bind9.service - BIND Domain Name Server 
? ?Loaded: loaded (/lib/systemd/system/bind9.service; enabled; vendor preset:
enabled)
? Drop-In: /run/systemd/generator/bind9.service.d 
? ? ? ? ? ???50-insserv.conf-$named.conf 
? ?Active: failed (Result: exit-code) since Tue 2019-06-18 21:14:39 CDT; 27min
ago
? ? ?Docs: man:named(8) 
? Process: 28347 ExecStop=/usr/sbin/rndc stop (code=exited, status=1/FAILURE) 
? Process: 28329 ExecStart=/usr/sbin/named -f $OPTIONS (code=exited,
status=1/FAILURE)
?Main PID: 28329 (code=exited, status=1/FAILURE) 
 
 
Jun 18 21:14:39 cordelia named[28329]: samba_dlz: starting configure 
Jun 18 21:14:39 cordelia named[28329]: zone mydomain.com/NONE: has no NS records
Jun 18 21:14:39 cordelia named[28329]: samba_dlz: Failed to configure zone
'mydomain.com'
Jun 18 21:14:39 cordelia named[28329]: loading configuration: bad zone 
Jun 18 21:14:39 cordelia named[28329]: exiting (due to fatal error) 
Jun 18 21:14:39 cordelia systemd[1]: bind9.service: Main process exited,
code=exited, status=1/FAILURE
Jun 18 21:14:39 cordelia rndc[28347]: rndc: connect failed: 127.0.0.1#953:
connection refused
Jun 18 21:14:39 cordelia systemd[1]: bind9.service: Control process exited,
code=exited status=1
Jun 18 21:14:39 cordelia systemd[1]: bind9.service: Unit entered failed state. 
Jun 18 21:14:39 cordelia systemd[1]: bind9.service: Failed with result
'exit-code'.
 
 
It appears that somehow I lost my NS records for one of my zones. It seems that
I cannot get BIND up long enough to edit anything.
 
 
I've been able to delete my non-essential zones with samba-tool: 
 
 
 
?# ?samba-tool dns zonedelete localhost mydomain.com 
?# ?samba-tool dns zonedelete localhost 7.168.192.in-addr.arpa 
?# ?samba-tool dns zonedelete localhost 3.168.192.in-addr.arpa 
?# ?samba-tool dns zonedelete localhost 2.168.192.in-addr.arpa 
?# ?samba-tool dns zonedelete localhost 11.168.192.in-addr.arpa 
?# ?samba-tool dns zonedelete localhost 5.168.192.in-addr.arpa 
 
 
But now my error is "zone _msdcs.samdom.mydomain.net/NONE: has no NS
records" and I am real nervous to delete that zone.
 
 
Does anyone know what I can do to get my samba DC to have NS records that my
BIND DNS server will understand and therefore load?
 
 
 
Thanks, 
Matthew 
 
? 2019 KNOCK, inc. All rights reserved. KNOCK is a registered trademark of
KNOCK, inc. This message and any attachments contain information, which is
confidential and/or privileged. If you are not the intended recipient, please
refrain from any disclosure, copying, distribution or use of this information.
Please be aware that such actions are prohibited. If you have received this
transmission in error, kindly notify the sender by e-mail. Your cooperation is
appreciated.
--  
To unsubscribe from this list go to the following URL and read the 
instructions: ?https://lists.samba.org/mailman/options/samba 
 


? 2019 KNOCK, inc. All rights reserved. KNOCK is a registered trademark of
KNOCK, inc. This message and any attachments contain information, which is
confidential and/or privileged. If you are not the intended recipient, please
refrain from any disclosure, copying, distribution or use of this information.
Please be aware that such actions are prohibited. If you have received this
transmission in error, kindly notify the sender by e-mail. Your cooperation is
appreciated.

Hai, 


For bind, please to add this for bind if you use bind_DLZ. 
How : systemctl edit bind9, or create the file manualy and run systemctl
daemon-reload after.
The edit command already does the reload. 

# /etc/systemd/system/bind9.service.d/override.conf
[Service]
ExecReload

But same for you.  ;-) as the other list message today. ([Samba] Reverse DNS) 
Can you run this for me on the DC's. 
https://raw.githubusercontent.com/thctlo/samba4/master/samba-collect-debug-info.sh
And post the output

It tells me almost all i need to know to help you fix this. 

Greetz, 

Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Matthew Delfino via samba
> Verzonden: woensdag 19 juni 2019 5:00
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] DLZ Backend DNS Hosed
> 
> 
> Hello,
> 
> 
> I'm in trouble here with what appears to be a total meltdown 
> of my DNS on my Domain Controllers.
> 
> 
> I only have two DCs right now and I cannot resolve anything 
> on either of them. I am on Ubuntu 16.04 with a compiled 
> version of Samba 4.10.4.
> 
> 
> I also have a compiled version of BIND 9.10.3-P4-Ubuntu <id:ebd72b3>
> 
> 
> # service bind9 status
> ??? bind9.service - BIND Domain Name Server
> ? ?Loaded: loaded (/lib/systemd/system/bind9.service; 
> enabled; vendor preset: enabled)
> ? Drop-In: /run/systemd/generator/bind9.service.d
> ? ? ? ? ? ???????50-insserv.conf-$named.conf
> ? ?Active: failed (Result: exit-code) since Tue 2019-06-18 
> 21:14:39 CDT; 27min ago
> ? ? ?Docs: man:named(8)
> ? Process: 28347 ExecStop=/usr/sbin/rndc stop (code=exited, 
> status=1/FAILURE)
> ? Process: 28329 ExecStart=/usr/sbin/named -f $OPTIONS 
> (code=exited, status=1/FAILURE)
> ?Main PID: 28329 (code=exited, status=1/FAILURE)
> 
> 
> Jun 18 21:14:39 cordelia named[28329]: samba_dlz: starting configure
> Jun 18 21:14:39 cordelia named[28329]: zone 
> mydomain.com/NONE: has no NS records
> Jun 18 21:14:39 cordelia named[28329]: samba_dlz: Failed to 
> configure zone 'mydomain.com'
> Jun 18 21:14:39 cordelia named[28329]: loading configuration: bad zone
> Jun 18 21:14:39 cordelia named[28329]: exiting (due to fatal error)
> Jun 18 21:14:39 cordelia systemd[1]: bind9.service: Main 
> process exited, code=exited, status=1/FAILURE
> Jun 18 21:14:39 cordelia rndc[28347]: rndc: connect failed: 
> 127.0.0.1#953: connection refused
> Jun 18 21:14:39 cordelia systemd[1]: bind9.service: Control 
> process exited, code=exited status=1
> Jun 18 21:14:39 cordelia systemd[1]: bind9.service: Unit 
> entered failed state.
> Jun 18 21:14:39 cordelia systemd[1]: bind9.service: Failed 
> with result 'exit-code'.
> 
> 
> It appears that somehow I lost my NS records for one of my 
> zones. It seems that I cannot get BIND up long enough to edit 
> anything.
> 
> 
> I've been able to delete my non-essential zones with samba-tool:
> 
> 
> 
> ?# ?samba-tool dns zonedelete localhost mydomain.com
> ?# ?samba-tool dns zonedelete localhost 7.168.192.in-addr.arpa
> ?# ?samba-tool dns zonedelete localhost 3.168.192.in-addr.arpa
> ?# ?samba-tool dns zonedelete localhost 2.168.192.in-addr.arpa
> ?# ?samba-tool dns zonedelete localhost 11.168.192.in-addr.arpa
> ?# ?samba-tool dns zonedelete localhost 5.168.192.in-addr.arpa
> 
> 
> But now my error is "zone _msdcs.samdom.mydomain.net/NONE: 
> has no NS records" and I am real nervous to delete that zone.
> 
> 
> Does anyone know what I can do to get my samba DC to have NS 
> records that my BIND DNS server will understand and therefore load?
> 
> 
> 
> Thanks,
> Matthew
> 
> ? 2019 KNOCK, inc. All rights reserved. KNOCK is a registered 
> trademark of KNOCK, inc. This message and any attachments 
> contain information, which is confidential and/or privileged. 
> If you are not the intended recipient, please refrain from 
> any disclosure, copying, distribution or use of this 
> information. Please be aware that such actions are 
> prohibited. If you have received this transmission in error, 
> kindly notify the sender by e-mail. Your cooperation is appreciated.
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
>

Nice shell script,?Louis. Here are the results:



Collected config ?--- 2019-06-20-12:46 -----------


Hostname: umbriel
DNS Domain: samdom.mycompany.net
FQDN: umbriel.samdom.mycompany.net
ipaddress: 192.168.3.203?


-----------


Samba is running as an AD DC


-----------
? ? ? ?Checking file: /etc/os-release


NAME="Ubuntu"
VERSION="16.04.6 LTS (Xenial Xerus)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 16.04.6 LTS"
VERSION_ID="16.04"
HOME_URL="http://www.ubuntu.com/"
SUPPORT_URL="http://help.ubuntu.com/"
BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/"
VERSION_CODENAME=xenial
UBUNTU_CODENAME=xenial


-----------




This computer is running Ubuntu 16.04.6 LTS x86_64


-----------
running command : ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group
default qlen 1
? ? link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
? ? inet 127.0.0.1/8 scope host lo
? ? inet6 ::1/128 scope host?
2: ens32: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
state UP group default qlen 1000
? ? link/ether 00:50:56:a5:50:b3 brd ff:ff:ff:ff:ff:ff
? ? inet 192.168.3.203/24 brd 192.168.3.255 scope global ens32
? ? inet6 fe80::250:56ff:fea5:50b3/64 scope link?


-----------
? ? ? ?Checking file: /etc/hosts


127.0.0.1 localhost
192.168.3.203 umbriel.samdom.mycompany.net umbriel


# The following lines are desirable for IPv6 capable hosts
::1 ? ? localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters


-----------


? ? ? ?Checking file: /etc/resolv.conf


# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# ? ? DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 192.168.3.201
nameserver 192.168.3.202
search samdom.mycompany.net mycompany.net mycompany.com


-----------


? ? ? ?Checking file: /etc/krb5.conf


[logging]
? ? ? ? default = FILE:/var/log/krb5libs.log
? ? ? ? kdc = FILE:/var/log/krb5kdc.log
? ? ? ? admin_server = FILE:/var/log/kadmin.log


[libdefaults]
? ? ? ? default_realm = SAMDOM.MYCOMPANY.NET
? ? ? ? dns_lookup_realm = false
? ? ? ? dns_lookup_kdc = true
? ? ? ? ticket_lifetime = 24h
? ? ? ? renew_lifetime = 7d
? ? ? ? forwardable = true


-----------


? ? ? ?Checking file: /etc/nsswitch.conf


# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed,
try:
# `info libc "Name Service Switch"' for information about this
file.


passwd: ? ? ? ? compat
group: ? ? ? ? ?compat
shadow: ? ? ? ? compat
gshadow: ? ? ? ?files


hosts: ? ? ? ? ?files dns
networks: ? ? ? files


protocols: ? ? ?db files
services: ? ? ? db files
ethers: ? ? ? ? db files
rpc: ? ? ? ? ? ?db files


netgroup: ? ? ? nis


-----------


? ? ? ?Checking file: /etc/samba/smb.conf


# Global parameters
[global]
 netbios name = UMBRIEL
 realm = SAMDOM.MYCOMPANY.NET
 server role = active directory domain controller
 #server services = -dns
 server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd,
ntp_signd, kcc, dnsupdate
 workgroup = SAMDOM
 idmap_ldb:use rfc2307 = yes
 #dns forwarder = 8.8.4.4
 #dns forwarder = 8.8.8.8
 allow dns updates = disabled
 dsdb:schema update allowed = true
 printcap name = /dev/null
 load printers = no
 printing = bsd?
 ldap server require strong auth = no?
 ldap ssl = start tls
 tls enabled ?= yes
 tls keyfile ?= tls/myKey.pem
 tls certfile = tls/umbriel_samdom_mycompany_net.pem
 tls cafile ? = tls/umbriel_samdom_mycompany_net.ca-bundle.pem
 #log file = /var/log/samba/%a.%M.log
 max log size = 2048
 log level = 1 auth_audit:3
 apply group policies = yes
 mdns name = mdns


[netlogon]
 path = /var/lib/samba/sysvol/samdom.mycompany.net/scripts
 read only = No


[sysvol]
 path = /var/lib/samba/sysvol
 read only = No


-----------


Detected bind DLZ enabled..
? ? ? ?Checking file: /etc/bind/named.conf


// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the?
// structure of BIND configuration files in Debian, *BEFORE* you customize?
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local


include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
include "/var/lib/samba/bind-dns/named.conf";


-----------


? ? ? ?Checking file: /etc/bind/named.conf.options


options {


 auth-nxdomain yes;
 directory "/var/cache/bind";
 dnssec-validation auto;
 empty-zones-enable no;
 managed-keys-directory "/var/cache/bind/";
 notify yes; // Not recommended.
 tkey-gssapi-keytab "/var/lib/samba/bind-dns/dns.keytab"; // For
Dynamic DNS


 allow-query {
 any;
 };


 allow-recursion {
 any;
 };
?
 allow-transfer {
 192.168.3.47; ? // DNS2
 192.168.3.48; ? // DNS1
 192.168.5.47; ? // Opal
 192.168.5.48; ? // Pyrite
 192.168.0.8; ? ?// DNS3
 192.168.0.9; ? ?// DNS4
 };


 also-notify {
 192.168.3.47; ? // DNS2
 192.168.3.48; ? // DNS1
 192.168.5.47; ? // Opal
 192.168.5.48; ? // Pyrite
 192.168.0.8; ? ?// DNS3
 192.168.0.9; ? ?// DNS4
 };


 allow-notify {
 192.168.3.47; ? // DNS2
 192.168.3.48; ? // DNS1
 192.168.5.47; ? // Opal
 192.168.5.48; ? // Pyrite
 192.168.0.8; ? ?// DNS3
 192.168.0.9; ? ?// DNS4
 };


 forwarders {
 9.9.9.9;
 1.1.1.1;
 8.8.8.8;
 8.8.4.4;
 };
};


-----------


? ? ? ?Checking file: /etc/bind/named.conf.local


//
// Do any local configuration here
//


// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";


-----------


? ? ? ?Checking file: /etc/bind/named.conf.default-zones


// prime the server with knowledge of the root servers
zone "." {
 type hint;
 file "/etc/bind/db.root";
};


// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912


zone "localhost" {
 type master;
 file "/etc/bind/db.local";
};


zone "7.in-addr.arpa" {
 type master;
 file "/etc/bind/db.127";
};


zone "0.in-addr.arpa" {
 type master;
 file "/etc/bind/db.0";
};


zone "255.in-addr.arpa" {
 type master;
 file "/etc/bind/db.255";
};


-----------


Samba DNS zone list: ? 10 zone(s) found


? pszZoneName ? ? ? ? ? ? ? ? : mycompany.com
? Flags ? ? ? ? ? ? ? ? ? ? ? : DNS_RPC_ZONE_DSINTEGRATED
DNS_RPC_ZONE_UPDATE_SECURE?
? ZoneType ? ? ? ? ? ? ? ? ? ?: DNS_ZONE_TYPE_PRIMARY
? Version ? ? ? ? ? ? ? ? ? ? : 50
? dwDpFlags ? ? ? ? ? ? ? ? ? : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT
DNS_DP_ENLISTED?
? pszDpFqdn ? ? ? ? ? ? ? ? ? : DomainDnsZones.samdom.mycompany.net


? pszZoneName ? ? ? ? ? ? ? ? : 7.168.192.in-addr.arpa
? Flags ? ? ? ? ? ? ? ? ? ? ? : DNS_RPC_ZONE_DSINTEGRATED
DNS_RPC_ZONE_UPDATE_SECURE?
? ZoneType ? ? ? ? ? ? ? ? ? ?: DNS_ZONE_TYPE_PRIMARY
? Version ? ? ? ? ? ? ? ? ? ? : 50
? dwDpFlags ? ? ? ? ? ? ? ? ? : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT
DNS_DP_ENLISTED?
? pszDpFqdn ? ? ? ? ? ? ? ? ? : DomainDnsZones.samdom.mycompany.net


? pszZoneName ? ? ? ? ? ? ? ? : 3.168.192.in-addr.arpa
? Flags ? ? ? ? ? ? ? ? ? ? ? : DNS_RPC_ZONE_DSINTEGRATED
DNS_RPC_ZONE_UPDATE_SECURE?
? ZoneType ? ? ? ? ? ? ? ? ? ?: DNS_ZONE_TYPE_PRIMARY
? Version ? ? ? ? ? ? ? ? ? ? : 50
? dwDpFlags ? ? ? ? ? ? ? ? ? : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT
DNS_DP_ENLISTED?
? pszDpFqdn ? ? ? ? ? ? ? ? ? : DomainDnsZones.samdom.mycompany.net


? pszZoneName ? ? ? ? ? ? ? ? : 2.168.192.in-addr.arpa
? Flags ? ? ? ? ? ? ? ? ? ? ? : DNS_RPC_ZONE_DSINTEGRATED
DNS_RPC_ZONE_UPDATE_SECURE?
? ZoneType ? ? ? ? ? ? ? ? ? ?: DNS_ZONE_TYPE_PRIMARY
? Version ? ? ? ? ? ? ? ? ? ? : 50
? dwDpFlags ? ? ? ? ? ? ? ? ? : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT
DNS_DP_ENLISTED?
? pszDpFqdn ? ? ? ? ? ? ? ? ? : DomainDnsZones.samdom.mycompany.net


? pszZoneName ? ? ? ? ? ? ? ? : 11.168.192.in-addr.arpa
? Flags ? ? ? ? ? ? ? ? ? ? ? : DNS_RPC_ZONE_DSINTEGRATED
DNS_RPC_ZONE_UPDATE_SECURE?
? ZoneType ? ? ? ? ? ? ? ? ? ?: DNS_ZONE_TYPE_PRIMARY
? Version ? ? ? ? ? ? ? ? ? ? : 50
? dwDpFlags ? ? ? ? ? ? ? ? ? : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT
DNS_DP_ENLISTED?
? pszDpFqdn ? ? ? ? ? ? ? ? ? : DomainDnsZones.samdom.mycompany.net


? pszZoneName ? ? ? ? ? ? ? ? : mycompany.loc
? Flags ? ? ? ? ? ? ? ? ? ? ? : DNS_RPC_ZONE_DSINTEGRATED
DNS_RPC_ZONE_UPDATE_SECURE?
? ZoneType ? ? ? ? ? ? ? ? ? ?: DNS_ZONE_TYPE_PRIMARY
? Version ? ? ? ? ? ? ? ? ? ? : 50
? dwDpFlags ? ? ? ? ? ? ? ? ? : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT
DNS_DP_ENLISTED?
? pszDpFqdn ? ? ? ? ? ? ? ? ? : DomainDnsZones.samdom.mycompany.net


? pszZoneName ? ? ? ? ? ? ? ? : samdom.mycompany.net
? Flags ? ? ? ? ? ? ? ? ? ? ? : DNS_RPC_ZONE_DSINTEGRATED
DNS_RPC_ZONE_UPDATE_SECURE?
? ZoneType ? ? ? ? ? ? ? ? ? ?: DNS_ZONE_TYPE_PRIMARY
? Version ? ? ? ? ? ? ? ? ? ? : 50
? dwDpFlags ? ? ? ? ? ? ? ? ? : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT
DNS_DP_ENLISTED?
? pszDpFqdn ? ? ? ? ? ? ? ? ? : DomainDnsZones.samdom.mycompany.net


? pszZoneName ? ? ? ? ? ? ? ? : 5.168.192.in-addr.arpa
? Flags ? ? ? ? ? ? ? ? ? ? ? : DNS_RPC_ZONE_DSINTEGRATED
DNS_RPC_ZONE_UPDATE_SECURE?
? ZoneType ? ? ? ? ? ? ? ? ? ?: DNS_ZONE_TYPE_PRIMARY
? Version ? ? ? ? ? ? ? ? ? ? : 50
? dwDpFlags ? ? ? ? ? ? ? ? ? : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT
DNS_DP_ENLISTED?
? pszDpFqdn ? ? ? ? ? ? ? ? ? : DomainDnsZones.samdom.mycompany.net


? pszZoneName ? ? ? ? ? ? ? ? : mycompany.net
? Flags ? ? ? ? ? ? ? ? ? ? ? : DNS_RPC_ZONE_DSINTEGRATED
DNS_RPC_ZONE_UPDATE_SECURE?
? ZoneType ? ? ? ? ? ? ? ? ? ?: DNS_ZONE_TYPE_PRIMARY
? Version ? ? ? ? ? ? ? ? ? ? : 50
? dwDpFlags ? ? ? ? ? ? ? ? ? : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT
DNS_DP_ENLISTED?
? pszDpFqdn ? ? ? ? ? ? ? ? ? : DomainDnsZones.samdom.mycompany.net


? pszZoneName ? ? ? ? ? ? ? ? : _msdcs.samdom.mycompany.net
? Flags ? ? ? ? ? ? ? ? ? ? ? : DNS_RPC_ZONE_DSINTEGRATED
DNS_RPC_ZONE_UPDATE_SECURE?
? ZoneType ? ? ? ? ? ? ? ? ? ?: DNS_ZONE_TYPE_PRIMARY
? Version ? ? ? ? ? ? ? ? ? ? : 50
? dwDpFlags ? ? ? ? ? ? ? ? ? : DNS_DP_AUTOCREATED DNS_DP_FOREST_DEFAULT
DNS_DP_ENLISTED?
? pszDpFqdn ? ? ? ? ? ? ? ? ? : ForestDnsZones.samdom.mycompany.net


Samba DNS zone list Automated check :?
zone : mycompany.com ok, no Bind flat-files found
-----------
zone : 7.168.192.in-addr.arpa ok, no Bind flat-files found
-----------
zone : 3.168.192.in-addr.arpa ok, no Bind flat-files found
-----------
zone : 2.168.192.in-addr.arpa ok, no Bind flat-files found
-----------
zone : 11.168.192.in-addr.arpa ok, no Bind flat-files found
-----------
zone : mycompany.loc ok, no Bind flat-files found
-----------
zone : samdom.mycompany.net ok, no Bind flat-files found
-----------
zone : 5.168.192.in-addr.arpa ok, no Bind flat-files found
-----------
zone : mycompany.net ok, no Bind flat-files found
-----------
zone : _msdcs.samdom.mycompany.net ok, no Bind flat-files found
-----------


Installed packages:
ii ?acl ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 2.2.52-3 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?
? ? amd64 ? ? ? ?Access control list utilities
ii ?attr ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?1:2.4.47-2 ? ? ? ? ? ? ? ? ? ? ? ? ? ?
? ? amd64 ? ? ? ?Utilities for manipulating filesystem extended attributes
hi ?bind9 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 1:9.10.3.dfsg.P4-8ubuntu1.12 ? ? ? ? ?
? ? amd64 ? ? ? ?Internet Domain Name Server
ii ?bind9-doc ? ? ? ? ? ? ? ? ? ? ? ? ? ? 1:9.10.3.dfsg.P4-8ubuntu1.14 ? ? ? ? ?
? ? all ? ? ? ? ?Documentation for BIND
ii ?bind9-host ? ? ? ? ? ? ? ? ? ? ? ? ? ?1:9.10.3.dfsg.P4-8ubuntu1.12 ? ? ? ? ?
? ? amd64 ? ? ? ?Version of 'host' bundled with BIND 9.X
ii ?bind9utils ? ? ? ? ? ? ? ? ? ? ? ? ? ?1:9.10.3.dfsg.P4-8ubuntu1.12 ? ? ? ? ?
? ? amd64 ? ? ? ?Utilities for BIND
ii ?krb5-config ? ? ? ? ? ? ? ? ? ? ? ? ? 2.3 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?
? ? ?all ? ? ? ? ?Configuration files for Kerberos Version 5
ii ?krb5-locales ? ? ? ? ? ? ? ? ? ? ? ? ?1.13.2+dfsg-5ubuntu2.1 ? ? ? ? ? ? ? ?
? ? all ? ? ? ? ?Internationalization support for MIT Kerberos
ii ?krb5-multidev ? ? ? ? ? ? ? ? ? ? ? ? 1.13.2+dfsg-5ubuntu2.1 ? ? ? ? ? ? ? ?
? ? amd64 ? ? ? ?Development files for MIT Kerberos without Heimdal conflict
ii ?krb5-user ? ? ? ? ? ? ? ? ? ? ? ? ? ? 1.13.2+dfsg-5ubuntu2.1 ? ? ? ? ? ? ? ?
? ? amd64 ? ? ? ?Basic programs to authenticate using MIT Kerberos
ii ?libacl1:amd64 ? ? ? ? ? ? ? ? ? ? ? ? 2.2.52-3 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?
? ? amd64 ? ? ? ?Access control list shared library
ii ?libacl1-dev ? ? ? ? ? ? ? ? ? ? ? ? ? 2.2.52-3 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?
? ? amd64 ? ? ? ?Access control list static libraries and headers
ii ?libattr1:amd64 ? ? ? ? ? ? ? ? ? ? ? ?1:2.4.47-2 ? ? ? ? ? ? ? ? ? ? ? ? ? ?
? ? amd64 ? ? ? ?Extended attribute shared library
ii ?libattr1-dev:amd64 ? ? ? ? ? ? ? ? ? ?1:2.4.47-2 ? ? ? ? ? ? ? ? ? ? ? ? ? ?
? ? amd64 ? ? ? ?Extended attribute static libraries and headers
ii ?libbind9-140:amd64 ? ? ? ? ? ? ? ? ? ?1:9.10.3.dfsg.P4-8ubuntu1.12 ? ? ? ? ?
? ? amd64 ? ? ? ?BIND9 Shared Library used by BIND
ii ?libgssapi-krb5-2:amd64 ? ? ? ? ? ? ? ?1.13.2+dfsg-5ubuntu2.1 ? ? ? ? ? ? ? ?
? ? amd64 ? ? ? ?MIT Kerberos runtime libraries - krb5 GSS-API Mechanism
ii ?libkrb5-26-heimdal:amd64 ? ? ? ? ? ? ?1.7~git20150920+dfsg-4ubuntu1.16.04.1
? ? ?amd64 ? ? ? ?Heimdal Kerberos - libraries
ii ?libkrb5-3:amd64 ? ? ? ? ? ? ? ? ? ? ? 1.13.2+dfsg-5ubuntu2.1 ? ? ? ? ? ? ? ?
? ? amd64 ? ? ? ?MIT Kerberos runtime libraries
ii ?libkrb5-dev ? ? ? ? ? ? ? ? ? ? ? ? ? 1.13.2+dfsg-5ubuntu2.1 ? ? ? ? ? ? ? ?
? ? amd64 ? ? ? ?Headers and development libraries for MIT Kerberos
ii ?libkrb5support0:amd64 ? ? ? ? ? ? ? ? 1.13.2+dfsg-5ubuntu2.1 ? ? ? ? ? ? ? ?
? ? amd64 ? ? ? ?MIT Kerberos runtime libraries - Support library


-----------




 From:   L.P.H. van Belle via samba <samba at lists.samba.org> 
 To:   "samba at lists.samba.org" <samba at lists.samba.org> 
 Sent:   6/19/2019 1:48 AM 
 Subject:   Re: [Samba] DLZ Backend DNS Hosed 

Hai,  
 
 
For bind, please to add this for bind if you use bind_DLZ.  
How : systemctl edit bind9, or create the file manualy and run systemctl
daemon-reload after.
The edit command already does the reload.  
 
# /etc/systemd/system/bind9.service.d/override.conf 
[Service] 
ExecReload= 
 
 
But same for you. ?;-) as the other list message today. ([Samba] Reverse DNS)  
Can you run this for me on the DC's.  
https://raw.githubusercontent.com/thctlo/samba4/master/samba-collect-debug-info.sh
And post the output 
 
It tells me almost all i need to know to help you fix this.  
 
Greetz,  
 
Louis 
 
> -----Oorspronkelijk bericht----- 
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens  
> Matthew Delfino via samba 
> Verzonden: woensdag 19 juni 2019 5:00 
> Aan: samba at lists.samba.org 
> Onderwerp: [Samba] DLZ Backend DNS Hosed 
>  
>  
> Hello, 
>  
>  
> I'm in trouble here with what appears to be a total meltdown  
> of my DNS on my Domain Controllers. 
>  
>  
> I only have two DCs right now and I cannot resolve anything  
> on either of them. I am on Ubuntu 16.04 with a compiled  
> version of Samba 4.10.4. 
>  
>  
> I also have a compiled version of BIND 9.10.3-P4-Ubuntu <id:ebd72b3> 
>  
>  
> # service bind9 status 
> ??? bind9.service - BIND Domain Name Server 
> ? ?Loaded: loaded (/lib/systemd/system/bind9.service;  
> enabled; vendor preset: enabled) 
> ? Drop-In: /run/systemd/generator/bind9.service.d 
> ? ? ? ? ? ???????50-insserv.conf-$named.conf 
> ? ?Active: failed (Result: exit-code) since Tue 2019-06-18  
> 21:14:39 CDT; 27min ago 
> ? ? ?Docs: man:named(8) 
> ? Process: 28347 ExecStop=/usr/sbin/rndc stop (code=exited,  
> status=1/FAILURE) 
> ? Process: 28329 ExecStart=/usr/sbin/named -f $OPTIONS  
> (code=exited, status=1/FAILURE) 
> ?Main PID: 28329 (code=exited, status=1/FAILURE) 
>  
>  
> Jun 18 21:14:39 cordelia named[28329]: samba_dlz: starting configure 
> Jun 18 21:14:39 cordelia named[28329]: zone  
> mydomain.com/NONE: has no NS records 
> Jun 18 21:14:39 cordelia named[28329]: samba_dlz: Failed to  
> configure zone 'mydomain.com' 
> Jun 18 21:14:39 cordelia named[28329]: loading configuration: bad zone 
> Jun 18 21:14:39 cordelia named[28329]: exiting (due to fatal error) 
> Jun 18 21:14:39 cordelia systemd[1]: bind9.service: Main  
> process exited, code=exited, status=1/FAILURE 
> Jun 18 21:14:39 cordelia rndc[28347]: rndc: connect failed:  
> 127.0.0.1#953: connection refused 
> Jun 18 21:14:39 cordelia systemd[1]: bind9.service: Control  
> process exited, code=exited status=1 
> Jun 18 21:14:39 cordelia systemd[1]: bind9.service: Unit  
> entered failed state. 
> Jun 18 21:14:39 cordelia systemd[1]: bind9.service: Failed  
> with result 'exit-code'. 
>  
>  
> It appears that somehow I lost my NS records for one of my  
> zones. It seems that I cannot get BIND up long enough to edit  
> anything. 
>  
>  
> I've been able to delete my non-essential zones with samba-tool: 
>  
>  
>  
> ?# ?samba-tool dns zonedelete localhost mydomain.com 
> ?# ?samba-tool dns zonedelete localhost 7.168.192.in-addr.arpa 
> ?# ?samba-tool dns zonedelete localhost 3.168.192.in-addr.arpa 
> ?# ?samba-tool dns zonedelete localhost 2.168.192.in-addr.arpa 
> ?# ?samba-tool dns zonedelete localhost 11.168.192.in-addr.arpa 
> ?# ?samba-tool dns zonedelete localhost 5.168.192.in-addr.arpa 
>  
>  
> But now my error is "zone _msdcs.samdom.mydomain.net/NONE:  
> has no NS records" and I am real nervous to delete that zone. 
>  
>  
> Does anyone know what I can do to get my samba DC to have NS  
> records that my BIND DNS server will understand and therefore load? 
>  
>  
>  
> Thanks, 
> Matthew 
>  
> ? 2019 KNOCK, inc. All rights reserved. KNOCK is a registered  
> trademark of KNOCK, inc. This message and any attachments  
> contain information, which is confidential and/or privileged.  
> If you are not the intended recipient, please refrain from  
> any disclosure, copying, distribution or use of this  
> information. Please be aware that such actions are  
> prohibited. If you have received this transmission in error,  
> kindly notify the sender by e-mail. Your cooperation is appreciated. 
> --  
> To unsubscribe from this list go to the following URL and read the 
> instructions: ?https://lists.samba.org/mailman/options/samba 
>  
>  
 
 
--  
To unsubscribe from this list go to the following URL and read the 
instructions: ?https://lists.samba.org/mailman/options/samba 
 


? 2019 KNOCK, inc. All rights reserved. KNOCK is a registered trademark of
KNOCK, inc. This message and any attachments contain information, which is
confidential and/or privileged. If you are not the intended recipient, please
refrain from any disclosure, copying, distribution or use of this information.
Please be aware that such actions are prohibited. If you have received this
transmission in error, kindly notify the sender by e-mail. Your cooperation is
appreciated.

Hai, 
?
Part, one, see the comments in between first. 
?
part 2. this part. 
?
This is the main problem. 
127.0.0.1 localhost
192.168.3.203 umbriel.samdom.mycompany.net umbriel??????? < correct. 


# The following lines are desirable for IPv6 capable hosts
::1 ? ? localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters


-----------


? ? ? ?Checking file: /etc/resolv.conf


# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# ? ? DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 192.168.3.201
nameserver 192.168.3.202
search samdom.mycompany.net mycompany.net mycompany.com
?
?


But where is the DC here, 
?
I suggest, fix you resolvconf setup first. 
you want to see: 
nameserver 192.168.3.203 nameserver 192.168.3.201
nameserver 192.168.3.202

?
reboot and/or run : samba_upgradedns --dns-backend=BIND9_DLZ 
and then reboot, that should have fixed you base in DNS. 
?
?
Greetz, 
?
Louis
?
?
?

Van: Matthew Delfino [mailto:mdelfino.list.samba at knockinc.com] 
Verzonden: donderdag 20 juni 2019 20:00
Aan: L.P.H. van Belle; samba at lists.samba.org
Onderwerp: Re: [Samba] DLZ Backend DNS Hosed



Nice shell script,?Louis. Here are the results: 

Collected config ?--- 2019-06-20-12:46 -----------


Hostname: umbriel
DNS Domain: samdom.mycompany.net
FQDN: umbriel.samdom.mycompany.net
ipaddress: 192.168.3.203?


-----------


Samba is running as an AD DC


-----------
? ? ? ?Checking file: /etc/os-release


NAME="Ubuntu"
VERSION="16.04.6 LTS (Xenial Xerus)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 16.04.6 LTS"
VERSION_ID="16.04"
HOME_URL="http://www.ubuntu.com/"
SUPPORT_URL="http://help.ubuntu.com/"
BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/"
VERSION_CODENAME=xenial
UBUNTU_CODENAME=xenial


-----------




This computer is running Ubuntu 16.04.6 LTS x86_64


-----------
running command : ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group
default qlen 1
? ? link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
? ? inet 127.0.0.1/8 scope host lo
? ? inet6 ::1/128 scope host?
2: ens32: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
state UP group default qlen 1000
? ? link/ether 00:50:56:a5:50:b3 brd ff:ff:ff:ff:ff:ff
? ? inet 192.168.3.203/24 brd 192.168.3.255 scope global ens32
? ? inet6 fe80::250:56ff:fea5:50b3/64 scope link?


-----------
? ? ? ?Checking file: /etc/hosts


127.0.0.1 localhost
192.168.3.203 umbriel.samdom.mycompany.net umbriel


# The following lines are desirable for IPv6 capable hosts
::1 ? ? localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters


-----------


? ? ? ?Checking file: /etc/resolv.conf


# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# ? ? DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 192.168.3.201
nameserver 192.168.3.202
search samdom.mycompany.net mycompany.net mycompany.com


-----------


? ? ? ?Checking file: /etc/krb5.conf


[logging]
? ? ? ? default = FILE:/var/log/krb5libs.log
? ? ? ? kdc = FILE:/var/log/krb5kdc.log
? ? ? ? admin_server = FILE:/var/log/kadmin.log


[libdefaults]
? ? ? ? default_realm = SAMDOM.MYCOMPANY.NET
? ? ? ? dns_lookup_realm = false
? ? ? ? dns_lookup_kdc = true
? ? ? ? ticket_lifetime = 24h
? ? ? ? renew_lifetime = 7d
? ? ? ? forwardable = true


-----------


? ? ? ?Checking file: /etc/nsswitch.conf


# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed,
try:
# `info libc "Name Service Switch"' for information about this
file.

?
# HERE, optional, if you need it, add winbind to passwd and group. 
# # ?passwd: ? ? ? ? compat? winbind?
# ?group: ? ? ? ? ?compat??winbind?

#
passwd: ? ? ? ? compat
group: ? ? ? ? ?compat
shadow: ? ? ? ? compat
gshadow: ? ? ? ?files


hosts: ? ? ? ? ?files dns
networks: ? ? ? files


protocols: ? ? ?db files
services: ? ? ? db files
ethers: ? ? ? ? db files
rpc: ? ? ? ? ? ?db files


netgroup: ? ? ? nis


-----------


? ? ? ?Checking file: /etc/samba/smb.conf


# Global parameters
[global]
netbios name = UMBRIEL
realm = SAMDOM.MYCOMPANY.NET
server role = active directory domain controller
#server services = -dns
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd,
ntp_signd, kcc, dnsupdate
workgroup = SAMDOM
idmap_ldb:use rfc2307 = yes
#dns forwarder = 8.8.4.4
#dns forwarder = 8.8.8.8
allow dns updates = disabled
dsdb:schema update allowed = true?
# HERE set??dsdb:schema update allowed = false? , only set yes, if you adjusting
the schema.
?
printcap name = /dev/null
load printers = no
printing = bsd?
ldap server require strong auth = no?
?# ?ldap ssl = start tls??? < remove this one, its for NT4DOM setups. ?
tls enabled ?= yes
tls keyfile ?= tls/myKey.pem
tls certfile = tls/umbriel_samdom_mycompany_net.pem
tls cafile ? = tls/umbriel_samdom_mycompany_net.ca-bundle.pem
#log file = /var/log/samba/%a.%M.log
max log size = 2048
log level = 1 auth_audit:3
apply group policies = yes
mdns name = mdns?????< ?? that reflexs to the netbios name, so remove it. the
default is fine.


[netlogon]
path = /var/lib/samba/sysvol/samdom.mycompany.net/scripts
read only = No


[sysvol]
path = /var/lib/samba/sysvol
read only = No


-----------


Detected bind DLZ enabled..
? ? ? ?Checking file: /etc/bind/named.conf


// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the?
// structure of BIND configuration files in Debian, *BEFORE* you customize?
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local


include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
include "/var/lib/samba/bind-dns/named.conf";


-----------


? ? ? ?Checking file: /etc/bind/named.conf.options


options {


auth-nxdomain yes;
directory "/var/cache/bind";
dnssec-validation auto;
empty-zones-enable no;?
managed-keys-directory "/var/cache/bind/";
notify yes; // Not recommended.?
?
tkey-gssapi-keytab "/var/lib/samba/bind-dns/dns.keytab"; // For
Dynamic DNS


allow-query {
any;
};


allow-recursion {
any;
};
?
allow-transfer {
192.168.3.47; ? // DNS2
192.168.3.48; ? // DNS1
192.168.5.47; ? // Opal
192.168.5.48; ? // Pyrite
192.168.0.8; ? ?// DNS3
192.168.0.9; ? ?// DNS4
};


also-notify {
192.168.3.47; ? // DNS2
192.168.3.48; ? // DNS1
192.168.5.47; ? // Opal
192.168.5.48; ? // Pyrite
192.168.0.8; ? ?// DNS3
192.168.0.9; ? ?// DNS4
};


allow-notify {
192.168.3.47; ? // DNS2
192.168.3.48; ? // DNS1
192.168.5.47; ? // Opal
192.168.5.48; ? // Pyrite
192.168.0.8; ? ?// DNS3
192.168.0.9; ? ?// DNS4
};


forwarders {
9.9.9.9;
1.1.1.1;
8.8.8.8;
8.8.4.4;
};
};


-----------


? ? ? ?Checking file: /etc/bind/named.conf.local


//
// Do any local configuration here
//


// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";


-----------


? ? ? ?Checking file: /etc/bind/named.conf.default-zones


// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/etc/bind/db.root";
};


// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912


zone "localhost" {
type master;
file "/etc/bind/db.local";
};


zone "7.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};


zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};


zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};


-----------


Samba DNS zone list: ? 10 zone(s) found


? pszZoneName ? ? ? ? ? ? ? ? : mycompany.com
? Flags ? ? ? ? ? ? ? ? ? ? ? : DNS_RPC_ZONE_DSINTEGRATED
DNS_RPC_ZONE_UPDATE_SECURE?
? ZoneType ? ? ? ? ? ? ? ? ? ?: DNS_ZONE_TYPE_PRIMARY
? Version ? ? ? ? ? ? ? ? ? ? : 50
? dwDpFlags ? ? ? ? ? ? ? ? ? : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT
DNS_DP_ENLISTED?
? pszDpFqdn ? ? ? ? ? ? ? ? ? : DomainDnsZones.samdom.mycompany.net


? pszZoneName ? ? ? ? ? ? ? ? : 7.168.192.in-addr.arpa
? Flags ? ? ? ? ? ? ? ? ? ? ? : DNS_RPC_ZONE_DSINTEGRATED
DNS_RPC_ZONE_UPDATE_SECURE?
? ZoneType ? ? ? ? ? ? ? ? ? ?: DNS_ZONE_TYPE_PRIMARY
? Version ? ? ? ? ? ? ? ? ? ? : 50
? dwDpFlags ? ? ? ? ? ? ? ? ? : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT
DNS_DP_ENLISTED?
? pszDpFqdn ? ? ? ? ? ? ? ? ? : DomainDnsZones.samdom.mycompany.net


? pszZoneName ? ? ? ? ? ? ? ? : 3.168.192.in-addr.arpa
? Flags ? ? ? ? ? ? ? ? ? ? ? : DNS_RPC_ZONE_DSINTEGRATED
DNS_RPC_ZONE_UPDATE_SECURE?
? ZoneType ? ? ? ? ? ? ? ? ? ?: DNS_ZONE_TYPE_PRIMARY
? Version ? ? ? ? ? ? ? ? ? ? : 50
? dwDpFlags ? ? ? ? ? ? ? ? ? : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT
DNS_DP_ENLISTED?
? pszDpFqdn ? ? ? ? ? ? ? ? ? : DomainDnsZones.samdom.mycompany.net


? pszZoneName ? ? ? ? ? ? ? ? : 2.168.192.in-addr.arpa
? Flags ? ? ? ? ? ? ? ? ? ? ? : DNS_RPC_ZONE_DSINTEGRATED
DNS_RPC_ZONE_UPDATE_SECURE?
? ZoneType ? ? ? ? ? ? ? ? ? ?: DNS_ZONE_TYPE_PRIMARY
? Version ? ? ? ? ? ? ? ? ? ? : 50
? dwDpFlags ? ? ? ? ? ? ? ? ? : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT
DNS_DP_ENLISTED?
? pszDpFqdn ? ? ? ? ? ? ? ? ? : DomainDnsZones.samdom.mycompany.net


? pszZoneName ? ? ? ? ? ? ? ? : 11.168.192.in-addr.arpa
? Flags ? ? ? ? ? ? ? ? ? ? ? : DNS_RPC_ZONE_DSINTEGRATED
DNS_RPC_ZONE_UPDATE_SECURE?
? ZoneType ? ? ? ? ? ? ? ? ? ?: DNS_ZONE_TYPE_PRIMARY
? Version ? ? ? ? ? ? ? ? ? ? : 50
? dwDpFlags ? ? ? ? ? ? ? ? ? : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT
DNS_DP_ENLISTED?
? pszDpFqdn ? ? ? ? ? ? ? ? ? : DomainDnsZones.samdom.mycompany.net


? pszZoneName ? ? ? ? ? ? ? ? : mycompany.loc
? Flags ? ? ? ? ? ? ? ? ? ? ? : DNS_RPC_ZONE_DSINTEGRATED
DNS_RPC_ZONE_UPDATE_SECURE?
? ZoneType ? ? ? ? ? ? ? ? ? ?: DNS_ZONE_TYPE_PRIMARY
? Version ? ? ? ? ? ? ? ? ? ? : 50
? dwDpFlags ? ? ? ? ? ? ? ? ? : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT
DNS_DP_ENLISTED?
? pszDpFqdn ? ? ? ? ? ? ? ? ? : DomainDnsZones.samdom.mycompany.net


? pszZoneName ? ? ? ? ? ? ? ? : samdom.mycompany.net
? Flags ? ? ? ? ? ? ? ? ? ? ? : DNS_RPC_ZONE_DSINTEGRATED
DNS_RPC_ZONE_UPDATE_SECURE?
? ZoneType ? ? ? ? ? ? ? ? ? ?: DNS_ZONE_TYPE_PRIMARY
? Version ? ? ? ? ? ? ? ? ? ? : 50
? dwDpFlags ? ? ? ? ? ? ? ? ? : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT
DNS_DP_ENLISTED?
? pszDpFqdn ? ? ? ? ? ? ? ? ? : DomainDnsZones.samdom.mycompany.net


? pszZoneName ? ? ? ? ? ? ? ? : 5.168.192.in-addr.arpa
? Flags ? ? ? ? ? ? ? ? ? ? ? : DNS_RPC_ZONE_DSINTEGRATED
DNS_RPC_ZONE_UPDATE_SECURE?
? ZoneType ? ? ? ? ? ? ? ? ? ?: DNS_ZONE_TYPE_PRIMARY
? Version ? ? ? ? ? ? ? ? ? ? : 50
? dwDpFlags ? ? ? ? ? ? ? ? ? : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT
DNS_DP_ENLISTED?
? pszDpFqdn ? ? ? ? ? ? ? ? ? : DomainDnsZones.samdom.mycompany.net


? pszZoneName ? ? ? ? ? ? ? ? : mycompany.net
? Flags ? ? ? ? ? ? ? ? ? ? ? : DNS_RPC_ZONE_DSINTEGRATED
DNS_RPC_ZONE_UPDATE_SECURE?
? ZoneType ? ? ? ? ? ? ? ? ? ?: DNS_ZONE_TYPE_PRIMARY
? Version ? ? ? ? ? ? ? ? ? ? : 50
? dwDpFlags ? ? ? ? ? ? ? ? ? : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT
DNS_DP_ENLISTED?
? pszDpFqdn ? ? ? ? ? ? ? ? ? : DomainDnsZones.samdom.mycompany.net


? pszZoneName ? ? ? ? ? ? ? ? : _msdcs.samdom.mycompany.net
? Flags ? ? ? ? ? ? ? ? ? ? ? : DNS_RPC_ZONE_DSINTEGRATED
DNS_RPC_ZONE_UPDATE_SECURE?
? ZoneType ? ? ? ? ? ? ? ? ? ?: DNS_ZONE_TYPE_PRIMARY
? Version ? ? ? ? ? ? ? ? ? ? : 50
? dwDpFlags ? ? ? ? ? ? ? ? ? : DNS_DP_AUTOCREATED DNS_DP_FOREST_DEFAULT
DNS_DP_ENLISTED?
? pszDpFqdn ? ? ? ? ? ? ? ? ? : ForestDnsZones.samdom.mycompany.net


Samba DNS zone list Automated check :?
zone : mycompany.com ok, no Bind flat-files found
-----------
zone : 7.168.192.in-addr.arpa ok, no Bind flat-files found
-----------
zone : 3.168.192.in-addr.arpa ok, no Bind flat-files found
-----------
zone : 2.168.192.in-addr.arpa ok, no Bind flat-files found
-----------
zone : 11.168.192.in-addr.arpa ok, no Bind flat-files found
-----------
zone : mycompany.loc ok, no Bind flat-files found
-----------
zone : samdom.mycompany.net ok, no Bind flat-files found
-----------
zone : 5.168.192.in-addr.arpa ok, no Bind flat-files found
-----------
zone : mycompany.net ok, no Bind flat-files found
-----------
zone : _msdcs.samdom.mycompany.net ok, no Bind flat-files found
-----------


Installed packages:
ii ?acl ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 2.2.52-3 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?
? ? amd64 ? ? ? ?Access control list utilities
ii ?attr ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?1:2.4.47-2 ? ? ? ? ? ? ? ? ? ? ? ? ? ?
? ? amd64 ? ? ? ?Utilities for manipulating filesystem extended attributes
hi ?bind9 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 1:9.10.3.dfsg.P4-8ubuntu1.12 ? ? ? ? ?
? ? amd64 ? ? ? ?Internet Domain Name Server
ii ?bind9-doc ? ? ? ? ? ? ? ? ? ? ? ? ? ? 1:9.10.3.dfsg.P4-8ubuntu1.14 ? ? ? ? ?
? ? all ? ? ? ? ?Documentation for BIND
ii ?bind9-host ? ? ? ? ? ? ? ? ? ? ? ? ? ?1:9.10.3.dfsg.P4-8ubuntu1.12 ? ? ? ? ?
? ? amd64 ? ? ? ?Version of 'host' bundled with BIND 9.X
ii ?bind9utils ? ? ? ? ? ? ? ? ? ? ? ? ? ?1:9.10.3.dfsg.P4-8ubuntu1.12 ? ? ? ? ?
? ? amd64 ? ? ? ?Utilities for BIND
ii ?krb5-config ? ? ? ? ? ? ? ? ? ? ? ? ? 2.3 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?
? ? ?all ? ? ? ? ?Configuration files for Kerberos Version 5
ii ?krb5-locales ? ? ? ? ? ? ? ? ? ? ? ? ?1.13.2+dfsg-5ubuntu2.1 ? ? ? ? ? ? ? ?
? ? all ? ? ? ? ?Internationalization support for MIT Kerberos
ii ?krb5-multidev ? ? ? ? ? ? ? ? ? ? ? ? 1.13.2+dfsg-5ubuntu2.1 ? ? ? ? ? ? ? ?
? ? amd64 ? ? ? ?Development files for MIT Kerberos without Heimdal conflict
ii ?krb5-user ? ? ? ? ? ? ? ? ? ? ? ? ? ? 1.13.2+dfsg-5ubuntu2.1 ? ? ? ? ? ? ? ?
? ? amd64 ? ? ? ?Basic programs to authenticate using MIT Kerberos
ii ?libacl1:amd64 ? ? ? ? ? ? ? ? ? ? ? ? 2.2.52-3 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?
? ? amd64 ? ? ? ?Access control list shared library
ii ?libacl1-dev ? ? ? ? ? ? ? ? ? ? ? ? ? 2.2.52-3 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?
? ? amd64 ? ? ? ?Access control list static libraries and headers
ii ?libattr1:amd64 ? ? ? ? ? ? ? ? ? ? ? ?1:2.4.47-2 ? ? ? ? ? ? ? ? ? ? ? ? ? ?
? ? amd64 ? ? ? ?Extended attribute shared library
ii ?libattr1-dev:amd64 ? ? ? ? ? ? ? ? ? ?1:2.4.47-2 ? ? ? ? ? ? ? ? ? ? ? ? ? ?
? ? amd64 ? ? ? ?Extended attribute static libraries and headers
ii ?libbind9-140:amd64 ? ? ? ? ? ? ? ? ? ?1:9.10.3.dfsg.P4-8ubuntu1.12 ? ? ? ? ?
? ? amd64 ? ? ? ?BIND9 Shared Library used by BIND
ii ?libgssapi-krb5-2:amd64 ? ? ? ? ? ? ? ?1.13.2+dfsg-5ubuntu2.1 ? ? ? ? ? ? ? ?
? ? amd64 ? ? ? ?MIT Kerberos runtime libraries - krb5 GSS-API Mechanism
ii ?libkrb5-26-heimdal:amd64 ? ? ? ? ? ? ?1.7~git20150920+dfsg-4ubuntu1.16.04.1
? ? ?amd64 ? ? ? ?Heimdal Kerberos - libraries
ii ?libkrb5-3:amd64 ? ? ? ? ? ? ? ? ? ? ? 1.13.2+dfsg-5ubuntu2.1 ? ? ? ? ? ? ? ?
? ? amd64 ? ? ? ?MIT Kerberos runtime libraries
ii ?libkrb5-dev ? ? ? ? ? ? ? ? ? ? ? ? ? 1.13.2+dfsg-5ubuntu2.1 ? ? ? ? ? ? ? ?
? ? amd64 ? ? ? ?Headers and development libraries for MIT Kerberos
ii ?libkrb5support0:amd64 ? ? ? ? ? ? ? ? 1.13.2+dfsg-5ubuntu2.1 ? ? ? ? ? ? ? ?
? ? amd64 ? ? ? ?MIT Kerberos runtime libraries - Support library


-----------


From: L.P.H. van Belle via samba <samba at lists.samba.org> 
To: "samba at lists.samba.org" <samba at lists.samba.org> 
Sent: 6/19/2019 1:48 AM 
Subject: Re: [Samba] DLZ Backend DNS Hosed 

Hai, 


For bind, please to add this for bind if you use bind_DLZ. 
How : systemctl edit bind9, or create the file manualy and run systemctl
daemon-reload after.
The edit command already does the reload. 

# /etc/systemd/system/bind9.service.d/override.conf 
[Service] 
ExecReload= 


But same for you. ?;-) as the other list message today. ([Samba] Reverse DNS) 
Can you run this for me on the DC's. 
https://raw.githubusercontent.com/thctlo/samba4/master/samba-collect-debug-info.sh
And post the output 

It tells me almost all i need to know to help you fix this. 

Greetz, 

Louis 
> -----Oorspronkelijk bericht----- 
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Matthew Delfino via samba 
> Verzonden: woensdag 19 juni 2019 5:00 
> Aan: samba at lists.samba.org 
> Onderwerp: [Samba] DLZ Backend DNS Hosed 
> 
> 
> Hello, 
> 
> 
> I'm in trouble here with what appears to be a total meltdown 
> of my DNS on my Domain Controllers. 
> 
> 
> I only have two DCs right now and I cannot resolve anything 
> on either of them. I am on Ubuntu 16.04 with a compiled 
> version of Samba 4.10.4. 
> 
> 
> I also have a compiled version of BIND 9.10.3-P4-Ubuntu <id:ebd72b3> 
> 
> 
> # service bind9 status 
> ??? bind9.service - BIND Domain Name Server 
> ? ?Loaded: loaded (/lib/systemd/system/bind9.service; 
> enabled; vendor preset: enabled) 
> ? Drop-In: /run/systemd/generator/bind9.service.d 
> ? ? ? ? ? ???????50-insserv.conf-$named.conf 
> ? ?Active: failed (Result: exit-code) since Tue 2019-06-18 
> 21:14:39 CDT; 27min ago 
> ? ? ?Docs: man:named(8) 
> ? Process: 28347 ExecStop=/usr/sbin/rndc stop (code=exited, 
> status=1/FAILURE) 
> ? Process: 28329 ExecStart=/usr/sbin/named -f $OPTIONS 
> (code=exited, status=1/FAILURE) 
> ?Main PID: 28329 (code=exited, status=1/FAILURE) 
> 
> 
> Jun 18 21:14:39 cordelia named[28329]: samba_dlz: starting configure 
> Jun 18 21:14:39 cordelia named[28329]: zone 
> mydomain.com/NONE: has no NS records 
> Jun 18 21:14:39 cordelia named[28329]: samba_dlz: Failed to 
> configure zone 'mydomain.com' 
> Jun 18 21:14:39 cordelia named[28329]: loading configuration: bad zone 
> Jun 18 21:14:39 cordelia named[28329]: exiting (due to fatal error) 
> Jun 18 21:14:39 cordelia systemd[1]: bind9.service: Main 
> process exited, code=exited, status=1/FAILURE 
> Jun 18 21:14:39 cordelia rndc[28347]: rndc: connect failed: 
> 127.0.0.1#953: connection refused 
> Jun 18 21:14:39 cordelia systemd[1]: bind9.service: Control 
> process exited, code=exited status=1 
> Jun 18 21:14:39 cordelia systemd[1]: bind9.service: Unit 
> entered failed state. 
> Jun 18 21:14:39 cordelia systemd[1]: bind9.service: Failed 
> with result 'exit-code'. 
> 
> 
> It appears that somehow I lost my NS records for one of my 
> zones. It seems that I cannot get BIND up long enough to edit 
> anything. 
> 
> 
> I've been able to delete my non-essential zones with samba-tool: 
> 
> 
> 
> ?# ?samba-tool dns zonedelete localhost mydomain.com 
> ?# ?samba-tool dns zonedelete localhost 7.168.192.in-addr.arpa 
> ?# ?samba-tool dns zonedelete localhost 3.168.192.in-addr.arpa 
> ?# ?samba-tool dns zonedelete localhost 2.168.192.in-addr.arpa 
> ?# ?samba-tool dns zonedelete localhost 11.168.192.in-addr.arpa 
> ?# ?samba-tool dns zonedelete localhost 5.168.192.in-addr.arpa 
> 
> 
> But now my error is "zone _msdcs.samdom.mydomain.net/NONE: 
> has no NS records" and I am real nervous to delete that zone. 
> 
> 
> Does anyone know what I can do to get my samba DC to have NS 
> records that my BIND DNS server will understand and therefore load? 
> 
> 
> 
> Thanks, 
> Matthew 
> 
> ? 2019 KNOCK, inc. All rights reserved. KNOCK is a registered 
> trademark of KNOCK, inc. This message and any attachments 
> contain information, which is confidential and/or privileged. 
> If you are not the intended recipient, please refrain from 
> any disclosure, copying, distribution or use of this 
> information. Please be aware that such actions are 
> prohibited. If you have received this transmission in error, 
> kindly notify the sender by e-mail. Your cooperation is appreciated. 
> -- 
> To unsubscribe from this list go to the following URL and read the 
> instructions: ?https://lists.samba.org/mailman/options/samba 
> 
> 

-- 
To unsubscribe from this list go to the following URL and read the 
instructions: ?https://lists.samba.org/mailman/options/samba 







??2019?KNOCK,?inc.?All?rights?reserved.?KNOCK?is?a?registered?trademark?of?KNOCK,?inc.?This?message?and?any?attachments?contain?information,?which?is?confidential?and/or?privileged.?If?you?are?not?the?intended?recipient,?please?refrain?from?any?disclosure,?copying,?distribution?or?use?of?this?information.?Please?be?aware?that?such?actions?are?prohibited.?If?you?have?received?this?transmission?in?error,?kindly?notify?the?sender?by?e-mail.?Your?cooperation?is?appreciated.