samba - May 2021 - Reverse Lookup Zone Not Loaded by DNS Server

Hai Roy, 

If you change a line like this in systemd : > ExecReload=/usr/sbin/rndc
reload
You MUST be done like this. 

# First empty Variable. 
ExecReload# Set new value.
ExecReload=/usr/sbin/rndc restart

Safest way to create the override files is. : systemct edit bind9 
Why like that, that also runs systemctl daemon-reload for you. 

Just to be sure on that. 

I can recall i seen this also with some update last week, on the F5/refresh, 
but, a reboot fixed that for me. 

Hmm, verify the bind0 logs, check if bind9 is running fine. 
The output shown of the reverse zone  looks fine to me. 

journalctl -u bind9 
journalctl -u samba-ad-dc

You can also do/add this. 

systemctl edit samba-ad-dc
Part below makes sure samba is started after bind9 has started. 

# /etc/systemd/system/samba-ad-dc.service.d/override.conf
[Unit]
After=network.target network-online.target bind9.service


So, all i can think of atm, is add these suggestions i gave for the services. 
And reboot the server once more. 

If that didnt work, we need to up the debuglevels in smb.conf. 


Greetz, 

Louis
> -----Oorspronkelijk bericht-----
> Van: Roy Eastwood [mailto:spindles7 at gmail.com] 
> Verzonden: dinsdag 25 mei 2021 10:03
> Aan: 'L.P.H. van Belle'; samba at lists.samba.org
> Onderwerp: RE: [Samba] Reverse Lookup Zone Not Loaded by DNS Server
> 
> Hi Louis,
> Thanks for that, but there is no override folder or file in 
> /etc/systemd/system and /lib/system/system.bind9.service has the line:
> ExecReload=/usr/sbin/rndc reload
> 
> So I tried disabling reloading (by using systemctl edit 
> bind9.service and entering the first three lines below - 
> which created the folder and override.conf) but this did not help.
> 
> Any other suggestions?
> 
> Roy
> > -----Original Message-----
> > From: samba <samba-bounces at lists.samba.org> On Behalf Of 
> L.P.H. van Belle via samba
> > Sent: 25 May 2021 08:09
> > To: samba at lists.samba.org
> > Subject: Re: [Samba] Reverse Lookup Zone Not Loaded by DNS Server
> > 
> > Verify if this is set in bind9.
> > 
> > # /etc/systemd/system/bind9.service.d/override.conf
> > [Service]
> > # Disable reloading completely.
> > ExecReload> > # Or set it to restart
> > #ExecReload> > #ExecReload=/usr/sbin/rndc restart
> > 
> > systemctl daemon-reload
> > reboot server,.
> > 
> > Greetz,
> > 
> > Louis
> > 
> > 
> > > -----Oorspronkelijk bericht-----
> > > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Roy
> > > Eastwood via samba
> > > Verzonden: vrijdag 21 mei 2021 17:46
> > > Aan: samba at lists.samba.org
> > > Onderwerp: [Samba] Reverse Lookup Zone Not Loaded by DNS Server
> > >
> > > I have a samba AD domain based on two DCs running samba
> > > version 4.14.4 on Debian Buster.    The domain is using Bind
> > > DLZ.   When I
> > > open DNS Manager on a Windows domain client both the forward
> > > and reverse zones are shown, but if I press F5 and click 
> refresh the
> > > reverse zone shows a red X and the error: Zone Not Loaded by
> > > DNS Server.   The zone info looks normal:
> > >
> > > samba-tool dns zoneinfo tiger-db 2.168.192.in-addr.arpa -U roy
> > > Password for [MICROLYNX\roy]:
> > >   pszZoneName                 : 2.168.192.in-addr.arpa
> > >   dwZoneType                  : DNS_ZONE_TYPE_PRIMARY
> > >   fReverse                    : TRUE
> > >   fAllowUpdate                : DNS_ZONE_UPDATE_SECURE
> > >   fPaused                     : FALSE
> > >   fShutdown                   : FALSE
> > >   fAutoCreated                : FALSE
> > >   fUseDatabase                : TRUE
> > >   pszDataFile                 : None
> > >   aipMasters                  : []
> > >   fSecureSecondaries          : DNS_ZONE_SECSECURE_NO_XFER
> > >   fNotifyLevel                : DNS_ZONE_NOTIFY_LIST_ONLY
> > >   aipSecondaries              : []
> > >   aipNotify                   : []
> > >   fUseWins                    : FALSE
> > >   fUseNbstat                  : FALSE
> > >   fAging                      : FALSE
> > >   dwNoRefreshInterval         : 168
> > >   dwRefreshInterval           : 168
> > >   dwAvailForScavengeTime      : 0
> > >   aipScavengeServers          : []
> > >   dwRpcStructureVersion       : 0x2
> > >   dwForwarderTimeout          : 0
> > >   fForwarderSlave             : 0
> > >   aipLocalMasters             : []
> > >   dwDpFlags                   : DNS_DP_AUTOCREATED
> > > DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED
> > >   pszDpFqdn                   : DomainDnsZones.microlynx.org
> > >   pwszZoneDn                  :
> > > DC=2.168.192.in-addr.arpa,CN=MicrosoftDNS,DC=DomainDnsZones,DC
> > > =microlynx,DC=org
> > >   dwLastSuccessfulSoaCheck    : 0
> > >   dwLastSuccessfulXfr         : 0
> > >   fQueuedForBackgroundLoad    : FALSE
> > >   fBackgroundLoadInProgress   : FALSE
> > >   fReadOnlyZone               : FALSE
> > >   dwLastXfrAttempt            : 0
> > >   dwLastXfrResult             : 0
> > >
> > > Any idea how to debug this will be appreciated.
> > >
> > > Thanks
> > >
> > > Roy
> > >
> > >
> > > --
> > > To unsubscribe from this list go to the following URL and read
the
> > > instructions:  https://lists.samba.org/mailman/options/samba
> > >
> > >
> > 
> > 
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
> 
>

Hi Louis,

Thanks for your help as always!   See in-line responses below.
> -----Original Message-----
> From: samba <samba-bounces at lists.samba.org> On Behalf Of L.P.H.
van Belle via samba
> Sent: 25 May 2021 09:25
> To: samba at lists.samba.org
> Subject: Re: [Samba] Reverse Lookup Zone Not Loaded by DNS Server
> 
> Hai Roy,
> 
> If you change a line like this in systemd : > ExecReload=/usr/sbin/rndc
reload
> You MUST be done like this.
> 
> # First empty Variable.
> ExecReload> # Set new value.
> ExecReload=/usr/sbin/rndc restart
> 
> Safest way to create the override files is. : systemct edit bind9
> Why like that, that also runs systemctl daemon-reload for you.
> 
> Just to be sure on that.
> 
Yes, that's exactly how I did it.
> I can recall i seen this also with some update last week, on the
F5/refresh,
> but, a reboot fixed that for me.
> 
> Hmm, verify the bind0 logs, check if bind9 is running fine.
> The output shown of the reverse zone  looks fine to me.
> 
> journalctl -u bind9
> journalctl -u samba-ad-dc
> 
> You can also do/add this.
> 
> systemctl edit samba-ad-dc
> Part below makes sure samba is started after bind9 has started.
> 
> # /etc/systemd/system/samba-ad-dc.service.d/override.conf
> [Unit]
> After=network.target network-online.target bind9.service
> 
I've added this edit to the samba-ad-dc as suggested.
> 
> So, all i can think of atm, is add these suggestions i gave for the
services.
> And reboot the server once more.
> 
> If that didnt work, we need to up the debuglevels in smb.conf.
Rebooted and tried again, but still same error in Windows RSAT DNS Manager.   
In case it was particular to that workstation, used another Windows 10 member
workstation, but the result is the same.

Have increased the dns log level to 10 in smb.conf, but nothing is jumping out
to me, but then again I don't know what I'm looking for!
Here are some snippets from various log files:
https://gist.github.com/spindles7/1e812dc83eb61453f149e3d40962d6e2 after
restarting the services and opening DNS Manager and pressing F5.

Best regards,
Roy
> 
> 
> Greetz,
> 
> Louis