samba - May 2021 - Reverse Lookup Zone Not Loaded by DNS Server

On 26 May 2021 20:02 Rowland penny wrote:
> Works for myself, so can you post your smb.conf and named.conf files
> 
> Rowland
Yes, here they are:
>From tiger-db (DC owning the FSMA roles)
=====================smb.conf:
# Global parameters
[global]
	netbios name = TIGER-DB
	realm = MICROLYNX.ORG
	server role = active directory domain controller
	server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd,
ntp_signd, kcc, dnsupdate
	workgroup = MICROLYNX
# prevent CUPS errors in syslog
	printcap name = /dev/null
	load printers = no

# add the following two lines for testing ? remove for production
#	winbind enum users = yes
#	winbind enum groups = yes
	
# allow clients to update their DNS records
	allow dns updates = nonsecure

# allow AD users to log on
	template shell = /bin/bash
	template homedir = /home/%D/%U
	
	winbind refresh tickets = yes

	log file = /var/log/samba/log.samba
	log level = 1 dns:10

[sysvol]
	path = /var/lib/samba/sysvol
	read only = No

[netlogon]
	path = /var/lib/samba/sysvol/microlynx.org/scripts
	read only = No
============ end smb.conf ==================named.conf:
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
=============end named.conf===============named/conf.options:
options {
	directory "/var/cache/bind";

	auth-nxdomain yes;
	notify no;
	empty-zones-enable no;

	allow-query { 127.0.0.1; 192.168.2.0/24; 192.168.10.0/24; 10.16.0.0/24; };
	allow-update { 127.0.0.1; 192.168.2.0/24; };
	allow-recursion { 127.0.0.1; 192.168.2.0/24; 192.168.10.0/24; 10.16.0.0/24; };
	allow-transfer { none; };

	listen-on port 53 { any; };
	listen-on-v6 port 53 { none; };

	forwarders {
		192.168.2.2;
	};

	// for updates to AD zone
	tkey-gssapi-keytab "/var/lib/samba/bind-dns/dns.keytab";
	minimal-responses yes;
};

# below added to aid debugging " Reverse Lookup Zone Not Loaded by DNS
Server"
logging {
    channel default_file {
        file "/var/log/named/default.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel general_file {
        file "/var/log/named/general.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel database_file {
        file "/var/log/named/database.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel security_file {
        file "/var/log/named/security.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel config_file {
        file "/var/log/named/config.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel resolver_file {
        file "/var/log/named/resolver.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel xfer-in_file {
        file "/var/log/named/xfer-in.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel xfer-out_file {
        file "/var/log/named/xfer-out.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel notify_file {
        file "/var/log/named/notify.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel client_file {
        file "/var/log/named/client.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel unmatched_file {
        file "/var/log/named/unmatched.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
#    channel queries_file {
#        file "/var/log/named/queries.log" versions 3 size 5m;
#        severity dynamic;
#        print-time yes;
#    };
    channel network_file {
        file "/var/log/named/network.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel update_file {
        file "/var/log/named/update.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel dispatch_file {
        file "/var/log/named/dispatch.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel dnssec_file {
        file "/var/log/named/dnssec.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel lame-servers_file {
        file "/var/log/named/lame-servers.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };

    category default { default_file; };
    category general { general_file; };
    category database { database_file; };
    category security { security_file; };
    category config { config_file; };
    category resolver { resolver_file; };
    category xfer-in { xfer-in_file; };
    category xfer-out { xfer-out_file; };
    category notify { notify_file; };
    category client { client_file; };
    category unmatched { unmatched_file; };
#    category queries { queries_file; };
    category network { network_file; };
    category update { update_file; };
    category dispatch { dispatch_file; };
    category dnssec { dnssec_file; };
    category lame-servers { lame-servers_file; };
};
===========end named.conf.options================named.conf.local:
# self-compiled version: include
"/usr/local/samba/bind-dns/named.conf";
include "/var/lib/samba/bind-dns/named.conf";
===========end named.conf.local==================
Thanks.
Roy

On 26/05/2021 22:20, Roy Eastwood via samba wrote:
>
> Yes, here they are:
>  From tiger-db (DC owning the FSMA roles)

OK, from reading the logs you posted at the start, you haven't turned of 
IPv6, do you use it ?

'running as: named -u bind' should be 'running as: named -u bind
-4' if
you don''t want IPv6

You do not seem to be using 'eth0' (or similar):

May 26 17:20:23 tiger-db named[10639]: listening on IPv4 interface lo, 
127.0.0.1#53
May 26 17:20:23 tiger-db named[10639]: listening on IPv4 interface br0, 
192.168.2.240#53

You also seem to have extra zones, so could you post the contents of 
'/etc/bind/named.conf.default-zones'

Rowland