Hello Rawland,
Thanks fro your help !
I am investigating, but I noticed that these errors have disappeared from logs
in recent days on the latest new DC (Rocky Linux 8.9) which will soon replace
the primary DC "FSMO" (Centos 7.9).
But these errors remain on the 2 other DCs (rocky Linux 8.9) that I added a few
months ago to the domain to replace old DCs in Centos 7.9.
I manage to reproduce this same error from a Windows PC by modifying its network
configuration by pointing its DNS to the new DCs (Rocky Linux 8.9) instead of
recovering them by dhcp. Do you see a link with these errors that some DCs logs
every day at 00:00:00?
Best Regards,
__________________________
kamal Chikh Echioukh
________________________________
De : samba <samba-bounces at lists.samba.org> de la part de Rowland Penny
via samba <samba at lists.samba.org>
Envoy? : vendredi, 22 mars 2024 17:26
? : samba at lists.samba.org <samba at lists.samba.org>
Cc : Rowland Penny <rpenny at samba.org>
Objet : Re: [Samba] Samba errors everyday at 00:00:00
On Fri, 22 Mar 2024 15:33:19 +0000
Kamal Chikh echioukh <k_chikhechioukh at hotmail.com> wrote:
> Hello Rawland,
>
> Thank you for your reply.
>
> We manage other zones other than the ad zone. These zones are stored
> in our AD (ldap). To do this, we have set up the named-sdb service
> which listens on 127.0.0.2. Samba AD forwards all DNS requests that
> do not match the AD domain zone to named-sdb.
>
> The problem is that these log errors only occur at 00:00:00 every day.
>
>
It appears that 'something' is trying to add a SOA record to your AD
and failing, which is why you are getting the error message:
dns_server_process_query_got_auth: Failed to add SOA record:
WERR_DNS_ERROR_RCODE_FORMAT_ERROR
The code that is doing this is this:
werr2 = add_zone_authority_record(state->dns, state,
state->question, &state->nsrecs);
if (tevent_req_werror(req, werr2)) {
DBG_WARNING("Failed to add SOA record: %s\n",
win_errstr(werr2));
return;
}
Now 'WERR_DNS_ERROR_RCODE_FORMAT_ERROR' is Samba for
Windows 'DNS_ERROR_RCODE_FORMAT_ERROR', error code 9001 (0x00002329),
which is computer talk for 'DNS server unable to interpret format.'
You need to find out what the 'something' is, stop it from sending the
SOA update or fix it to send the correct format. Of course it could be
trying to add a SOA record to a different zone than the ones your AD DC
is authoritative for (the AD ones).
I personally would not run another dns server on a Samba DC (unless it
was Bind9 to replace the internal dns server), I would run any other
external dns server on a separate computer and forward to that.
Rowland
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba