thr3ads.net - samba - [Samba] Fwd: Two DNS issues with samba [Jun 2024]

If this information is useful, please help other people find it:
Share via:

Ronny Preiss

2024-Jun-08 15:05 UTC

[Samba] Fwd: Two DNS issues with samba

Hi,

I have two problems with my 2 Samba AD-DC. I don't know if the two problems
are related.
Both domain controllers show the same error pattern for problem 1.The
second problem only occurs with the second domain controller.
The domain itself seems to work and be in order.
Does someone know where this comes from and how to solve it?

## Issue 1 ##
By doing my random log checking, I saw the following error in syslog on
both DC.
I've changed nothing the last couple of weeks.

My Environment:

2x Server Ubuntu 22.04.4 LTS with:
- Samba Version 4.19.0 AC-DC (Selfcompiled default values)

Samba version: 4.19.0
Build environment:
Paths:
   BINDIR: /usr/local/samba/bin
   SBINDIR: /usr/local/samba/sbin
   CONFIGFILE: /usr/local/samba/etc/smb.conf
   NCALRPCDIR: /usr/local/samba/var/run/ncalrpc
   LOGFILEBASE: /usr/local/samba/var
   LMHOSTSFILE: /usr/local/samba/etc/lmhosts
   DATADIR: /usr/local/samba/share
   MODULESDIR: /usr/local/samba/lib
   LOCKDIR: /usr/local/samba/var/lock
   STATEDIR: /usr/local/samba/var/locks
   CACHEDIR: /usr/local/samba/var/cache
   PIDDIR: /usr/local/samba/var/run
   PRIVATE_DIR: /usr/local/samba/private
   CODEPAGEDIR: /usr/local/samba/share/codepages
   SETUPDIR: /usr/local/samba/share/setup
   WINBINDD_SOCKET_DIR: /usr/local/samba/var/run/winbindd
   NTP_SIGND_SOCKET_DIR: /usr/local/samba/var/lib/ntp_signd


- DNS Backend Bind (BIND 9.18.18-0ubuntu0.22.04.2-Ubuntu)
- SysVol is  in sync with rsync

### ERROR ### /var/log/syslog
root at 01-dc01:~# tail -f /var/log/syslog
Jun  8 11:54:11 01-dc01 samba[931]: [2024/06/08 11:54:11.351034,  0]
../../lib/util/util_runcmd.c:355(samba_runcmd_io_handler)
Jun  8 11:54:11 01-dc01 samba[931]:
 /usr/local/samba/sbin/samba_dnsupdate: Traceback (most recent call last):
Jun  8 11:54:11 01-dc01 samba[931]: [2024/06/08 11:54:11.352082,  0]
../../lib/util/util_runcmd.c:355(samba_runcmd_io_handler)
Jun  8 11:54:11 01-dc01 samba[931]:
 /usr/local/samba/sbin/samba_dnsupdate:   File
"/usr/local/samba/sbin/samba_dnsupdate", line 883, in <module>
Jun  8 11:54:11 01-dc01 samba[931]: [2024/06/08 11:54:11.352119,  0]
../../lib/util/util_runcmd.c:355(samba_runcmd_io_handler)
Jun  8 11:54:11 01-dc01 samba[931]:
 /usr/local/samba/sbin/samba_dnsupdate:     creds = get_credentials(lp)
Jun  8 11:54:11 01-dc01 samba[931]: [2024/06/08 11:54:11.352132,  0]
../../lib/util/util_runcmd.c:355(samba_runcmd_io_handler)
Jun  8 11:54:11 01-dc01 samba[931]:
 /usr/local/samba/sbin/samba_dnsupdate:   File
"/usr/local/samba/sbin/samba_dnsupdate", line 184, in get_credentials
Jun  8 11:54:11 01-dc01 samba[931]: [2024/06/08 11:54:11.352144,  0]
../../lib/util/util_runcmd.c:355(samba_runcmd_io_handler)
Jun  8 11:54:11 01-dc01 samba[931]:
 /usr/local/samba/sbin/samba_dnsupdate:     get_krb5_rw_dns_server(creds,
sub_vars['DNSDOMAIN'] + '.')
Jun  8 11:54:11 01-dc01 samba[931]: [2024/06/08 11:54:11.352158,  0]
../../lib/util/util_runcmd.c:355(samba_runcmd_io_handler)
Jun  8 11:54:11 01-dc01 samba[931]:
 /usr/local/samba/sbin/samba_dnsupdate:   File
"/usr/local/samba/sbin/samba_dnsupdate", line 143, in
get_krb5_rw_dns_server
Jun  8 11:54:11 01-dc01 samba[931]: [2024/06/08 11:54:11.352203,  0]
../../lib/util/util_runcmd.c:355(samba_runcmd_io_handler)
Jun  8 11:54:11 01-dc01 samba[931]:
 /usr/local/samba/sbin/samba_dnsupdate:     rw_dns_servers
get_possible_rw_dns_server(creds, domain)
Jun  8 11:54:11 01-dc01 samba[931]: [2024/06/08 11:54:11.352239,  0]
../../lib/util/util_runcmd.c:355(samba_runcmd_io_handler)
Jun  8 11:54:11 01-dc01 samba[931]:
 /usr/local/samba/sbin/samba_dnsupdate:   File
"/usr/local/samba/sbin/samba_dnsupdate", line 122, in
get_possible_rw_dns_server
Jun  8 11:54:11 01-dc01 samba[931]: [2024/06/08 11:54:11.352253,  0]
../../lib/util/util_runcmd.c:355(samba_runcmd_io_handler)
Jun  8 11:54:11 01-dc01 samba[931]:
 /usr/local/samba/sbin/samba_dnsupdate:     ans_soa check_one_dns_name(domain,
'SOA')
Jun  8 11:54:11 01-dc01 samba[931]: [2024/06/08 11:54:11.352267,  0]
../../lib/util/util_runcmd.c:355(samba_runcmd_io_handler)
Jun  8 11:54:11 01-dc01 samba[931]:
 /usr/local/samba/sbin/samba_dnsupdate:   File
"/usr/local/samba/sbin/samba_dnsupdate", line 274, in
check_one_dns_name
Jun  8 11:54:11 01-dc01 samba[931]: [2024/06/08 11:54:11.352287,  0]
../../lib/util/util_runcmd.c:355(samba_runcmd_io_handler)
Jun  8 11:54:11 01-dc01 samba[931]:
 /usr/local/samba/sbin/samba_dnsupdate:     return resolver.resolve(name,
name_type)
Jun  8 11:54:11 01-dc01 samba[931]: [2024/06/08 11:54:11.352302,  0]
../../lib/util/util_runcmd.c:355(samba_runcmd_io_handler)
Jun  8 11:54:11 01-dc01 samba[931]:
 /usr/local/samba/sbin/samba_dnsupdate:   File
"/usr/lib/python3/dist-packages/dns/resolver.py", line 1202, in
resolve
Jun  8 11:54:11 01-dc01 samba[931]: [2024/06/08 11:54:11.352510,  0]
../../lib/util/util_runcmd.c:355(samba_runcmd_io_handler)
Jun  8 11:54:11 01-dc01 samba[931]:
 /usr/local/samba/sbin/samba_dnsupdate:     (answer, done)
resolution.query_result(response, None)
Jun  8 11:54:11 01-dc01 samba[931]: [2024/06/08 11:54:11.352551,  0]
../../lib/util/util_runcmd.c:355(samba_runcmd_io_handler)
Jun  8 11:54:11 01-dc01 samba[931]:
 /usr/local/samba/sbin/samba_dnsupdate:   File
"/usr/lib/python3/dist-packages/dns/resolver.py", line 674, in
query_result
Jun  8 11:54:11 01-dc01 samba[931]: [2024/06/08 11:54:11.352693,  0]
../../lib/util/util_runcmd.c:355(samba_runcmd_io_handler)
Jun  8 11:54:11 01-dc01 samba[931]:
 /usr/local/samba/sbin/samba_dnsupdate:     raise
NoAnswer(response=answer.response)
Jun  8 11:54:11 01-dc01 samba[931]: [2024/06/08 11:54:11.352783,  0]
../../lib/util/util_runcmd.c:355(samba_runcmd_io_handler)
Jun  8 11:54:11 01-dc01 samba[931]:
 /usr/local/samba/sbin/samba_dnsupdate: dns.resolver.NoAnswer: The DNS
response does not contain an answer to the question: intern.preiss.network.
IN SOA
Jun  8 11:54:11 01-dc01 samba[931]: [2024/06/08 11:54:11.383823,  0]
../../source4/dsdb/dns/dns_update.c:85(dnsupdate_nameupdate_done)
Jun  8 11:54:11 01-dc01 samba[931]:   dnsupdate_nameupdate_done: Failed DNS
update with exit code 1
###

Manual nslookup for the SOA entry works:

root at 01-dc01:~# nslookup -q=SOA intern.preiss.network 10.10.10.11
Server:         10.10.10.11
Address:        10.10.10.11#53

intern.preiss.network
        origin = 01-dc01.intern.preiss.network
        mail addr = hostmaster.intern.preiss.network
        serial = 1159
        refresh = 900
        retry = 600
        expire = 86400
        minimum = 3600

### Issue 2 ####

### ERROR ### /var/log/syslog
root at 01-dc02:~# tail -f /var/log/syslog
Jun  8 13:01:31 01-dc02 samba[996]: [2024/06/08 13:01:31.057443,  0]
../../source4/rpc_server/dn

 sserver/dcerpc_dnsserver.c:1076(dnsserver_query_zone)
Jun  8 13:01:31 01-dc02 samba[996]:   dnsserver: Invalid zone operation
IsSigned
Jun  8 13:01:31 01-dc02 samba[996]: [2024/06/08 13:01:31.060313,  0]
../../source4/rpc_server/dn

 sserver/dcerpc_dnsserver.c:1076(dnsserver_query_zone)
Jun  8 13:01:31 01-dc02 samba[996]:   dnsserver: Invalid zone operation
IsSigned
Jun  8 13:01:31 01-dc02 samba[996]: [2024/06/08 13:01:31.061385,  0]
../../source4/rpc_server/dn

 sserver/dcerpc_dnsserver.c:1076(dnsserver_query_zone)
Jun  8 13:01:31 01-dc02 samba[996]:   dnsserver: Invalid zone operation
IsSigned


Kind regards, Ronny

Rowland Penny

2024-Jun-08 16:36 UTC

head link

[Samba] Fwd: Two DNS issues with samba

On Sat, 8 Jun 2024 17:05:25 +0200
Ronny Preiss via samba <samba at lists.samba.org> wrote:
> Hi,
> 
> I have two problems with my 2 Samba AD-DC. I don't know if the two
> problems are related.
> Both domain controllers show the same error pattern for problem 1.The
> second problem only occurs with the second domain controller.
> The domain itself seems to work and be in order.
> Does someone know where this comes from and how to solve it?
> 
> ## Issue 1 ##
> By doing my random log checking, I saw the following error in syslog
> on both DC.
> I've changed nothing the last couple of weeks.
> 
> My Environment:
> 
> 2x Server Ubuntu 22.04.4 LTS with:
> - Samba Version 4.19.0 AC-DC (Selfcompiled default values)
No need to build Samba yourself, you can find packages here:

http://www.corpit.ru/mjt/packages/samba/

They are provided by the Debian Samba maintainer.
> 
> Samba version: 4.19.0
A bit 'old' the 4.19 branch is at 4.19.6

> 
> - DNS Backend Bind (BIND 9.18.18-0ubuntu0.22.04.2-Ubuntu)
> - SysVol is  in sync with rsync
> 
> ### ERROR ### /var/log/syslog
> root at 01-dc01:~# tail -f /var/log/syslog
> Jun  8 11:54:11 01-dc01 samba[931]: [2024/06/08 11:54:11.351034,  0]
> ../../lib/util/util_runcmd.c:355(samba_runcmd_io_handler)
> Jun  8 11:54:11 01-dc01 samba[931]:
>  /usr/local/samba/sbin/samba_dnsupdate: Traceback (most recent call
> last): Jun  8 11:54:11 01-dc01 samba[931]: [2024/06/08
> 11:54:11.352082,  0]
> ../../lib/util/util_runcmd.c:355(samba_runcmd_io_handler) Jun  8
> 11:54:11 01-dc01 samba[931]: /usr/local/samba/sbin/samba_dnsupdate:
> File "/usr/local/samba/sbin/samba_dnsupdate", line 883, in
<module>
> Jun  8 11:54:11 01-dc01 samba[931]: [2024/06/08 11:54:11.352119,  0]
> ../../lib/util/util_runcmd.c:355(samba_runcmd_io_handler)
> Jun  8 11:54:11 01-dc01 samba[931]:
>  /usr/local/samba/sbin/samba_dnsupdate:     creds > get_credentials(lp)
Jun  8 11:54:11 01-dc01 samba[931]: [2024/06/08
> 11:54:11.352132,  0]
> ../../lib/util/util_runcmd.c:355(samba_runcmd_io_handler) Jun  8
> 11:54:11 01-dc01 samba[931]: /usr/local/samba/sbin/samba_dnsupdate:
> File "/usr/local/samba/sbin/samba_dnsupdate", line 184, in
> get_credentials Jun  8 11:54:11 01-dc01 samba[931]: [2024/06/08
> 11:54:11.352144,  0]
> ../../lib/util/util_runcmd.c:355(samba_runcmd_io_handler) Jun  8
> 11:54:11 01-dc01 samba[931]: /usr/local/samba/sbin/samba_dnsupdate:
>   get_krb5_rw_dns_server(creds, sub_vars['DNSDOMAIN'] +
'.')
> Jun  8 11:54:11 01-dc01 samba[931]: [2024/06/08 11:54:11.352158,  0]
> ../../lib/util/util_runcmd.c:355(samba_runcmd_io_handler)
> Jun  8 11:54:11 01-dc01 samba[931]:
>  /usr/local/samba/sbin/samba_dnsupdate:   File
> "/usr/local/samba/sbin/samba_dnsupdate", line 143, in
> get_krb5_rw_dns_server Jun  8 11:54:11 01-dc01 samba[931]:
> [2024/06/08 11:54:11.352203,  0]
> ../../lib/util/util_runcmd.c:355(samba_runcmd_io_handler) Jun  8
> 11:54:11 01-dc01 samba[931]: /usr/local/samba/sbin/samba_dnsupdate:
>   rw_dns_servers = get_possible_rw_dns_server(creds, domain)
> Jun  8 11:54:11 01-dc01 samba[931]: [2024/06/08 11:54:11.352239,  0]
> ../../lib/util/util_runcmd.c:355(samba_runcmd_io_handler)
> Jun  8 11:54:11 01-dc01 samba[931]:
>  /usr/local/samba/sbin/samba_dnsupdate:   File
> "/usr/local/samba/sbin/samba_dnsupdate", line 122, in
> get_possible_rw_dns_server
> Jun  8 11:54:11 01-dc01 samba[931]: [2024/06/08 11:54:11.352253,  0]
> ../../lib/util/util_runcmd.c:355(samba_runcmd_io_handler)
> Jun  8 11:54:11 01-dc01 samba[931]:
>  /usr/local/samba/sbin/samba_dnsupdate:     ans_soa >
check_one_dns_name(domain, 'SOA')
> Jun  8 11:54:11 01-dc01 samba[931]: [2024/06/08 11:54:11.352267,  0]
> ../../lib/util/util_runcmd.c:355(samba_runcmd_io_handler)
> Jun  8 11:54:11 01-dc01 samba[931]:
>  /usr/local/samba/sbin/samba_dnsupdate:   File
> "/usr/local/samba/sbin/samba_dnsupdate", line 274, in
> check_one_dns_name Jun  8 11:54:11 01-dc01 samba[931]: [2024/06/08
> 11:54:11.352287,  0]
> ../../lib/util/util_runcmd.c:355(samba_runcmd_io_handler) Jun  8
> 11:54:11 01-dc01 samba[931]: /usr/local/samba/sbin/samba_dnsupdate:
>   return resolver.resolve(name, name_type)
> Jun  8 11:54:11 01-dc01 samba[931]: [2024/06/08 11:54:11.352302,  0]
> ../../lib/util/util_runcmd.c:355(samba_runcmd_io_handler)
> Jun  8 11:54:11 01-dc01 samba[931]:
>  /usr/local/samba/sbin/samba_dnsupdate:   File
> "/usr/lib/python3/dist-packages/dns/resolver.py", line 1202, in
> resolve Jun  8 11:54:11 01-dc01 samba[931]: [2024/06/08
> 11:54:11.352510,  0]
> ../../lib/util/util_runcmd.c:355(samba_runcmd_io_handler) Jun  8
> 11:54:11 01-dc01 samba[931]: /usr/local/samba/sbin/samba_dnsupdate:
>   (answer, done) = resolution.query_result(response, None)
> Jun  8 11:54:11 01-dc01 samba[931]: [2024/06/08 11:54:11.352551,  0]
> ../../lib/util/util_runcmd.c:355(samba_runcmd_io_handler)
> Jun  8 11:54:11 01-dc01 samba[931]:
>  /usr/local/samba/sbin/samba_dnsupdate:   File
> "/usr/lib/python3/dist-packages/dns/resolver.py", line 674, in
> query_result Jun  8 11:54:11 01-dc01 samba[931]: [2024/06/08
> 11:54:11.352693,  0]
> ../../lib/util/util_runcmd.c:355(samba_runcmd_io_handler) Jun  8
> 11:54:11 01-dc01 samba[931]: /usr/local/samba/sbin/samba_dnsupdate:
>   raise NoAnswer(response=answer.response)
> Jun  8 11:54:11 01-dc01 samba[931]: [2024/06/08 11:54:11.352783,  0]
> ../../lib/util/util_runcmd.c:355(samba_runcmd_io_handler)
> Jun  8 11:54:11 01-dc01 samba[931]:
>  /usr/local/samba/sbin/samba_dnsupdate: dns.resolver.NoAnswer: The DNS
> response does not contain an answer to the question:
> intern.preiss.network. IN SOA
> Jun  8 11:54:11 01-dc01 samba[931]: [2024/06/08 11:54:11.383823,  0]
> ../../source4/dsdb/dns/dns_update.c:85(dnsupdate_nameupdate_done)
> Jun  8 11:54:11 01-dc01 samba[931]:   dnsupdate_nameupdate_done:
> Failed DNS update with exit code 1
> ###
> 
> Manual nslookup for the SOA entry works:
> 
> root at 01-dc01:~# nslookup -q=SOA intern.preiss.network 10.10.10.11
> Server:         10.10.10.11
> Address:        10.10.10.11#53
> 
> intern.preiss.network
>         origin = 01-dc01.intern.preiss.network
>         mail addr = hostmaster.intern.preiss.network
>         serial = 1159
>         refresh = 900
>         retry = 600
>         expire = 86400
>         minimum = 3600
> 
> ### Issue 2 ####
> 
> ### ERROR ### /var/log/syslog
> root at 01-dc02:~# tail -f /var/log/syslog
> Jun  8 13:01:31 01-dc02 samba[996]: [2024/06/08 13:01:31.057443,  0]
> ../../source4/rpc_server/dn
> 
>  sserver/dcerpc_dnsserver.c:1076(dnsserver_query_zone)
> Jun  8 13:01:31 01-dc02 samba[996]:   dnsserver: Invalid zone
> operation IsSigned
> Jun  8 13:01:31 01-dc02 samba[996]: [2024/06/08 13:01:31.060313,  0]
> ../../source4/rpc_server/dn
> 
>  sserver/dcerpc_dnsserver.c:1076(dnsserver_query_zone)
> Jun  8 13:01:31 01-dc02 samba[996]:   dnsserver: Invalid zone
> operation IsSigned
> Jun  8 13:01:31 01-dc02 samba[996]: [2024/06/08 13:01:31.061385,  0]
> ../../source4/rpc_server/dn
> 
>  sserver/dcerpc_dnsserver.c:1076(dnsserver_query_zone)
> Jun  8 13:01:31 01-dc02 samba[996]:   dnsserver: Invalid zone
> operation IsSigned
> 
> 
> Kind regards, Ronny
Can you please post the contents of the following files

/etc/hostname
/etc/hosts
/etc/resolv.conf
/etc/bind/named.conf
/etc/bind/named.conf.options
/etc/bind/named.conf.local
/etc/bind/named.conf.default-zones

Rowland

Possibly Parallel Threads

Search for more possibly parallel threads

samba - Jun 2024 - Fwd: Two DNS issues with samba

[Samba] Fwd: Two DNS issues with samba

[Samba] Fwd: Two DNS issues with samba

Possibly Parallel Threads