Samba 4.0.0, CentOS 6.4, bind 9.9 DLZ.
I could use some help debugging a strange DNS issue. I have two Samba4
domain controllers, dc-1.europa.icse.cornell.edu and
dc-2.europa.icse.cornell.edu. On either dc-1 or dc-2 or any client host:
# host dc-1.europa.icse.cornell.edu dc-2
dc-1.europa.icse.cornell.edu has address 192.168.15.250
dc-1.europa.icse.cornell.edu has address 192.168.3.250
dc-1.europa.icse.cornell.edu has address 192.168.7.250
which is correct. But:
# host dc-1.europa.icse.cornell.edu dc-1
dc-1.europa.icse.cornell.edu has address 192.168.7.241
dc-1.europa.icse.cornell.edu has address 192.168.3.250
dc-1.europa.icse.cornell.edu has address 192.168.7.250
dc-1.europa.icse.cornell.edu has address 192.168.15.250
dc-1.europa.icse.cornell.edu has address 192.168.15.241
dc-1.europa.icse.cornell.edu has address 192.168.3.241
The results for looking up dc-2 are correct on all client hosts. The
results for looking up dc-1 are incorrect on all client hosts.
The three IP addresses ending in .241 are phantoms; there has never been a
host or hosts on the network with these IP addresses. These suddenly
started showing up at about 11:00 this morning. I cannot work out where
the extra three IP's are coming from; they are not in any of my zone
tables, forward or reverse, and a DNS query using samba-tool does not show
them either:
dc-1# samba-tool dns query dc-1 europa.icse.cornell.edu dc-1 A
Name=, Records=3, Children=0
A: 192.168.3.250 (flags=f0, serial=1, ttl=900)
A: 192.168.7.250 (flags=f0, serial=2, ttl=900)
A: 192.168.15.250 (flags=f0, serial=17, ttl=900)
If I comment out Samba's private/named.conf from the bind configuration
and restart bind, the results are now correct, showing that it is coming
from samba somewhere. Rebooting dc-1 or restarting samba does not help.
Needless to say, this is causing havoc, and is an emergency situation.
Someone hit me with the clue stick; I need to find out where these are
coming from!
Steve