And some more information about this strange effect apparently no-one has seen before. I now added the missing zone: samba-tool dns zonecreate verdandi 10.16.172.in-addr.arpa -U Administrator and it claims that the zone is okay, but the next one is missing: Dec 29 10:31:12 verdandi named[2601]: Loading 'ad.microsult.de' using driver dlopen Dec 29 10:31:12 verdandi named[2601]: samba_dlz: started for DN DC=ad,DC=microsult,DC=de Dec 29 10:31:12 verdandi named[2601]: samba_dlz: starting configure Dec 29 10:31:12 verdandi named[2601]: samba_dlz: configured writeable zone '10.16.172.in-addr.arpa.' Dec 29 10:31:12 verdandi named[2601]: zone 1.16.172.in-addr.arpa/NONE: has 0 SOA records Dec 29 10:31:12 verdandi named[2601]: zone 1.16.172.in-addr.arpa/NONE: has no NS records Dec 29 10:31:12 verdandi named[2601]: samba_dlz: Failed to configure zone '1.16.172.in-addr.arpa.' Dec 29 10:31:12 verdandi named[2601]: loading configuration: bad zone Dec 29 10:31:12 verdandi named[2601]: exiting (due to fatal error) Dec 29 10:31:12 verdandi named[2601]: samba_dlz: shutting down Okay, don't know why it wants it, but it ought to be helped in the same fashion: samba-tool dns zonecreate verdandi 1.16.172.in-addr.arpa -U Administrator And, expect more zones to pop up, but no: Dec 29 10:29:20 verdandi named[2522]: Loading 'ad.microsult.de' using driver dlopen Dec 29 10:29:20 verdandi named[2522]: samba_dlz: started for DN DC=ad,DC=microsult,DC=de Dec 29 10:29:20 verdandi named[2522]: samba_dlz: starting configure Dec 29 10:29:20 verdandi named[2522]: samba_dlz: configured writeable zone '10.16.172.in-addr.arpa.' Dec 29 10:29:20 verdandi named[2522]: samba_dlz: configured writeable zone '1.16.172.in-addr.arpa.' Dec 29 10:29:20 verdandi named[2522]: samba_dlz: Failed to configure zone '10.16.172.in-addr.arpa' Dec 29 10:29:20 verdandi named[2522]: loading configuration: already exists Dec 29 10:29:20 verdandi named[2522]: exiting (due to fatal error) Dec 29 10:29:20 verdandi named[2522]: samba_dlz: shutting down (and as you can see from the dates, this is repeatable) This becomes more and more confusing. Any ideas? Thanks, - lars. Am 24.12.2014 um 13:43 schrieb Lars Hanke:> I dug somewhat deeper into what is going on below and it seems even > stranger. The reverse zone without SOA or NS does not even exist: > > root at verdandi:~# samba-tool dns query localhost 10.16.172.in-addr.arpa @ > ALL -U Administrator > Password for [AD\Administrator]: > ERROR(runtime): uncaught exception - (9714, > 'WERR_DNS_ERROR_NAME_DOES_NOT_EXIST') > File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", > line 175, in _run > return self.run(*args, **kwargs) > File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line > 988, in run > None, record_type, select_flags, None, None) > > So if this zone does not exist, why does BIND_DLZ want to serve it? > > Thanks for your help and merry x-mas, > - lars. > > Am 22.12.2014 um 12:57 schrieb Lars Hanke: >> I just upgraded bind9 on my backup DC to 9.9.5-7-Debian and restarting >> the service failed: >> >> >> Dec 22 12:25:55 verdandi named[18534]: starting BIND 9.9.5-7-Debian -u >> bind -4 >> Dec 22 12:25:55 verdandi named[18534]: built with '--prefix=/usr' >> '--mandir=/usr/share/man' '--infodir=/usr/share/info' >> '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads' >> '--enable-largefile' '--with-libtool' '--enable-shared' >> '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' >> '--with-gnu-ld' '--with-geoip=/usr' '--with-atf=no' '--enable-ipv6' >> '--enable-rrl' '--enable-filter-aaaa' 'CFLAGS=-fno-strict-aliasing >> -fno-delete-null-pointer-checks -DDIG_SIGCHASE -O2' >> Dec 22 12:25:55 verdandi named[18534]: >> ---------------------------------------------------- >> Dec 22 12:25:55 verdandi named[18534]: BIND 9 is maintained by Internet >> Systems Consortium, >> Dec 22 12:25:55 verdandi named[18534]: Inc. (ISC), a non-profit >> 501(c)(3) public-benefit >> Dec 22 12:25:55 verdandi named[18534]: corporation. Support and >> training for BIND 9 are >> Dec 22 12:25:55 verdandi named[18534]: available at >> https://www.isc.org/support >> Dec 22 12:25:55 verdandi named[18534]: >> ---------------------------------------------------- >> Dec 22 12:25:55 verdandi named[18534]: adjusted limit on open files from >> 4096 to 1048576 >> Dec 22 12:25:55 verdandi named[18534]: found 4 CPUs, using 4 worker >> threads >> Dec 22 12:25:55 verdandi named[18534]: using 4 UDP listeners per >> interface >> Dec 22 12:25:55 verdandi named[18534]: using up to 4096 sockets >> Dec 22 12:25:55 verdandi named[18534]: loading configuration from >> '/etc/bind/named.conf' >> Dec 22 12:25:55 verdandi named[18534]: reading built-in trusted keys >> from file '/etc/bind/bind.keys' >> Dec 22 12:25:55 verdandi named[18534]: using default UDP/IPv4 port >> range: [1024, 65535] >> Dec 22 12:25:55 verdandi named[18534]: using default UDP/IPv6 port >> range: [1024, 65535] >> Dec 22 12:25:55 verdandi named[18534]: no IPv6 interfaces found >> Dec 22 12:25:55 verdandi named[18534]: listening on IPv4 interface lo, >> 127.0.0.1#53 >> Dec 22 12:25:55 verdandi named[18534]: listening on IPv4 interface eth0, >> 172.16.10.17#53 >> Dec 22 12:25:55 verdandi named[18534]: generating session key for >> dynamic DNS >> Dec 22 12:25:55 verdandi named[18534]: sizing zone task pool based on 22 >> zones >> Dec 22 12:25:55 verdandi named[18534]: Loading 'ad.microsult.de' using >> driver dlopen >> Dec 22 12:25:56 verdandi named[18534]: samba_dlz: started for DN >> DC=ad,DC=microsult,DC=de >> Dec 22 12:25:56 verdandi named[18534]: samba_dlz: starting configure >> Dec 22 12:25:56 verdandi named[18534]: zone 10.16.172.in-addr.arpa/NONE: >> has 0 SOA records >> Dec 22 12:25:56 verdandi named[18534]: zone 10.16.172.in-addr.arpa/NONE: >> has no NS records >> Dec 22 12:25:56 verdandi named[18534]: samba_dlz: Failed to configure >> zone '10.16.172.in-addr.arpa.' >> Dec 22 12:25:56 verdandi named[18534]: loading configuration: bad zone >> Dec 22 12:25:56 verdandi named[18534]: exiting (due to fatal error) >> Dec 22 12:25:56 verdandi named[18534]: samba_dlz: shutting down >> >> It used to run before the update, but a zone with SOA and NS entries is >> of course something strange. The failing zone was fresh, when it first >> started. In fact as viewed from the DC it may only have contained - and >> still contain - the secondary DC itself. >> >> Thanks for your help, >> - lars. >
On 29/12/14 09:40, Lars Hanke wrote:> And some more information about this strange effect apparently no-one > has seen before. > > I now added the missing zone: > > samba-tool dns zonecreate verdandi 10.16.172.in-addr.arpa -U > Administrator > > and it claims that the zone is okay, but the next one is missing: > > Dec 29 10:31:12 verdandi named[2601]: Loading 'ad.microsult.de' using > driver dlopen > Dec 29 10:31:12 verdandi named[2601]: samba_dlz: started for DN > DC=ad,DC=microsult,DC=de > Dec 29 10:31:12 verdandi named[2601]: samba_dlz: starting configure > Dec 29 10:31:12 verdandi named[2601]: samba_dlz: configured writeable > zone '10.16.172.in-addr.arpa.' > Dec 29 10:31:12 verdandi named[2601]: zone 1.16.172.in-addr.arpa/NONE: > has 0 SOA records > Dec 29 10:31:12 verdandi named[2601]: zone 1.16.172.in-addr.arpa/NONE: > has no NS records > Dec 29 10:31:12 verdandi named[2601]: samba_dlz: Failed to configure > zone '1.16.172.in-addr.arpa.' > Dec 29 10:31:12 verdandi named[2601]: loading configuration: bad zone > Dec 29 10:31:12 verdandi named[2601]: exiting (due to fatal error) > Dec 29 10:31:12 verdandi named[2601]: samba_dlz: shutting down > > Okay, don't know why it wants it, but it ought to be helped in the > same fashion: > > samba-tool dns zonecreate verdandi 1.16.172.in-addr.arpa -U Administrator > > And, expect more zones to pop up, but no: > > Dec 29 10:29:20 verdandi named[2522]: Loading 'ad.microsult.de' using > driver dlopen > Dec 29 10:29:20 verdandi named[2522]: samba_dlz: started for DN > DC=ad,DC=microsult,DC=de > Dec 29 10:29:20 verdandi named[2522]: samba_dlz: starting configure > Dec 29 10:29:20 verdandi named[2522]: samba_dlz: configured writeable > zone '10.16.172.in-addr.arpa.' > Dec 29 10:29:20 verdandi named[2522]: samba_dlz: configured writeable > zone '1.16.172.in-addr.arpa.' > Dec 29 10:29:20 verdandi named[2522]: samba_dlz: Failed to configure > zone '10.16.172.in-addr.arpa' > Dec 29 10:29:20 verdandi named[2522]: loading configuration: already > exists > Dec 29 10:29:20 verdandi named[2522]: exiting (due to fatal error) > Dec 29 10:29:20 verdandi named[2522]: samba_dlz: shutting down > > (and as you can see from the dates, this is repeatable) This becomes > more and more confusing. > > Any ideas? > > Thanks, > - lars. > > Am 24.12.2014 um 13:43 schrieb Lars Hanke: >> I dug somewhat deeper into what is going on below and it seems even >> stranger. The reverse zone without SOA or NS does not even exist: >> >> root at verdandi:~# samba-tool dns query localhost 10.16.172.in-addr.arpa @ >> ALL -U Administrator >> Password for [AD\Administrator]: >> ERROR(runtime): uncaught exception - (9714, >> 'WERR_DNS_ERROR_NAME_DOES_NOT_EXIST') >> File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", >> line 175, in _run >> return self.run(*args, **kwargs) >> File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line >> 988, in run >> None, record_type, select_flags, None, None) >> >> So if this zone does not exist, why does BIND_DLZ want to serve it? >> >> Thanks for your help and merry x-mas, >> - lars. >> >> Am 22.12.2014 um 12:57 schrieb Lars Hanke: >>> I just upgraded bind9 on my backup DC to 9.9.5-7-Debian and restarting >>> the service failed: >>> >>> >>> Dec 22 12:25:55 verdandi named[18534]: starting BIND 9.9.5-7-Debian -u >>> bind -4 >>> Dec 22 12:25:55 verdandi named[18534]: built with '--prefix=/usr' >>> '--mandir=/usr/share/man' '--infodir=/usr/share/info' >>> '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads' >>> '--enable-largefile' '--with-libtool' '--enable-shared' >>> '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' >>> '--with-gnu-ld' '--with-geoip=/usr' '--with-atf=no' '--enable-ipv6' >>> '--enable-rrl' '--enable-filter-aaaa' 'CFLAGS=-fno-strict-aliasing >>> -fno-delete-null-pointer-checks -DDIG_SIGCHASE -O2' >>> Dec 22 12:25:55 verdandi named[18534]: >>> ---------------------------------------------------- >>> Dec 22 12:25:55 verdandi named[18534]: BIND 9 is maintained by Internet >>> Systems Consortium, >>> Dec 22 12:25:55 verdandi named[18534]: Inc. (ISC), a non-profit >>> 501(c)(3) public-benefit >>> Dec 22 12:25:55 verdandi named[18534]: corporation. Support and >>> training for BIND 9 are >>> Dec 22 12:25:55 verdandi named[18534]: available at >>> https://www.isc.org/support >>> Dec 22 12:25:55 verdandi named[18534]: >>> ---------------------------------------------------- >>> Dec 22 12:25:55 verdandi named[18534]: adjusted limit on open files >>> from >>> 4096 to 1048576 >>> Dec 22 12:25:55 verdandi named[18534]: found 4 CPUs, using 4 worker >>> threads >>> Dec 22 12:25:55 verdandi named[18534]: using 4 UDP listeners per >>> interface >>> Dec 22 12:25:55 verdandi named[18534]: using up to 4096 sockets >>> Dec 22 12:25:55 verdandi named[18534]: loading configuration from >>> '/etc/bind/named.conf' >>> Dec 22 12:25:55 verdandi named[18534]: reading built-in trusted keys >>> from file '/etc/bind/bind.keys' >>> Dec 22 12:25:55 verdandi named[18534]: using default UDP/IPv4 port >>> range: [1024, 65535] >>> Dec 22 12:25:55 verdandi named[18534]: using default UDP/IPv6 port >>> range: [1024, 65535] >>> Dec 22 12:25:55 verdandi named[18534]: no IPv6 interfaces found >>> Dec 22 12:25:55 verdandi named[18534]: listening on IPv4 interface lo, >>> 127.0.0.1#53 >>> Dec 22 12:25:55 verdandi named[18534]: listening on IPv4 interface >>> eth0, >>> 172.16.10.17#53 >>> Dec 22 12:25:55 verdandi named[18534]: generating session key for >>> dynamic DNS >>> Dec 22 12:25:55 verdandi named[18534]: sizing zone task pool based >>> on 22 >>> zones >>> Dec 22 12:25:55 verdandi named[18534]: Loading 'ad.microsult.de' using >>> driver dlopen >>> Dec 22 12:25:56 verdandi named[18534]: samba_dlz: started for DN >>> DC=ad,DC=microsult,DC=de >>> Dec 22 12:25:56 verdandi named[18534]: samba_dlz: starting configure >>> Dec 22 12:25:56 verdandi named[18534]: zone >>> 10.16.172.in-addr.arpa/NONE: >>> has 0 SOA records >>> Dec 22 12:25:56 verdandi named[18534]: zone >>> 10.16.172.in-addr.arpa/NONE: >>> has no NS records >>> Dec 22 12:25:56 verdandi named[18534]: samba_dlz: Failed to configure >>> zone '10.16.172.in-addr.arpa.' >>> Dec 22 12:25:56 verdandi named[18534]: loading configuration: bad zone >>> Dec 22 12:25:56 verdandi named[18534]: exiting (due to fatal error) >>> Dec 22 12:25:56 verdandi named[18534]: samba_dlz: shutting down >>> >>> It used to run before the update, but a zone with SOA and NS entries is >>> of course something strange. The failing zone was fresh, when it first >>> started. In fact as viewed from the DC it may only have contained - and >>> still contain - the secondary DC itself. >>> >>> Thanks for your help, >>> - lars. >> >Hi, how have you setup bind ? can you post the bind conf files ? Rowland
Horst.venzke@remsnet.de , Horst Venzke ,Remsnet Consulting und Internet Services LTD, Niederlassung Deutschland
2014-Dec-29 16:15 UTC
[Samba] samba_dlz Failed to configure reverse zone
Hello , review bind9 options ...>> Dec 22 12:25:55 verdandi named[18534]: starting BIND 9.9.5-7-Debian -u >> bind -4 >> Dec 22 12:25:55 verdandi named[18534]: built with '--prefix=/usr' >> '--mandir=/usr/share/man' '--infodir=/usr/share/info' >> '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads' >> '--enable-largefile' '--with-libtool' '--enable-shared' >> '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' >> '--with-gnu-ld' '--with-geoip=/usr' '--with-atf=no' '--enable-ipv6' >> '--enable-rrl' '--enable-filter-aaaa' 'CFLAGS=-fno-strict-aliasing >> -fno-delete-null-pointer-checks -DDIG_SIGCHASE -O2' >> Dec 22 12:25:55 verdandi named[18534]:Due some currosity your Debian Bind seeems missing required Bind-dlz options, This Samba wiki explains it : https://wiki.samba.org/index.php/DNS, in exact words not compiled in required BIND-DLZ options : --with-dlopen=yes \ --with-dlz-bdb \ --with-dlz-ldap \ --with-dlz-filesystem=yes \ And here an HowTO for Debian to fix that : https://wiki.samba.org/index.php/DNS#Debian_.2F_Ubuntu_.2B_clones_-_Build_New_ISC_Bind_9.8_.2F_9.9_.2F_9.10 ( just updated for debian as well. ) Verify your Bind9 build options with "named -V" or "named-sdb -V": -- Mit freundlichen Gr??en / Best Regards Horst Venzke ; PGP NET : 1024G/082F2E6D ; http://www.remsnet.de Legal Notice: This transmittal and/or attachments may be privileged or confidential. It is intended solely for the addressee named above. Any review, dissemination, or copying is strictly prohibited. If you received this transmittal in error, please notify us immediately by reply and immediately delete this message and all its attachments. Thank you.