On 2016-11-04 12:07, Rowland Penny via samba wrote:> On Fri, 04 Nov 2016 11:49:16 -0500 > Bob of Donelson Trophy <bob at donelsontrophy.net> wrote: > > On 2016-11-04 11:31, Rowland Penny via samba wrote: > > <<<<< cut >>>>>>>> > > root at dtdc03:~# samba-tool dns zonelist dtdc03 > 3 zone(s) found > > pszZoneName : xxx.168.192.in-appr.arpa > Flags : DNS_RPC_ZONE_DSINTEGRATED > DNS_RPC_ZONE_UPDATE_SECURE > ZoneType : DNS_ZONE_TYPE_PRIMARY > Version : 50 > dwDpFlags : DNS_DP_AUTOCREATED > DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED > pszDpFqdn : DomainDnsZones.dtshrm.dt > > pszZoneName : dtshrm.dt > Flags : DNS_RPC_ZONE_DSINTEGRATED > DNS_RPC_ZONE_UPDATE_SECURE > ZoneType : DNS_ZONE_TYPE_PRIMARY > Version : 50 > dwDpFlags : DNS_DP_AUTOCREATED > DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED > pszDpFqdn : DomainDnsZones.dtshrm.dt > > pszZoneName : _msdcs.dtshrm.dt > Flags : DNS_RPC_ZONE_DSINTEGRATED > DNS_RPC_ZONE_UPDATE_SECURE > ZoneType : DNS_ZONE_TYPE_PRIMARY > Version : 50 > dwDpFlags : DNS_DP_AUTOCREATED > DNS_DP_FOREST_DEFAULT DNS_DP_ENLISTED > pszDpFqdn : ForestDnsZones.dtshrm.dt > > These three look correct, but I am not sure as I am not familiar > with this detail. > > If it matters, I have two DC's but neither will reversedns. > (Thought I had this working and discovered, yesterday that one DC > was not working properly. Went through my entire setup again, on > both DC's, last night and now cannot add reversedns to either DC.) > All other dns testing checks out. > > Basically I keep being told, though log files and other, that the > zone does not exist. > > At this point I am a little confused but, bottom line is I cannot > add any reversedns zones to resolve my nslookup xxx.xxx.xxx.xxx > failure issue to either DC. I am puzzled. > > What else would you like to see? log files? > OK, lets check if the record does exists, if I run this on a DC: > > ldbsearch --cross-ncs -H /usr/local/samba/private/sam.ldb -s sub > '(&(objectclass=dnsNode)(cn=180))' > > I get this: > > # record 1 > dn: > DC=180,DC=0.168.192.in-addr.arpa,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com > objectClass: top objectClass: dnsNode > instanceType: 4 > whenCreated: 20161020160412.0Z > uSNCreated: 44302 > showInAdvancedViewOnly: TRUE > name: 180 > objectGUID: 85c0aade-15c9-48a8-822e-5ec24df2dbf9 > objectCategory: > CN=Dns-Node,CN=Schema,CN=Configuration,DC=samdom,DC=example,DC =com > dc: 180 > whenChanged: 20161104144426.0Z > dnsRecord:: > IQAMAAXwAAAKAAAAAAAOEAAAAAAWnzcAHwQKZGV2c3RhdGlvbgZzYW1kb20HZXhhbX > BsZQNjb20A dNSTombstoned: FALSE > uSNChanged: 44985 > distinguishedName: > DC=180,DC=0.168.192.in-addr.arpa,CN=MicrosoftDNS,DC=DomainD > nsZones,DC=samdom,DC=example,DC=com > > So, adapt it for your setup and see if the record does exist in AD. > > RowlandAha!! 0 records . . . but, doesn't the "xxx.168.192.in-addr.arpa" represent the reverse zone? Okay, so 0 records, now? Are you actually using 'xxx.168.192.in-addr.arpa', I thought you were sanitizing your reverse zone (but why, I couldn't work out) Rowland No, I'm sanitizing just a little bit. What I am seeing is this search sees no reverse zone yet, a zonelist appears to have a reverse zone? Any "zonecreate" or "zonedelete" or attempts to add a PTR record fail in similar complaint like the query result posted. I have watched so many log files that they have become a blur and I am sure I have overlooked some detail. Any suggestion on my next step will be greatly appreciated. -- _______________________________ Bob Wooden of Donelson Trophy
On Fri, 04 Nov 2016 12:29:42 -0500 Bob of Donelson Trophy via samba <samba at lists.samba.org> wrote:> On 2016-11-04 12:07, Rowland Penny via samba wrote: > > > On Fri, 04 Nov 2016 11:49:16 -0500 > > Bob of Donelson Trophy <bob at donelsontrophy.net> wrote: > > > > On 2016-11-04 11:31, Rowland Penny via samba wrote: > > > > <<<<< cut >>>>>>>> > > > > root at dtdc03:~# samba-tool dns zonelist dtdc03 > > 3 zone(s) found > > > > pszZoneName : xxx.168.192.in-appr.arpa > > Flags : DNS_RPC_ZONE_DSINTEGRATED > > DNS_RPC_ZONE_UPDATE_SECURE > > ZoneType : DNS_ZONE_TYPE_PRIMARY > > Version : 50 > > dwDpFlags : DNS_DP_AUTOCREATED > > DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED > > pszDpFqdn : DomainDnsZones.dtshrm.dt > > > > pszZoneName : dtshrm.dt > > Flags : DNS_RPC_ZONE_DSINTEGRATED > > DNS_RPC_ZONE_UPDATE_SECURE > > ZoneType : DNS_ZONE_TYPE_PRIMARY > > Version : 50 > > dwDpFlags : DNS_DP_AUTOCREATED > > DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED > > pszDpFqdn : DomainDnsZones.dtshrm.dt > > > > pszZoneName : _msdcs.dtshrm.dt > > Flags : DNS_RPC_ZONE_DSINTEGRATED > > DNS_RPC_ZONE_UPDATE_SECURE > > ZoneType : DNS_ZONE_TYPE_PRIMARY > > Version : 50 > > dwDpFlags : DNS_DP_AUTOCREATED > > DNS_DP_FOREST_DEFAULT DNS_DP_ENLISTED > > pszDpFqdn : ForestDnsZones.dtshrm.dt > > > > These three look correct, but I am not sure as I am not familiar > > with this detail. > > > > If it matters, I have two DC's but neither will reversedns. > > (Thought I had this working and discovered, yesterday that one DC > > was not working properly. Went through my entire setup again, on > > both DC's, last night and now cannot add reversedns to either DC.) > > All other dns testing checks out. > > > > Basically I keep being told, though log files and other, that the > > zone does not exist. > > > > At this point I am a little confused but, bottom line is I cannot > > add any reversedns zones to resolve my nslookup xxx.xxx.xxx.xxx > > failure issue to either DC. I am puzzled. > > > > What else would you like to see? log files? > > OK, lets check if the record does exists, if I run this on a DC: > > > > ldbsearch --cross-ncs -H /usr/local/samba/private/sam.ldb -s sub > > '(&(objectclass=dnsNode)(cn=180))' > > > > I get this: > > > > # record 1 > > dn: > > DC=180,DC=0.168.192.in-addr.arpa,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com > > objectClass: top objectClass: dnsNode > > instanceType: 4 > > whenCreated: 20161020160412.0Z > > uSNCreated: 44302 > > showInAdvancedViewOnly: TRUE > > name: 180 > > objectGUID: 85c0aade-15c9-48a8-822e-5ec24df2dbf9 > > objectCategory: > > CN=Dns-Node,CN=Schema,CN=Configuration,DC=samdom,DC=example,DC =com > > dc: 180 > > whenChanged: 20161104144426.0Z > > dnsRecord:: > > IQAMAAXwAAAKAAAAAAAOEAAAAAAWnzcAHwQKZGV2c3RhdGlvbgZzYW1kb20HZXhhbX > > BsZQNjb20A dNSTombstoned: FALSE > > uSNChanged: 44985 > > distinguishedName: > > DC=180,DC=0.168.192.in-addr.arpa,CN=MicrosoftDNS,DC=DomainD > > nsZones,DC=samdom,DC=example,DC=com > > > > So, adapt it for your setup and see if the record does exist in AD. > > > > Rowland > > Aha!! 0 records . . . but, doesn't the "xxx.168.192.in-addr.arpa" > represent the reverse zone? > > Okay, so 0 records, now? > > Are you actually using 'xxx.168.192.in-addr.arpa', I thought you were > sanitizing your reverse zone (but why, I couldn't work out) > > Rowland > > No, I'm sanitizing just a little bit. > > What I am seeing is this search sees no reverse zone yet, a zonelist > appears to have a reverse zone? > > Any "zonecreate" or "zonedelete" or attempts to add a PTR record fail > in similar complaint like the query result posted. I have watched so > many log files that they have become a blur and I am sure I have > overlooked some detail. > > Any suggestion on my next step will be greatly appreciated. >I would start by running 'samba-tool dbcheck --cross-ncs --fix --yes' Rowland
On 2016-11-04 12:43, Rowland Penny via samba wrote:> On Fri, 04 Nov 2016 12:29:42 -0500 > Bob of Donelson Trophy via samba <samba at lists.samba.org> wrote: > > On 2016-11-04 12:07, Rowland Penny via samba wrote: > > On Fri, 04 Nov 2016 11:49:16 -0500 > Bob of Donelson Trophy <bob at donelsontrophy.net> wrote: > > On 2016-11-04 11:31, Rowland Penny via samba wrote: > > <<<<< cut >>>>>>>> > > root at dtdc03:~# samba-tool dns zonelist dtdc03 > 3 zone(s) found > > pszZoneName : xxx.168.192.in-appr.arpa > Flags : DNS_RPC_ZONE_DSINTEGRATED > DNS_RPC_ZONE_UPDATE_SECURE > ZoneType : DNS_ZONE_TYPE_PRIMARY > Version : 50 > dwDpFlags : DNS_DP_AUTOCREATED > DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED > pszDpFqdn : DomainDnsZones.dtshrm.dt > > pszZoneName : dtshrm.dt > Flags : DNS_RPC_ZONE_DSINTEGRATED > DNS_RPC_ZONE_UPDATE_SECURE > ZoneType : DNS_ZONE_TYPE_PRIMARY > Version : 50 > dwDpFlags : DNS_DP_AUTOCREATED > DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED > pszDpFqdn : DomainDnsZones.dtshrm.dt > > pszZoneName : _msdcs.dtshrm.dt > Flags : DNS_RPC_ZONE_DSINTEGRATED > DNS_RPC_ZONE_UPDATE_SECURE > ZoneType : DNS_ZONE_TYPE_PRIMARY > Version : 50 > dwDpFlags : DNS_DP_AUTOCREATED > DNS_DP_FOREST_DEFAULT DNS_DP_ENLISTED > pszDpFqdn : ForestDnsZones.dtshrm.dt > > These three look correct, but I am not sure as I am not familiar > with this detail. > > If it matters, I have two DC's but neither will reversedns. > (Thought I had this working and discovered, yesterday that one DC > was not working properly. Went through my entire setup again, on > both DC's, last night and now cannot add reversedns to either DC.) > All other dns testing checks out. > > Basically I keep being told, though log files and other, that the > zone does not exist. > > At this point I am a little confused but, bottom line is I cannot > add any reversedns zones to resolve my nslookup xxx.xxx.xxx.xxx > failure issue to either DC. I am puzzled. > > What else would you like to see? log files? > OK, lets check if the record does exists, if I run this on a DC: > > ldbsearch --cross-ncs -H /usr/local/samba/private/sam.ldb -s sub > '(&(objectclass=dnsNode)(cn=180))' > > I get this: > > # record 1 > dn: > DC=180,DC=0.168.192.in-addr.arpa,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com > objectClass: top objectClass: dnsNode > instanceType: 4 > whenCreated: 20161020160412.0Z > uSNCreated: 44302 > showInAdvancedViewOnly: TRUE > name: 180 > objectGUID: 85c0aade-15c9-48a8-822e-5ec24df2dbf9 > objectCategory: > CN=Dns-Node,CN=Schema,CN=Configuration,DC=samdom,DC=example,DC =com > dc: 180 > whenChanged: 20161104144426.0Z > dnsRecord:: > IQAMAAXwAAAKAAAAAAAOEAAAAAAWnzcAHwQKZGV2c3RhdGlvbgZzYW1kb20HZXhhbX > BsZQNjb20A dNSTombstoned: FALSE > uSNChanged: 44985 > distinguishedName: > DC=180,DC=0.168.192.in-addr.arpa,CN=MicrosoftDNS,DC=DomainD > nsZones,DC=samdom,DC=example,DC=com > > So, adapt it for your setup and see if the record does exist in AD. > > Rowland > Aha!! 0 records . . . but, doesn't the "xxx.168.192.in-addr.arpa" > represent the reverse zone? > > Okay, so 0 records, now? > > Are you actually using 'xxx.168.192.in-addr.arpa', I thought you were > sanitizing your reverse zone (but why, I couldn't work out) > > Rowland > > No, I'm sanitizing just a little bit. > > What I am seeing is this search sees no reverse zone yet, a zonelist > appears to have a reverse zone? > > Any "zonecreate" or "zonedelete" or attempts to add a PTR record fail > in similar complaint like the query result posted. I have watched so > many log files that they have become a blur and I am sure I have > overlooked some detail. > > Any suggestion on my next step will be greatly appreciated.I would start by running 'samba-tool dbcheck --cross-ncs --fix --yes' Rowland One DC returns 0 errors and the other DC returns 30 errors (that it appears to have corrected.) It is really late where you are and I will not get back to this for 4 or 5 hours. More, if needed, tomorrow. Have a good night. -- _______________________________ Bob Wooden of Donelson Trophy