samba - Jan 2017 - Why is S4 attempting to execute rndc when using *INTERNAL* DNS?

My AD domain (SerNET S4 4.5.3) using S4's internal DNS, and always  
has.  So why is it now constantly logging an error of -

   [2017/01/13 12:53:00.152754,  0]  
../lib/util/util_runcmd.c:316(samba_runcmd_io_handler)
     /usr/sbin/rndc: Failed to exec child - No such file or directory

  - after attempting to add a 2008R2 DC.  I do not recall seeing this  
error previously [not prior to 4.5.3].

On Fri, 2017-01-13 at 13:07 -0500, Adam Tauno Williams via samba
wrote:
> My AD domain (SerNET S4 4.5.3) using S4's internal DNS, and always  
> has.  So why is it now constantly logging an error of -
> 
>    [2017/01/13 12:53:00.152754,  0]  
> ../lib/util/util_runcmd.c:316(samba_runcmd_io_handler)
>      /usr/sbin/rndc: Failed to exec child - No such file or directory
> 
>   - after attempting to add a 2008R2 DC.  I do not recall seeing
> this  
> error previously [not prior to 4.5.3].
I don't think this area has changed recently, but perhaps we now catch
the error better.  I agree, this is a bit silly - it is writing out a
config file for bind 9.7, ie before we had the DLZ code. 

The whole thing needs to be removed - those running bind9 with the
flatfile backend are unsupported anyway and probably don't want Samba
dynamically updating configuration entries - they want things locked
down.

A patch to remove rndc from source4/dsdb/dns_update.c would be
favourably considered.  My one concern is that this is accidentally
helping ensure new zones appear in BIND9 with DLZ by poking it every 60
seconds, when these are added over RPC.  That should be checked.

Thanks,

Andrew Bartlett

-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

On Sat, 2017-01-14 at 07:31 +1300, Andrew Bartlett
wrote:
> On Fri, 2017-01-13 at 13:07 -0500, Adam Tauno Williams via samba
> wrote:
> > My AD domain (SerNET S4 4.5.3) using S4's internal DNS, and always
> > has.  So why is it now constantly logging an error of -
> >    [2017/01/13 12:53:00.152754,  0]  
> > ../lib/util/util_runcmd.c:316(samba_runcmd_io_handler)
> >      /usr/sbin/rndc: Failed to exec child - No such file or
> > directory
> >   - after attempting to add a 2008R2 DC.  I do not recall seeing
> > this  error previously [not prior to 4.5.3].
> I don't think this area has changed recently, but perhaps we now 
> catch the error better.  I agree, this is a bit silly - it is writing 
> out a config file for bind 9.7, ie before we had the DLZ code.
> The whole thing needs to be removed - those running bind9 with the
> flatfile backend are unsupported anyway and probably don't want Samba
> dynamically updating configuration entries - they want things locked
> down.
But it should not prevent anything from working?