On Mon, 6 Nov 2017 11:39:50 +0100 (CET) Maxence SARTIAUX via samba <samba at lists.samba.org> wrote:> Hello. > > To follow-up this issue, since the upgrade, when i do a named reload > it crash, look like there's duplicated zones. > > Here's the log when i trigger a reload > > > nov 05 03:09:02 data.contoso.com named[2807]: received control > channel command 'reload' nov 05 03:09:02 data.contoso.com > named[2807]: loading configuration from '/etc/named.conf' nov 05 > 03:09:02 data.contoso.com named[2807]: reading built-in trusted keys > from file '/etc/named.iscdlv.key' nov 05 03:09:02 data.contoso.com > named[2807]: initializing GeoIP Country (IPv4) (type 1) DB nov 05 > 03:09:02 data.contoso.com named[2807]: GEO-106FREE 20160607 Build 1 > Copyright (c) 2016 MaxMind nov 05 03:09:02 data.contoso.com > named[2807]: initializing GeoIP Country (IPv6) (type 12) DB nov 05 > 03:09:02 data.contoso.com named[2807]: GEO-106FREE 20160607 Build 1 > Copy nov 05 03:09:02 data.contoso.com named[2807]: GeoIP City (IPv4) > (type 2) DB not available nov 05 03:09:02 data.contoso.com > named[2807]: GeoIP City (IPv4) (type 6) DB not available nov 05 > 03:09:02 data.contoso.com named[2807]: GeoIP City (IPv6) (type 30) DB > not available nov 05 03:09:02 data.contoso.com named[2807]: GeoIP > City (IPv6) (type 31) DB not available nov 05 03:09:02 > data.contoso.com named[2807]: GeoIP Region (type 3) DB not available > nov 05 03:09:02 data.contoso.com named[2807]: GeoIP Region (type 7) > DB not available nov 05 03:09:02 data.contoso.com named[2807]: GeoIP > ISP (type 4) DB not available nov 05 03:09:02 data.contoso.com > named[2807]: GeoIP Org (type 5) DB not available nov 05 03:09:02 > data.contoso.com named[2807]: GeoIP AS (type 9) DB not available nov > 05 03:09:02 data.contoso.com named[2807]: GeoIP Domain (type 11) DB > not available nov 05 03:09:02 data.contoso.com named[2807]: GeoIP > NetSpeed (type 10) DB not available nov 05 03:09:02 data.contoso.com > named[2807]: using default UDP/IPv4 port range: [1024, 65535] nov 05 > 03:09:02 data.contoso.com named[2807]: using default UDP/IPv6 port > range: [1024, 65535] nov 05 03:09:02 data.contoso.com named[2807]: > sizing zone task pool based on 6 zones nov 05 03:09:02 > data.contoso.com named[2807]: Loading 'AD DNS Zone' using driver > dlopen nov 05 03:09:02 data.contoso.com named[2807]: samba_dlz: > starting configure nov 05 03:09:02 data.contoso.com named[2807]: > samba_dlz: Ignoring duplicate zone 'ratchet.com' from > 'DC=@,DC=ratchet.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=contoso,DC=com' > nov 05 03:09:02 data.contoso.com named[2807]: samba_dlz: Ignoring > duplicate zone '17.172.in-addr.arpa' from > 'DC=@,DC=17.172.in-addr.arpa,CN=MicrosoftDNS,DC=DomainDnsZones,DC=contoso,DC=com' > nov 05 03:09:02 data.contoso.com named[2807]: samba_dlz: Ignoring > duplicate zone 'johndoe.com' from > 'DC=@,DC=johndoe.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=contoso,DC=com' > nov 05 03:09:02 data.contoso.com named[2807]: samba_dlz: Ignoring > duplicate zone 'contoso.com' from > 'DC=@,DC=contoso.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=contoso,DC=com' > nov 05 03:09:02 data.contoso.com named[2807]: samba_dlz: Ignoring > duplicate zone '_msdcs.contoso.com' from > 'DC=@,DC=_msdcs.contoso.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=contoso,DC=com' > nov 05 03:09:02 data.contoso.com named[2807]: using built-in DLV key > for view _default nov 05 03:09:02 data.contoso.com named[2807]: > automatic empty zone: 10.IN-ADDR.ARPA nov 05 03:09:02 > data.contoso.com named[2807]: automatic empty zone: > 16.172.IN-ADDR.ARPA .... nov 05 03:09:02 data.contoso.com > named[2807]: automatic empty zone: 110.100.IN-ADDR.ARPA nov 05 > 03:09:02 data.contoso.com systemd[1]: named.service: main process > exited, code=killed, status=6/ABRT nov 05 03:09:02 data.contoso.com > sh[24531]: kill: échec de changement de d'envoi de signal vers 2807: > Aucun processus de ce type nov 05 03:09:02 data.contoso.com > systemd[1]: named.service: control process exited, code=exited > status=1 nov 05 03:09:02 data.contoso.com sh[24537]: Utilisation : > nov 05 03:09:02 data.contoso.com sh[24537]: kill [options] <pid|nom> > [...] nov 05 03:09:02 data.contoso.com sh[24537]: Options : nov 05 > 03:09:02 data.contoso.com sh[24537]: -a, --all ne pas > restreindre la conversion de nom en PID aux nov 05 03:09:02 > data.contoso.com sh[24537]: processus avec le même UID que le > processus actuel nov 05 03:09:02 data.contoso.com sh[24537]: -s, > --signal <sig> envoyer le signal indiqué nov 05 03:09:02 > data.contoso.com sh[24537]: -q, --queue <sig> utiliser > sigqueue(2) au lieu de kill(2) nov 05 03:09:02 data.contoso.com > sh[24537]: -p, --pid afficher les PID sans leur envoyer > de signal nov 05 03:09:02 data.contoso.com sh[24537]: -l, --list > [=<signal>] afficher les noms de signal, ou en convertir un en nom > nov 05 03:09:02 data.contoso.com sh[24537]: -L, --table > afficher les noms et numéros de signal nov 05 03:09:02 > data.contoso.com sh[24537]: -h, --help afficher cette aide et > quitter nov 05 03:09:02 data.contoso.com sh[24537]: -V, --version > afficher les informations de version et quitter nov 05 03:09:02 > data.contoso.com sh[24537]: Consultez kill(1) pour obtenir des > précisions complémentaires. nov 05 03:09:02 data.contoso.com > systemd[1]: named.service: control process exited, code=exited > status=1 nov 05 03:09:02 data.contoso.com systemd[1]: Reload failed > for Berkeley Internet Name Domain (DNS). nov 05 03:09:02 > data.contoso.com systemd[1]: Unit named.service entered failed state. > nov 05 03:09:02 data.contoso.com systemd[1]: named.service failed. > > > > Is it related to Samba after the same bug ? > > If i remove the samba dlz part in the named config, it's fine. > > Thanks :) > > > > ----- Mail original ----- > De: "Denis Cardon" <dcardon at tranquil.it> > À: "Maxence Sartiaux" <msartiaux at it-optics.com>, "Andrew Bartlett" > <abartlet at samba.org> Cc: samba at lists.samba.org > Envoyé: Vendredi 3 Novembre 2017 11:02:18 > Objet: Re: [Samba] corrupted db after upgrading to 4.7 > > Hi Maxence, > > > Fyi, i've updated to 4.7.1, the dbcheck still not fix the broken > > links, is the fix you talk about planned for a future release ? > > > > Our customer reported me, some users have issues when their logon > > server is DC1 but not when it's DC2. > > > > On DC1 some users have access to all shares, some doesn't have any > > access at all. > > actually this last symptom was the one that got us to hack quickly a > solution for the issue with orphaned backlink attribute 'memberOf'. > You'll probably have to do some cleanup as I pointed out in my last > mail. > > The bugzilla entry [1] you mentioned and corresponding patch prevents > the problem from happening, but I don't think it fixes it. > > Cheers, > > Denis > > [1] https://bugzilla.samba.org/show_bug.cgi?id=13095 > > > > > > > > > On 11/02/2017 04:38 PM, Andrew Bartlett wrote: > >> On Thu, 2017-11-02 at 16:19 +0100, Maxence Sartiaux via samba > >> wrote: > >>> > >> No worries. > >> > >> Andrew Bartlett > >> > > >Can you post your named conf files. Rowland
options { listen-on port 53 { 127.0.0.1; 172.17.2.187; }; //listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { localhost; 172.17.0.0/16; }; allow-transfer { localhost; 172.17.2.188; 172.17.1.188; }; forwarders { 195.238.2.21; 195.238.2.22; }; tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab"; recursion yes; dnssec-enable yes; dnssec-validation no; dnssec-lookaside auto; /* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; pid-file "/run/named/named.pid"; session-keyfile "/run/named/session.key"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key"; include "/var/lib/samba/private/named.conf"; ----- Mail original ----- De: "Rowland Penny" <rpenny at samba.org> À: "samba" <samba at lists.samba.org> Cc: "Maxence SARTIAUX" <msartiaux at it-optics.com> Envoyé: Lundi 6 Novembre 2017 11:51:02 Objet: Re: [Samba] corrupted db after upgrading to 4.7 On Mon, 6 Nov 2017 11:39:50 +0100 (CET) Maxence SARTIAUX via samba <samba at lists.samba.org> wrote:> Hello. > > To follow-up this issue, since the upgrade, when i do a named reload > it crash, look like there's duplicated zones. > > Here's the log when i trigger a reload > > > nov 05 03:09:02 data.contoso.com named[2807]: received control > channel command 'reload' nov 05 03:09:02 data.contoso.com > named[2807]: loading configuration from '/etc/named.conf' nov 05 > 03:09:02 data.contoso.com named[2807]: reading built-in trusted keys > from file '/etc/named.iscdlv.key' nov 05 03:09:02 data.contoso.com > named[2807]: initializing GeoIP Country (IPv4) (type 1) DB nov 05 > 03:09:02 data.contoso.com named[2807]: GEO-106FREE 20160607 Build 1 > Copyright (c) 2016 MaxMind nov 05 03:09:02 data.contoso.com > named[2807]: initializing GeoIP Country (IPv6) (type 12) DB nov 05 > 03:09:02 data.contoso.com named[2807]: GEO-106FREE 20160607 Build 1 > Copy nov 05 03:09:02 data.contoso.com named[2807]: GeoIP City (IPv4) > (type 2) DB not available nov 05 03:09:02 data.contoso.com > named[2807]: GeoIP City (IPv4) (type 6) DB not available nov 05 > 03:09:02 data.contoso.com named[2807]: GeoIP City (IPv6) (type 30) DB > not available nov 05 03:09:02 data.contoso.com named[2807]: GeoIP > City (IPv6) (type 31) DB not available nov 05 03:09:02 > data.contoso.com named[2807]: GeoIP Region (type 3) DB not available > nov 05 03:09:02 data.contoso.com named[2807]: GeoIP Region (type 7) > DB not available nov 05 03:09:02 data.contoso.com named[2807]: GeoIP > ISP (type 4) DB not available nov 05 03:09:02 data.contoso.com > named[2807]: GeoIP Org (type 5) DB not available nov 05 03:09:02 > data.contoso.com named[2807]: GeoIP AS (type 9) DB not available nov > 05 03:09:02 data.contoso.com named[2807]: GeoIP Domain (type 11) DB > not available nov 05 03:09:02 data.contoso.com named[2807]: GeoIP > NetSpeed (type 10) DB not available nov 05 03:09:02 data.contoso.com > named[2807]: using default UDP/IPv4 port range: [1024, 65535] nov 05 > 03:09:02 data.contoso.com named[2807]: using default UDP/IPv6 port > range: [1024, 65535] nov 05 03:09:02 data.contoso.com named[2807]: > sizing zone task pool based on 6 zones nov 05 03:09:02 > data.contoso.com named[2807]: Loading 'AD DNS Zone' using driver > dlopen nov 05 03:09:02 data.contoso.com named[2807]: samba_dlz: > starting configure nov 05 03:09:02 data.contoso.com named[2807]: > samba_dlz: Ignoring duplicate zone 'ratchet.com' from > 'DC=@,DC=ratchet.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=contoso,DC=com' > nov 05 03:09:02 data.contoso.com named[2807]: samba_dlz: Ignoring > duplicate zone '17.172.in-addr.arpa' from > 'DC=@,DC=17.172.in-addr.arpa,CN=MicrosoftDNS,DC=DomainDnsZones,DC=contoso,DC=com' > nov 05 03:09:02 data.contoso.com named[2807]: samba_dlz: Ignoring > duplicate zone 'johndoe.com' from > 'DC=@,DC=johndoe.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=contoso,DC=com' > nov 05 03:09:02 data.contoso.com named[2807]: samba_dlz: Ignoring > duplicate zone 'contoso.com' from > 'DC=@,DC=contoso.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=contoso,DC=com' > nov 05 03:09:02 data.contoso.com named[2807]: samba_dlz: Ignoring > duplicate zone '_msdcs.contoso.com' from > 'DC=@,DC=_msdcs.contoso.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=contoso,DC=com' > nov 05 03:09:02 data.contoso.com named[2807]: using built-in DLV key > for view _default nov 05 03:09:02 data.contoso.com named[2807]: > automatic empty zone: 10.IN-ADDR.ARPA nov 05 03:09:02 > data.contoso.com named[2807]: automatic empty zone: > 16.172.IN-ADDR.ARPA .... nov 05 03:09:02 data.contoso.com > named[2807]: automatic empty zone: 110.100.IN-ADDR.ARPA nov 05 > 03:09:02 data.contoso.com systemd[1]: named.service: main process > exited, code=killed, status=6/ABRT nov 05 03:09:02 data.contoso.com > sh[24531]: kill: échec de changement de d'envoi de signal vers 2807: > Aucun processus de ce type nov 05 03:09:02 data.contoso.com > systemd[1]: named.service: control process exited, code=exited > status=1 nov 05 03:09:02 data.contoso.com sh[24537]: Utilisation : > nov 05 03:09:02 data.contoso.com sh[24537]: kill [options] <pid|nom> > [...] nov 05 03:09:02 data.contoso.com sh[24537]: Options : nov 05 > 03:09:02 data.contoso.com sh[24537]: -a, --all ne pas > restreindre la conversion de nom en PID aux nov 05 03:09:02 > data.contoso.com sh[24537]: processus avec le même UID que le > processus actuel nov 05 03:09:02 data.contoso.com sh[24537]: -s, > --signal <sig> envoyer le signal indiqué nov 05 03:09:02 > data.contoso.com sh[24537]: -q, --queue <sig> utiliser > sigqueue(2) au lieu de kill(2) nov 05 03:09:02 data.contoso.com > sh[24537]: -p, --pid afficher les PID sans leur envoyer > de signal nov 05 03:09:02 data.contoso.com sh[24537]: -l, --list > [=<signal>] afficher les noms de signal, ou en convertir un en nom > nov 05 03:09:02 data.contoso.com sh[24537]: -L, --table > afficher les noms et numéros de signal nov 05 03:09:02 > data.contoso.com sh[24537]: -h, --help afficher cette aide et > quitter nov 05 03:09:02 data.contoso.com sh[24537]: -V, --version > afficher les informations de version et quitter nov 05 03:09:02 > data.contoso.com sh[24537]: Consultez kill(1) pour obtenir des > précisions complémentaires. nov 05 03:09:02 data.contoso.com > systemd[1]: named.service: control process exited, code=exited > status=1 nov 05 03:09:02 data.contoso.com systemd[1]: Reload failed > for Berkeley Internet Name Domain (DNS). nov 05 03:09:02 > data.contoso.com systemd[1]: Unit named.service entered failed state. > nov 05 03:09:02 data.contoso.com systemd[1]: named.service failed. > > > > Is it related to Samba after the same bug ? > > If i remove the samba dlz part in the named config, it's fine. > > Thanks :) > > > > ----- Mail original ----- > De: "Denis Cardon" <dcardon at tranquil.it> > À: "Maxence Sartiaux" <msartiaux at it-optics.com>, "Andrew Bartlett" > <abartlet at samba.org> Cc: samba at lists.samba.org > Envoyé: Vendredi 3 Novembre 2017 11:02:18 > Objet: Re: [Samba] corrupted db after upgrading to 4.7 > > Hi Maxence, > > > Fyi, i've updated to 4.7.1, the dbcheck still not fix the broken > > links, is the fix you talk about planned for a future release ? > > > > Our customer reported me, some users have issues when their logon > > server is DC1 but not when it's DC2. > > > > On DC1 some users have access to all shares, some doesn't have any > > access at all. > > actually this last symptom was the one that got us to hack quickly a > solution for the issue with orphaned backlink attribute 'memberOf'. > You'll probably have to do some cleanup as I pointed out in my last > mail. > > The bugzilla entry [1] you mentioned and corresponding patch prevents > the problem from happening, but I don't think it fixes it. > > Cheers, > > Denis > > [1] https://bugzilla.samba.org/show_bug.cgi?id=13095 > > > > > > > > > On 11/02/2017 04:38 PM, Andrew Bartlett wrote: > >> On Thu, 2017-11-02 at 16:19 +0100, Maxence Sartiaux via samba > >> wrote: > >>> > >> No worries. > >> > >> Andrew Bartlett > >> > > >Can you post your named conf files. Rowland
On Mon, 6 Nov 2017 11:53:32 +0100 (CET) Maxence SARTIAUX <msartiaux at it-optics.com> wrote: I use Devuan and these are my named.conf files: /etc/bind/named.conf include "/etc/bind/named.conf.options"; include "/etc/bind/named.conf.local"; include "/etc/bind/named.conf.default-zones"; nano /etc/bind/named.conf.options options { directory "/var/cache/bind"; version "0.0.7"; notify no; empty-zones-enable no; allow-query { 127.0.0.1; 192.168.0.0/24; }; allow-recursion { 192.168.0.0/24; 127.0.0.1/32; }; forwarders { 8.8.8.8; }; allow-transfer { none; }; dnssec-validation no; dnssec-enable no; listen-on-v6 { none; }; listen-on port 53 { 192.168.0.2; 127.0.0.1; }; tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab"; }; nano /etc/bind/named.conf.local include "/usr/local/samba/private/named.conf"; nano /etc/bind/named.conf.default-zones // prime the server with knowledge of the root servers zone "." { type hint; file "/etc/bind/db.root"; }; // be authoritative for the localhost forward and reverse zones, and for // broadcast zones as per RFC 1912 zone "localhost" { type master; file "/etc/bind/db.local"; }; zone "127.in-addr.arpa" { type master; file "/etc/bind/db.127"; }; zone "0.in-addr.arpa" { type master; file "/etc/bind/db.0"; }; zone "255.in-addr.arpa" { type master; file "/etc/bind/db.255"; }; Try using them as base for yours, you have quite a few settings not required by Samba, then restart Bind and see what happens. Rowland