El mi?., 26 jun. 2019 a las 14:48, Rowland penny via samba (< samba at lists.samba.org>) escribi?:> On 26/06/2019 18:36, Sergio Belkin via samba wrote: > > I've seen this behaviour: > > > > 1. Create a new DNS zone,eg: example.com > Where did you create the zone ? > > 2. Create a independent DNS server that is now authoritative to > example.com > This sounds like you recreated the 'example.com' zone again on another > DNS server that is external to the Samba AD DC > > 3. On samba delete the example.com zone with samba-tool samba-tool dns > > delete..... > > > > The result is that using samba as DNS server it does not resolve > example.com > > through recursive query and fails > It wouldn't resolve 'example.com' would it, you have just deleted all > the zone records. > > > > Am I the only one with issue? I've found a workaround runninf: > > > > samba-tool dbcheck --cross-ncs --fix and then restarting the service > > > > but it would nice that that was fixed. Or is there a proper way of > deleting > > zones that I don't know? > No, you are deleting the zone in the correct way, providing it isn't the > AD dns domain. Your DC's should be authoritative for the AD dns domain > and forward anything unknown to an external DNS server. > > Rowland > >So is this a bug? it would be great is someone try to reproduce it... Greets -- -- Sergio Belkin LPIC-2 Certified - http://www.lpi.org
On 26/06/2019 18:59, Sergio Belkin via samba wrote:> El mi?., 26 jun. 2019 a las 14:48, Rowland penny via samba (< > samba at lists.samba.org>) escribi?: > >> On 26/06/2019 18:36, Sergio Belkin via samba wrote: >>> I've seen this behaviour: >>> >>> 1. Create a new DNS zone,eg: example.com >> Where did you create the zone ? >>> 2. Create a independent DNS server that is now authoritative to >> example.com >> This sounds like you recreated the 'example.com' zone again on another >> DNS server that is external to the Samba AD DC >>> 3. On samba delete the example.com zone with samba-tool samba-tool dns >>> delete..... >>> >>> The result is that using samba as DNS server it does not resolve >> example.com >>> through recursive query and fails >> It wouldn't resolve 'example.com' would it, you have just deleted all >> the zone records. >>> Am I the only one with issue? I've found a workaround runninf: >>> >>> samba-tool dbcheck --cross-ncs --fix and then restarting the service >>> >>> but it would nice that that was fixed. Or is there a proper way of >> deleting >>> zones that I don't know? >> No, you are deleting the zone in the correct way, providing it isn't the >> AD dns domain. Your DC's should be authoritative for the AD dns domain >> and forward anything unknown to an external DNS server. >> >> Rowland >> >> > So is this a bug? it would be great is someone try to reproduce it... > Greets >I do not think so, it might help if you answered the question I asked, where did you create the zone and I suppose why ? What is your AD dns domain ? What dns server are you using ? the internal dns server or Bind9 ? Rowland
On 27/06/2019 11:22, Sergio Belkin wrote:> El mi?., 26 jun. 2019 a las 15:11, Rowland penny via samba > (<samba at lists.samba.org <mailto:samba at lists.samba.org>>) escribi?: > > On 26/06/2019 18:59, Sergio Belkin via samba wrote: > > El mi?., 26 jun. 2019 a las 14:48, Rowland penny via samba (< > > samba at lists.samba.org <mailto:samba at lists.samba.org>>) escribi?: > > > >> On 26/06/2019 18:36, Sergio Belkin via samba wrote: > >>> I've seen this behaviour: > >>> > >>> 1. Create a new DNS zone,eg: example.com <http://example.com> > >> Where did you create the zone ? > >>> 2. Create a independent DNS server that is now authoritative to > >> example.com <http://example.com> > >> This sounds like you recreated the 'example.com > <http://example.com>' zone again on another > >> DNS server that is external to the Samba AD DC > >>> 3. On samba delete the example.com <http://example.com> zone > with samba-tool samba-tool dns > >>> delete..... > >>> > >>> The result is that using samba as DNS server it does not resolve > >> example.com <http://example.com> > >>> through recursive query and fails > >> It wouldn't resolve 'example.com <http://example.com>' would > it, you have just deleted all > >> the zone records. > >>> Am I the only one with issue? I've found a workaround runninf: > >>> > >>> samba-tool dbcheck --cross-ncs --fix and then restarting the > service > >>> > >>> but it would nice that that was fixed. Or is there a proper way of > >> deleting > >>> zones that I don't know? > >> No, you are deleting the zone in the correct way, providing it > isn't the > >> AD dns domain. Your DC's should be authoritative for the AD dns > domain > >> and forward anything unknown to an external DNS server. > >> > >> Rowland > >> > >> > > So is this a bug? it would be great is someone try to reproduce > it... > > Greets > > > I do not think so, it might help if you answered the question I > asked, > where did you create the zone and I suppose why ? > > > Sorry! I overlooked it. I've created the zone on Samba server, because > I needed to replicate temporarily > > > What is your AD dns domain ? > > > Let's say is another-example.com <http://another-example.com> > > > What dns server are you using ? the internal dns server or Bind9 ? > > > I'm using the SAMBA4 server as DNS server. It's the internal dns server. >Then I do not see what your problem is: You have a Samba AD DC in the 'another-example.com' dns domain. You added a zone called 'example.com' You created a new DNS server for the 'example.com' dns domain You deleted the 'example.com' zone from the AD DC. At this point, unless you forward unknown dns queries to a DNS server that knows the 'example.com' dns domain, queries such as 'nslookup acomputer.example.com' will fail because your AD DC knows nothing about the 'example.com' dns domain. Rowland
El jue., 27 jun. 2019 07:41, Rowland penny via samba <samba at lists.samba.org> escribi?:> On 27/06/2019 11:22, Sergio Belkin wrote: > > El mi?., 26 jun. 2019 a las 15:11, Rowland penny via samba > > (<samba at lists.samba.org <mailto:samba at lists.samba.org>>) escribi?: > > > > On 26/06/2019 18:59, Sergio Belkin via samba wrote: > > > El mi?., 26 jun. 2019 a las 14:48, Rowland penny via samba (< > > > samba at lists.samba.org <mailto:samba at lists.samba.org>>) escribi?: > > > > > >> On 26/06/2019 18:36, Sergio Belkin via samba wrote: > > >>> I've seen this behaviour: > > >>> > > >>> 1. Create a new DNS zone,eg: example.com <http://example.com> > > >> Where did you create the zone ? > > >>> 2. Create a independent DNS server that is now authoritative to > > >> example.com <http://example.com> > > >> This sounds like you recreated the 'example.com > > <http://example.com>' zone again on another > > >> DNS server that is external to the Samba AD DC > > >>> 3. On samba delete the example.com <http://example.com> zone > > with samba-tool samba-tool dns > > >>> delete..... > > >>> > > >>> The result is that using samba as DNS server it does not resolve > > >> example.com <http://example.com> > > >>> through recursive query and fails > > >> It wouldn't resolve 'example.com <http://example.com>' would > > it, you have just deleted all > > >> the zone records. > > >>> Am I the only one with issue? I've found a workaround runninf: > > >>> > > >>> samba-tool dbcheck --cross-ncs --fix and then restarting the > > service > > >>> > > >>> but it would nice that that was fixed. Or is there a proper way > of > > >> deleting > > >>> zones that I don't know? > > >> No, you are deleting the zone in the correct way, providing it > > isn't the > > >> AD dns domain. Your DC's should be authoritative for the AD dns > > domain > > >> and forward anything unknown to an external DNS server. > > >> > > >> Rowland > > >> > > >> > > > So is this a bug? it would be great is someone try to reproduce > > it... > > > Greets > > > > > I do not think so, it might help if you answered the question I > > asked, > > where did you create the zone and I suppose why ? > > > > > > Sorry! I overlooked it. I've created the zone on Samba server, because > > I needed to replicate temporarily > > > > > > What is your AD dns domain ? > > > > > > Let's say is another-example.com <http://another-example.com> > > > > > > What dns server are you using ? the internal dns server or Bind9 ? > > > > > > I'm using the SAMBA4 server as DNS server. It's the internal dns server. > > > Then I do not see what your problem is: > > You have a Samba AD DC in the 'another-example.com' dns domain. > > You added a zone called 'example.com' > > You created a new DNS server for the 'example.com' dns domain > > You deleted the 'example.com' zone from the AD DC. > > At this point, unless you forward unknown dns queries to a DNS server > that knows the 'example.com' dns domain, queries such as 'nslookup > acomputer.example.com' will fail because your AD DC knows nothing about > the 'example.com' dns domain. >I use google dns as fowarder to resolve anything else. It is as is SAMBA would say: "I had data of example.com zone, but I haven't it now. I can't do nothing. Bye." :) The expected I think is that it passes the query to forward unknown domains. In fact the problem is gone away if I run samba-tool dbcheck --cross-ncs --fix If i misunderstood something, please let me to know it.> Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > 000000000000000000000haf >