samba - Jul 2019 - GPO issues - getting SYSVOL cleaned up again

On 31/07/2019 12:04, Stefan G. Weichinger via samba
wrote:
> Am 31.07.19 um 12:50 schrieb Rowland penny via samba:
>> On 31/07/2019 11:40, Stefan G. Weichinger via samba wrote:
>>> Am 31.07.19 um 12:32 schrieb Rowland penny via samba:
>>>> On 31/07/2019 11:22, Stefan G. Weichinger via samba wrote:
>>>>> "dc" was the old name a few years ago
>>>>>
>>>>> I try to get rid of that now.
>>>>>
>>>>> host -t A dc... not found. We want that in the end.
>>>>>
>>>>>
>>>> Ah, my mistake. The samba_dnsupdate script uses a file
'dns_update_list
>>>> to check for records and create any missing ones, this uses
>>>> '${HOSTNAME}', so it looks like somewhere 'dc'
still exists.
>>> definitely, see the rgrep ;-)
>>>
>> Rename the cache file
'/var/lib/samba/private/dns_update_cache', stop
>> then restart Samba, this should cause the cache to be recreated,
>> hopefully without 'dc' ;-)
> And I think, the rename in "SITES" has to be done first? I
haven't yet
> done that to not make a mistake.
>
>
Let me get this out of my system first: Renaming anything in AD is, in 
my opinion, a stupid idea (except for workstations).

Having said that, if you rename a DC, you have to change it everywhere 
(now do you see why I think it is a stupid idea)

Rowland

Am 31.07.19 um 13:09 schrieb Rowland penny via samba:
> Let me get this out of my system first: Renaming anything in AD is, in
> my opinion, a stupid idea (except for workstations).
> 
> Having said that, if you rename a DC, you have to change it everywhere
> (now do you see why I think it is a stupid idea)
I ack that, but it's a few years too late ;-)

The rename in SITES is through, also rm-ing the dns-cache and stop/start

It's there again in "rgrep":



?bereinstimmungen in Bin?rdatei /var/lib/samba/private/secrets.ldb
?bereinstimmungen in Bin?rdatei /var/lib/samba/private/secrets.keytab
/var/lib/samba/private/dns_update_cache:A dc.mydomain.at 192.168.16.205
/var/lib/samba/private/dns_update_cache:SRV _ldap._tcp.mydomain.at
dc.mydomain.at 389


it's also in


# rgrep "dc.mydomain.at" /var/lib/*
?bereinstimmungen in Bin?rdatei /var/lib/samba/private/secrets.tdb
?bereinstimmungen in Bin?rdatei
/var/lib/samba/private/sam.ldb.d/DC=mydomain,DC=AT.ldb
?bereinstimmungen in Bin?rdatei
/var/lib/samba/private/sam.ldb.d/CN=CONFIGURATION,DC=mydomain,DC=AT.ldb

?bereinstimmungen in Bin?rdatei /var/lib/samba/private/secrets.ldb
?bereinstimmungen in Bin?rdatei /var/lib/samba/private/secrets.keytab

So if i understand correctly. 
You removed : /var/lib/samba/private/dns_update_cache 

Stopped samba and started samba and you got the dns A for hostname DC back
in  /var/lib/samba/private/dns_update_cache ?? 

Hmm.. 
> SOA contains "dc.mydomain.at" still ..
Change the SOA to the Other DC. ( as in, not DC, but DC2 ) 

Verify the DNS A ptr GUID again on DC2 also. To be sure. 

On DC run : samba_dnsupdate --verbose 
Post this output. 


 
> 
> ?bereinstimmungen in Bin?rdatei /var/lib/samba/private/secrets.ldb
> ?bereinstimmungen in Bin?rdatei /var/lib/samba/private/secrets.keytab
> /var/lib/samba/private/dns_update_cache:A dc.mydomain.at 
> 192.168.16.205
> /var/lib/samba/private/dns_update_cache:SRV _ldap._tcp.mydomain.at
> dc.mydomain.at 389
> 
> 
> it's also in
> 
> 
> # rgrep "dc.mydomain.at" /var/lib/*
> ?bereinstimmungen in Bin?rdatei /var/lib/samba/private/secrets.tdb
> ?bereinstimmungen in Bin?rdatei
> /var/lib/samba/private/sam.ldb.d/DC=mydomain,DC=AT.ldb
> ?bereinstimmungen in Bin?rdatei
> /var/lib/samba/private/sam.ldb.d/CN=CONFIGURATION,DC=mydomain,
> DC=AT.ldb
> 
> ?bereinstimmungen in Bin?rdatei /var/lib/samba/private/secrets.ldb
> ?bereinstimmungen in Bin?rdatei /var/lib/samba/private/secrets.keytab

Am 31.07.19 um 13:37 schrieb L.P.H. van Belle via samba:
> So if i understand correctly. 
> You removed : /var/lib/samba/private/dns_update_cache 
> 
> Stopped samba and started samba and you got the dns A for hostname DC back
> in  /var/lib/samba/private/dns_update_cache ?? 
Yes!

repeated that once more now. Same result.
> Hmm.. 
>> SOA contains "dc.mydomain.at" still ..
> Change the SOA to the Other DC. ( as in, not DC, but DC2 ) 
edited
> Verify the DNS A ptr GUID again on DC2 also. To be sure. 
looks good to ma
> On DC run : samba_dnsupdate --verbose 
> Post this output. 
+

It immediately starts to fail like:

# samba_dnsupdate --verbose
IPs: ['192.168.16.205']
Looking for DNS entry A dc.mydomain.at 192.168.16.205 as dc.mydomain.at.
The DNS entry A dc.mydomain.at 192.168.16.205, queried as
dc.mydomain.at. does not exist
need update: A dc.mydomain.at 192.168.16.205
Looking for DNS entry A mydomain.at 192.168.16.205 as mydomain.at.
Looking for DNS entry SRV _ldap._tcp.mydomain.at dc.mydomain.at 389 as
_ldap._tcp.mydomain.at.
Checking 0 100 389 pre01svdeb03.mydomain.at. against SRV
_ldap._tcp.mydomain.at dc.mydomain.at 389
Checking 0 100 389 pre01svdeb02.mydomain.at. against SRV
_ldap._tcp.mydomain.at dc.mydomain.at 389
Lookup of _ldap._tcp.mydomain.at. succeeded, but we failed to find a
matching DNS entry for SRV _ldap._tcp.mydomain.at dc.mydomain.at 389
need update: SRV _ldap._tcp.mydomain.at dc.mydomain.at 389
Looking for DNS entry SRV _ldap._tcp.dc._msdcs.mydomain.at
dc.mydomain.at 389 as _ldap._tcp.dc._msdcs.mydomain.at.
Checking 0 100 389 pre01svdeb03.mydomain.at. against SRV
_ldap._tcp.dc._msdcs.mydomain.at dc.mydomain.at 389
Checking 0 100 389 pre01svdeb02.mydomain.at. against SRV
_ldap._tcp.dc._msdcs.mydomain.at dc.mydomain.at 389
Lookup of _ldap._tcp.dc._msdcs.mydomain.at. succeeded, but we failed to
find a matching DNS entry for SRV _ldap._tcp.dc._msdcs.mydomain.at
dc.mydomain.at 389
need update: SRV _ldap._tcp.dc._msdcs.mydomain.at dc.mydomain.at 389
Looking for DNS entry SRV
_ldap._tcp.317d1ccc-8df7-4ec6-9a6b-031a060da9b7.domains._msdcs.mydomain.at
dc.mydomain.at 389 as
_ldap._tcp.317d1ccc-8df7-4ec6-9a6b-031a060da9b7.domains._msdcs.mydomain.at.
Checking 0 100 389 pre01svdeb03.mydomain.at. against SRV
_ldap._tcp.317d1ccc-8df7-4ec6-9a6b-031a060da9b7.domains._msdcs.mydomain.at
dc.mydomain.at 389
Checking 0 100 389 pre01svdeb02.mydomain.at. against SRV
_ldap._tcp.317d1ccc-8df7-4ec6-9a6b-031a060da9b7.domains._msdcs.mydomain.at
dc.mydomain.at 389
Lookup of
_ldap._tcp.317d1ccc-8df7-4ec6-9a6b-031a060da9b7.domains._msdcs.mydomain.at.
succeeded, but we failed to find a matching DNS entry for SRV
_ldap._tcp.317d1ccc-8df7-4ec6-9a6b-031a060da9b7.domains._msdcs.mydomain.at
dc.mydomain.at 389
need update: SRV
_ldap._tcp.317d1ccc-8df7-4ec6-9a6b-031a060da9b7.domains._msdcs.mydomain.at
dc.mydomain.at 389
Looking for DNS entry SRV _kerberos._tcp.mydomain.at dc.mydomain.at 88
as _kerberos._tcp.mydomain.at.
Checking 0 100 88 pre01svdeb03.mydomain.at. against SRV
_kerberos._tcp.mydomain.at dc.mydomain.at 88
Checking 0 100 88 pre01svdeb02.mydomain.at. against SRV
_kerberos._tcp.mydomain.at dc.mydomain.at 88
Lookup of _kerberos._tcp.mydomain.at. succeeded, but we failed to find a
matching DNS entry for SRV _kerberos._tcp.mydomain.at dc.mydomain.at 88
need update: SRV _kerberos._tcp.mydomain.at dc.mydomain.at 88
Looking for DNS entry SRV _kerberos._udp.mydomain.at dc.mydomain.at 88
as _kerberos._udp.mydomain.at.
Checking 0 100 88 pre01svdeb03.mydomain.at. against SRV
_kerberos._udp.mydomain.at dc.mydomain.at 88
Checking 0 100 88 pre01svdeb02.mydomain.at. against SRV
_kerberos._udp.mydomain.at dc.mydomain.at 88
Lookup of _kerberos._udp.mydomain.at. succeeded, but we failed to find a
matching DNS entry for SRV _kerberos._udp.mydomain.at dc.mydomain.at 88
need update: SRV _kerberos._udp.mydomain.at dc.mydomain.at 88
Looking for DNS entry SRV _kerberos._tcp.dc._msdcs.mydomain.at
dc.mydomain.at 88 as _kerberos._tcp.dc._msdcs.mydomain.at.
Checking 0 100 88 pre01svdeb03.mydomain.at. against SRV
_kerberos._tcp.dc._msdcs.mydomain.at dc.mydomain.at 88
Checking 0 100 88 pre01svdeb02.mydomain.at. against SRV
_kerberos._tcp.dc._msdcs.mydomain.at dc.mydomain.at 88
Lookup of _kerberos._tcp.dc._msdcs.mydomain.at. succeeded, but we failed
to find a matching DNS entry for SRV
_kerberos._tcp.dc._msdcs.mydomain.at dc.mydomain.at 88
need update: SRV _kerberos._tcp.dc._msdcs.mydomain.at dc.mydomain.at 88
Looking for DNS entry SRV _kpasswd._tcp.mydomain.at dc.mydomain.at 464
as _kpasswd._tcp.mydomain.at.
Checking 0 100 464 pre01svdeb03.mydomain.at. against SRV
_kpasswd._tcp.mydomain.at dc.mydomain.at 464
Checking 0 100 464 pre01svdeb02.mydomain.at. against SRV
_kpasswd._tcp.mydomain.at dc.mydomain.at 464
Lookup of _kpasswd._tcp.mydomain.at. succeeded, but we failed to find a
matching DNS entry for SRV _kpasswd._tcp.mydomain.at dc.mydomain.at 464
need update: SRV _kpasswd._tcp.mydomain.at dc.mydomain.at 464
Looking for DNS entry SRV _kpasswd._udp.mydomain.at dc.mydomain.at 464
as _kpasswd._udp.mydomain.at.
Checking 0 100 464 pre01svdeb03.mydomain.at. against SRV
_kpasswd._udp.mydomain.at dc.mydomain.at 464
Checking 0 100 464 pre01svdeb02.mydomain.at. against SRV
_kpasswd._udp.mydomain.at dc.mydomain.at 464
Lookup of _kpasswd._udp.mydomain.at. succeeded, but we failed to find a
matching DNS entry for SRV _kpasswd._udp.mydomain.at dc.mydomain.at 464
need update: SRV _kpasswd._udp.mydomain.at dc.mydomain.at 464
Looking for DNS entry CNAME
e5922d4b-9bf0-4c79-b256-ff5f75a3e4f4._msdcs.mydomain.at dc.mydomain.at
as e5922d4b-9bf0-4c79-b256-ff5f75a3e4f4._msdcs.mydomain.at.
Lookup of e5922d4b-9bf0-4c79-b256-ff5f75a3e4f4._msdcs.mydomain.at.
succeeded, but we failed to find a matching DNS entry for CNAME
e5922d4b-9bf0-4c79-b256-ff5f75a3e4f4._msdcs.mydomain.at dc.mydomain.at
need update: CNAME
e5922d4b-9bf0-4c79-b256-ff5f75a3e4f4._msdcs.mydomain.at dc.mydomain.at
Looking for DNS entry SRV
_ldap._tcp.Default-First-Site-Name._sites.mydomain.at dc.mydomain.at 389
as _ldap._tcp.Default-First-Site-Name._sites.mydomain.at.
Checking 0 100 389 pre01svdeb03.mydomain.at. against SRV
_ldap._tcp.Default-First-Site-Name._sites.mydomain.at dc.mydomain.at 389
Checking 0 100 389 pre01svdeb02.mydomain.at. against SRV
_ldap._tcp.Default-First-Site-Name._sites.mydomain.at dc.mydomain.at 389
Lookup of _ldap._tcp.Default-First-Site-Name._sites.mydomain.at.
succeeded, but we failed to find a matching DNS entry for SRV
_ldap._tcp.Default-First-Site-Name._sites.mydomain.at dc.mydomain.at 389
need update: SRV _ldap._tcp.Default-First-Site-Name._sites.mydomain.at
dc.mydomain.at 389
Looking for DNS entry SRV
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.at
dc.mydomain.at 389 as
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.at.
Checking 0 100 389 pre01svdeb03.mydomain.at. against SRV
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.at
dc.mydomain.at 389
Checking 0 100 389 pre01svdeb02.mydomain.at. against SRV
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.at
dc.mydomain.at 389
Lookup of
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.at.
succeeded, but we failed to find a matching DNS entry for SRV
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.at
dc.mydomain.at 389
need update: SRV
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.at
dc.mydomain.at 389
Looking for DNS entry SRV
_kerberos._tcp.Default-First-Site-Name._sites.mydomain.at dc.mydomain.at
88 as _kerberos._tcp.Default-First-Site-Name._sites.mydomain.at.
Checking 0 100 88 pre01svdeb03.mydomain.at. against SRV
_kerberos._tcp.Default-First-Site-Name._sites.mydomain.at dc.mydomain.at 88
Checking 0 100 88 pre01svdeb02.mydomain.at. against SRV
_kerberos._tcp.Default-First-Site-Name._sites.mydomain.at dc.mydomain.at 88
Lookup of _kerberos._tcp.Default-First-Site-Name._sites.mydomain.at.
succeeded, but we failed to find a matching DNS entry for SRV
_kerberos._tcp.Default-First-Site-Name._sites.mydomain.at dc.mydomain.at 88
need update: SRV
_kerberos._tcp.Default-First-Site-Name._sites.mydomain.at dc.mydomain.at 88
Looking for DNS entry SRV
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.at
dc.mydomain.at 88 as
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.at.
Checking 0 100 88 pre01svdeb03.mydomain.at. against SRV
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.at
dc.mydomain.at 88
Checking 0 100 88 pre01svdeb02.mydomain.at. against SRV
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.at
dc.mydomain.at 88
Lookup of
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.at.
succeeded, but we failed to find a matching DNS entry for SRV
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.at
dc.mydomain.at 88
need update: SRV
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.at
dc.mydomain.at 88
Looking for DNS entry SRV _ldap._tcp.pdc._msdcs.mydomain.at
dc.mydomain.at 389 as _ldap._tcp.pdc._msdcs.mydomain.at.
Checking 0 100 389 pre01svdeb02.mydomain.at. against SRV
_ldap._tcp.pdc._msdcs.mydomain.at dc.mydomain.at 389
Lookup of _ldap._tcp.pdc._msdcs.mydomain.at. succeeded, but we failed to
find a matching DNS entry for SRV _ldap._tcp.pdc._msdcs.mydomain.at
dc.mydomain.at 389
need update: SRV _ldap._tcp.pdc._msdcs.mydomain.at dc.mydomain.at 389
Looking for DNS entry A gc._msdcs.mydomain.at 192.168.16.205 as
gc._msdcs.mydomain.at.
Looking for DNS entry SRV _gc._tcp.mydomain.at dc.mydomain.at 3268 as
_gc._tcp.mydomain.at.
Checking 0 100 3268 pre01svdeb03.mydomain.at. against SRV
_gc._tcp.mydomain.at dc.mydomain.at 3268
Checking 0 100 3268 pre01svdeb02.mydomain.at. against SRV
_gc._tcp.mydomain.at dc.mydomain.at 3268
Lookup of _gc._tcp.mydomain.at. succeeded, but we failed to find a
matching DNS entry for SRV _gc._tcp.mydomain.at dc.mydomain.at 3268
need update: SRV _gc._tcp.mydomain.at dc.mydomain.at 3268
Looking for DNS entry SRV _ldap._tcp.gc._msdcs.mydomain.at
dc.mydomain.at 3268 as _ldap._tcp.gc._msdcs.mydomain.at.
Checking 0 100 3268 pre01svdeb03.mydomain.at. against SRV
_ldap._tcp.gc._msdcs.mydomain.at dc.mydomain.at 3268
Checking 0 100 3268 pre01svdeb02.mydomain.at. against SRV
_ldap._tcp.gc._msdcs.mydomain.at dc.mydomain.at 3268
Lookup of _ldap._tcp.gc._msdcs.mydomain.at. succeeded, but we failed to
find a matching DNS entry for SRV _ldap._tcp.gc._msdcs.mydomain.at
dc.mydomain.at 3268
need update: SRV _ldap._tcp.gc._msdcs.mydomain.at dc.mydomain.at 3268
Looking for DNS entry SRV
_gc._tcp.Default-First-Site-Name._sites.mydomain.at dc.mydomain.at 3268
as _gc._tcp.Default-First-Site-Name._sites.mydomain.at.
Checking 0 100 3268 pre01svdeb03.mydomain.at. against SRV
_gc._tcp.Default-First-Site-Name._sites.mydomain.at dc.mydomain.at 3268
Checking 0 100 3268 pre01svdeb02.mydomain.at. against SRV
_gc._tcp.Default-First-Site-Name._sites.mydomain.at dc.mydomain.at 3268
Lookup of _gc._tcp.Default-First-Site-Name._sites.mydomain.at.
succeeded, but we failed to find a matching DNS entry for SRV
_gc._tcp.Default-First-Site-Name._sites.mydomain.at dc.mydomain.at 3268
need update: SRV _gc._tcp.Default-First-Site-Name._sites.mydomain.at
dc.mydomain.at 3268
Looking for DNS entry SRV
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.mydomain.at
dc.mydomain.at 3268 as
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.mydomain.at.
Checking 0 100 3268 pre01svdeb03.mydomain.at. against SRV
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.mydomain.at
dc.mydomain.at 3268
Checking 0 100 3268 pre01svdeb02.mydomain.at. against SRV
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.mydomain.at
dc.mydomain.at 3268
Lookup of
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.mydomain.at.
succeeded, but we failed to find a matching DNS entry for SRV
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.mydomain.at
dc.mydomain.at 3268
need update: SRV
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.mydomain.at
dc.mydomain.at 3268
Looking for DNS entry A DomainDnsZones.mydomain.at 192.168.16.205 as
DomainDnsZones.mydomain.at.
Looking for DNS entry SRV _ldap._tcp.DomainDnsZones.mydomain.at
dc.mydomain.at 389 as _ldap._tcp.DomainDnsZones.mydomain.at.
Checking 0 100 389 pre01svdeb03.mydomain.at. against SRV
_ldap._tcp.DomainDnsZones.mydomain.at dc.mydomain.at 389
Checking 0 100 389 pre01svdeb02.mydomain.at. against SRV
_ldap._tcp.DomainDnsZones.mydomain.at dc.mydomain.at 389
Lookup of _ldap._tcp.DomainDnsZones.mydomain.at. succeeded, but we
failed to find a matching DNS entry for SRV
_ldap._tcp.DomainDnsZones.mydomain.at dc.mydomain.at 389
need update: SRV _ldap._tcp.DomainDnsZones.mydomain.at dc.mydomain.at 389
Looking for DNS entry SRV
_ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.mydomain.at
dc.mydomain.at 389 as
_ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.mydomain.at.
Checking 0 100 389 pre01svdeb03.mydomain.at. against SRV
_ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.mydomain.at
dc.mydomain.at 389
Checking 0 100 389 pre01svdeb02.mydomain.at. against SRV
_ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.mydomain.at
dc.mydomain.at 389
Lookup of
_ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.mydomain.at.
succeeded, but we failed to find a matching DNS entry for SRV
_ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.mydomain.at
dc.mydomain.at 389
need update: SRV
_ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.mydomain.at
dc.mydomain.at 389
Looking for DNS entry A ForestDnsZones.mydomain.at 192.168.16.205 as
ForestDnsZones.mydomain.at.
Looking for DNS entry SRV _ldap._tcp.ForestDnsZones.mydomain.at
dc.mydomain.at 389 as _ldap._tcp.ForestDnsZones.mydomain.at.
Checking 0 100 389 pre01svdeb03.mydomain.at. against SRV
_ldap._tcp.ForestDnsZones.mydomain.at dc.mydomain.at 389
Checking 0 100 389 pre02svdeb02.mydomain.at. against SRV
_ldap._tcp.ForestDnsZones.mydomain.at dc.mydomain.at 389
Lookup of _ldap._tcp.ForestDnsZones.mydomain.at. succeeded, but we
failed to find a matching DNS entry for SRV
_ldap._tcp.ForestDnsZones.mydomain.at dc.mydomain.at 389
need update: SRV _ldap._tcp.ForestDnsZones.mydomain.at dc.mydomain.at 389
Looking for DNS entry SRV
_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.mydomain.at
dc.mydomain.at 389 as
_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.mydomain.at.
Checking 0 100 389 pre01svdeb03.mydomain.at. against SRV
_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.mydomain.at
dc.mydomain.at 389
Checking 0 100 389 pre02svdeb02.mydomain.at. against SRV
_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.mydomain.at
dc.mydomain.at 389
Lookup of
_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.mydomain.at.
succeeded, but we failed to find a matching DNS entry for SRV
_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.mydomain.at
dc.mydomain.at 389
need update: SRV
_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.mydomain.at
dc.mydomain.at 389
23 DNS updates and 0 DNS deletes needed
Successfully obtained Kerberos ticket to DNS/dc.mydomain.at as DC$
update(nsupdate): A dc.mydomain.at 192.168.16.205
Calling nsupdate for A dc.mydomain.at 192.168.16.205 (add)
Successfully obtained Kerberos ticket to DNS/dc.mydomain.at as DC$
couldn't get address for 'dc.mydomain.at': not found
Failed nsupdate: 1
update(nsupdate): SRV _ldap._tcp.mydomain.at dc.mydomain.at 389
Calling nsupdate for SRV _ldap._tcp.mydomain.at dc.mydomain.at 389 (add)
Successfully obtained Kerberos ticket to DNS/dc.mydomain.at as DC$
couldn't get address for 'dc.mydomain.at': not found
Failed nsupdate: 1
update(nsupdate): SRV _ldap._tcp.dc._msdcs.mydomain.at dc.mydomain.at 389
Calling nsupdate for SRV _ldap._tcp.dc._msdcs.mydomain.at dc.mydomain.at
389 (add)
Successfully obtained Kerberos ticket to DNS/dc.mydomain.at as DC$
couldn't get address for 'dc.mydomain.at': not found
Failed nsupdate: 1
update(nsupdate): SRV
_ldap._tcp.317d1ccc-8df7-4ec6-9a6b-031a060da9b7.domains._msdcs.mydomain.at
dc.mydomain.at 389
Calling nsupdate for SRV
_ldap._tcp.317d1ccc-8df7-4ec6-9a6b-031a060da9b7.domains._msdcs.mydomain.at
dc.mydomain.at 389 (add)
Successfully obtained Kerberos ticket to DNS/dc.mydomain.at as DC$
couldn't get address for 'dc.mydomain.at': not found
Failed nsupdate: 1
update(nsupdate): SRV _kerberos._tcp.mydomain.at dc.mydomain.at 88
Calling nsupdate for SRV _kerberos._tcp.mydomain.at dc.mydomain.at 88 (add)
Successfully obtained Kerberos ticket to DNS/dc.mydomain.at as DC$
couldn't get address for 'dc.mydomain.at': not found
Failed nsupdate: 1
update(nsupdate): SRV _kerberos._udp.mydomain.at dc.mydomain.at 88
Calling nsupdate for SRV _kerberos._udp.mydomain.at dc.mydomain.at 88 (add)
Successfully obtained Kerberos ticket to DNS/dc.mydomain.at as DC$
couldn't get address for 'dc.mydomain.at': not found
Failed nsupdate: 1
update(nsupdate): SRV _kerberos._tcp.dc._msdcs.mydomain.at dc.mydomain.at 88
Calling nsupdate for SRV _kerberos._tcp.dc._msdcs.mydomain.at
dc.mydomain.at 88 (add)
Successfully obtained Kerberos ticket to DNS/dc.mydomain.at as DC$
couldn't get address for 'dc.mydomain.at': not found
Failed nsupdate: 1
update(nsupdate): SRV _kpasswd._tcp.mydomain.at dc.mydomain.at 464
Calling nsupdate for SRV _kpasswd._tcp.mydomain.at dc.mydomain.at 464 (add)
Successfully obtained Kerberos ticket to DNS/dc.mydomain.at as DC$
couldn't get address for 'dc.mydomain.at': not found
Failed nsupdate: 1
update(nsupdate): SRV _kpasswd._udp.mydomain.at dc.mydomain.at 464
Calling nsupdate for SRV _kpasswd._udp.mydomain.at dc.mydomain.at 464 (add)
Successfully obtained Kerberos ticket to DNS/dc.mydomain.at as DC$
couldn't get address for 'dc.mydomain.at': not found
Failed nsupdate: 1
update(nsupdate): CNAME
e5922d4b-9bf0-4c79-b256-ff5f75a3e4f4._msdcs.mydomain.at dc.mydomain.at
Calling nsupdate for CNAME
e5922d4b-9bf0-4c79-b256-ff5f75a3e4f4._msdcs.mydomain.at dc.mydomain.at (add)
Successfully obtained Kerberos ticket to DNS/dc.mydomain.at as DC$
couldn't get address for 'dc.mydomain.at': not found
Failed nsupdate: 1
update(nsupdate): SRV
_ldap._tcp.Default-First-Site-Name._sites.mydomain.at dc.mydomain.at 389
Calling nsupdate for SRV
_ldap._tcp.Default-First-Site-Name._sites.mydomain.at dc.mydomain.at 389
(add)
Successfully obtained Kerberos ticket to DNS/dc.mydomain.at as DC$
couldn't get address for 'dc.mydomain.at': not found
Failed nsupdate: 1
update(nsupdate): SRV
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.at
dc.mydomain.at 389
Calling nsupdate for SRV
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.at
dc.mydomain.at 389 (add)
Successfully obtained Kerberos ticket to DNS/dc.mydomain.at as DC$
couldn't get address for 'dc.mydomain.at': not found
Failed nsupdate: 1
update(nsupdate): SRV
_kerberos._tcp.Default-First-Site-Name._sites.mydomain.at dc.mydomain.at 88
Calling nsupdate for SRV
_kerberos._tcp.Default-First-Site-Name._sites.mydomain.at dc.mydomain.at
88 (add)
Successfully obtained Kerberos ticket to DNS/dc.mydomain.at as DC$
couldn't get address for 'dc.mydomain.at': not found
Failed nsupdate: 1
update(nsupdate): SRV
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.at
dc.mydomain.at 88
Calling nsupdate for SRV
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.at
dc.mydomain.at 88 (add)
Successfully obtained Kerberos ticket to DNS/dc.mydomain.at as DC$
couldn't get address for 'dc.mydomain.at': not found
Failed nsupdate: 1
update(nsupdate): SRV _ldap._tcp.pdc._msdcs.mydomain.at dc.mydomain.at 389
Calling nsupdate for SRV _ldap._tcp.pdc._msdcs.mydomain.at
dc.mydomain.at 389 (add)
Successfully obtained Kerberos ticket to DNS/dc.mydomain.at as DC$
couldn't get address for 'dc.mydomain.at': not found
Failed nsupdate: 1
update(nsupdate): SRV _gc._tcp.mydomain.at dc.mydomain.at 3268
Calling nsupdate for SRV _gc._tcp.mydomain.at dc.mydomain.at 3268 (add)
Successfully obtained Kerberos ticket to DNS/dc.mydomain.at as DC$
couldn't get address for 'dc.mydomain.at': not found
Failed nsupdate: 1
update(nsupdate): SRV _ldap._tcp.gc._msdcs.mydomain.at dc.mydomain.at 3268
Calling nsupdate for SRV _ldap._tcp.gc._msdcs.mydomain.at dc.mydomain.at
3268 (add)
Successfully obtained Kerberos ticket to DNS/dc.mydomain.at as DC$
couldn't get address for 'dc.mydomain.at': not found
Failed nsupdate: 1
update(nsupdate): SRV
_gc._tcp.Default-First-Site-Name._sites.mydomain.at dc.mydomain.at 3268
Calling nsupdate for SRV
_gc._tcp.Default-First-Site-Name._sites.mydomain.at dc.mydomain.at 3268
(add)
Successfully obtained Kerberos ticket to DNS/dc.mydomain.at as DC$
couldn't get address for 'dc.mydomain.at': not found
Failed nsupdate: 1
update(nsupdate): SRV
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.mydomain.at
dc.mydomain.at 3268
Calling nsupdate for SRV
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.mydomain.at
dc.mydomain.at 3268 (add)
Successfully obtained Kerberos ticket to DNS/dc.mydomain.at as DC$
couldn't get address for 'dc.mydomain.at': not found
Failed nsupdate: 1
update(nsupdate): SRV _ldap._tcp.DomainDnsZones.mydomain.at
dc.mydomain.at 389
Calling nsupdate for SRV _ldap._tcp.DomainDnsZones.mydomain.at
dc.mydomain.at 389 (add)
Successfully obtained Kerberos ticket to DNS/dc.mydomain.at as DC$
couldn't get address for 'dc.mydomain.at': not found
Failed nsupdate: 1
update(nsupdate): SRV
_ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.mydomain.at
dc.mydomain.at 389
Calling nsupdate for SRV
_ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.mydomain.at
dc.mydomain.at 389 (add)
Successfully obtained Kerberos ticket to DNS/dc.mydomain.at as DC$
couldn't get address for 'dc.mydomain.at': not found
Failed nsupdate: 1
update(nsupdate): SRV _ldap._tcp.ForestDnsZones.mydomain.at
dc.mydomain.at 389
Calling nsupdate for SRV _ldap._tcp.ForestDnsZones.mydomain.at
dc.mydomain.at 389 (add)
Successfully obtained Kerberos ticket to DNS/dc.mydomain.at as DC$
couldn't get address for 'dc.mydomain.at': not found
Failed nsupdate: 1
update(nsupdate): SRV
_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.mydomain.at
dc.mydomain.at 389
Calling nsupdate for SRV
_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.mydomain.at
dc.mydomain.at 389 (add)
Successfully obtained Kerberos ticket to DNS/dc.mydomain.at as DC$
couldn't get address for 'dc.mydomain.at': not found
Failed nsupdate: 1
Failed update of 23 entries

Maybe also informative:

# systemctl status samba-ad-dc.service

Jul 31 13:42:20 pre01svdeb02 samba[32029]: task[dnsupdate][32029]:
[2019/07/31 13:42:20.259104,  0]
../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
Jul 31 13:42:20 pre01svdeb02 samba[32029]: task[dnsupdate][32029]:
/usr/sbin/samba_dnsupdate: couldn't get address for
'dc.pilsbacher.at':
not found
Jul 31 13:42:20 pre01svdeb02 samba[32029]: task[dnsupdate][32029]:
[2019/07/31 13:42:20.295584,  0]
../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
Jul 31 13:42:20 pre01svdeb02 samba[32029]: task[dnsupdate][32029]:
/usr/sbin/samba_dnsupdate: couldn't get address for
'dc.pilsbacher.at':
not found
Jul 31 13:42:20 pre01svdeb02 samba[32029]: task[dnsupdate][32029]:
[2019/07/31 13:42:20.329049,  0]
../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
Jul 31 13:42:20 pre01svdeb02 samba[32029]: task[dnsupdate][32029]:
/usr/sbin/samba_dnsupdate: couldn't get address for
'dc.pilsbacher.at':
not found
Jul 31 13:42:20 pre01svdeb02 samba[32029]: task[dnsupdate][32029]:
[2019/07/31 13:42:20.365509,  0]
../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
Jul 31 13:42:20 pre01svdeb02 samba[32029]: task[dnsupdate][32029]:
/usr/sbin/samba_dnsupdate: couldn't get address for
'dc.pilsbacher.at':
not found
Jul 31 13:42:20 pre01svdeb02 samba[32029]: task[dnsupdate][32029]:
[2019/07/31 13:42:20.397700,  0]
../source4/dsdb/dns/dns_update.c:330(dnsupdate_nameupdate_done)
Jul 31 13:42:20 pre01svdeb02 samba[32029]: task[dnsupdate][32029]:
../source4/dsdb/dns/dns_update.c:330: Failed DNS update - with error code 23