thr3ads.net - samba - [Samba] Problems with Internal DNS Samba 4 [Sep 2019]

If this information is useful, please help other people find it:
Share via:

Marcio Demetrio Bacci

2019-Sep-02 12:19 UTC

[Samba] Problems with Internal DNS Samba 4

Hi,


>is Bind9 running ?Yes
netstat -lntup | grep 53
tcp        0      0 127.0.0.1:953           0.0.0.0:*               OU?A
    13296/named
tcp        0      0 0.0.0.0:49153           0.0.0.0:*               OU?A
    15105/samba: task[d
tcp6       0      0 :::49153                :::*                    OU?A
    15105/samba: task[d

 /etc/init.d/bind9 status
? bind9.service - BIND Domain Name Server
   Loaded: loaded (/lib/systemd/system/bind9.service; enabled; vendor
preset: enabled)
   Active: active (running) since Mon 2019-09-02 08:28:13 -03; 3s ago
     Docs: man:named(8)
 Main PID: 13296 (named)
    Tasks: 7 (limit: 4720)
   CGroup: /system.slice/bind9.service
           ??13296 /usr/sbin/named -f -u bind -4

set 02 08:28:13 samba4-dc1 named[13296]: set up managed keys zone for view
_default, file 'managed-keys.bind'
set 02 08:28:13 samba4-dc1 named[13296]: configuring command channel from
'/etc/bind/rndc.key'
set 02 08:28:13 samba4-dc1 named[13296]: command channel listening on
127.0.0.1#953
set 02 08:28:13 samba4-dc1 named[13296]: managed-keys-zone: loaded serial 0
set 02 08:28:13 samba4-dc1 named[13296]: zone 0.in-addr.arpa/IN: loaded
serial 1
set 02 08:28:13 samba4-dc1 named[13296]: zone localhost/IN: loaded serial 2
set 02 08:28:13 samba4-dc1 named[13296]: zone 255.in-addr.arpa/IN: loaded
serial 1
set 02 08:28:13 samba4-dc1 named[13296]: zone 127.in-addr.arpa/IN: loaded
serial 1
set 02 08:28:13 samba4-dc1 named[13296]: all zones loaded
set 02 08:28:13 samba4-dc1 named[13296]: running
>Does the DC use itself as its nameserver ?Yes
>Is Samba running ?Yes
>Have you altered the DC smb.conf ?Yes

cat /etc/samba/smb.conf
# Global parameters
[global]
        netbios name = SAMBA4-DC1
        realm = EMPRESA.COM.BR
        workgroup = EMPRESA
        server role = active directory domain controller
        server services = -dns
        #dns update command = /usr/sbin/samba_dnsupdate --use-samba-tool
        ldap server require strong auth = no

[netlogon]
        path = /var/lib/samba/sysvol/empresa.com.br/scripts
        read only = No

[sysvol]
        path = /var/lib/samba/sysvol
        read only = No


root at samba4-dc1:ls -lai /var/lib/samba/private/sam.ldb.d/
total 162292
920703 drwx------ 2 root root     4096 set  2 08:16 .
920705 drwxr-xr-x 7 root root     4096 set  2 08:17 ..
920726 -rw------- 1 root root 40189952 set  2 08:29
CN=CONFIGURATION,DC=EMPRESA,DC=COM,DC=BR.ldb
920725 -rw------- 1 root root 26583040 set  2 08:29
CN=SCHEMA,CN=CONFIGURATION,DC=EMPRESA,DC=COM,DC=BR.ldb
920733 -rw-rw---- 2 root bind 14692352 set  2 08:29
DC=DOMAINDNSZONES,DC=EMPRESA,DC=COM,DC=BR.ldb
920734 -rw-rw---- 2 root bind  4210688 set  2 08:29
DC=FORESTDNSZONES,DC=EMPRESA,DC=COM,DC=BR.ldb
920731 -rw------- 1 root root 79663104 set  2 08:29
DC=EMPRESA,DC=COM,DC=BR.ldb
920708 -rw-rw---- 2 root bind   831488 set  2 08:16 metadata.tdb


root at samba4-dc1:/var/lib/samba# ls -lai
/var/lib/samba/bind-dns/dns/sam.ldb.d/
total 36220
920471 drwxrwx--- 2 root bind     4096 set  2 08:16 .
919793 drwxrwx--- 3 root bind     4096 set  2 08:16 ..
920736 -rw-rw---- 1 root bind  8601600 set  2 08:16
CN=CONFIGURATION,DC=EMPRESA,DC=COM,DC=BR.ldb
920732 -rw-rw---- 1 root bind  7446528 set  2 08:16
CN=SCHEMA,CN=CONFIGURATION,DC=EMPRESA,DC=COM,DC=BR.ldb
920733 -rw-rw---- 2 root bind 14692352 set  2 08:31
DC=DOMAINDNSZONES,DC=EMPRESA,DC=COM,DC=BR.ldb
920734 -rw-rw---- 2 root bind  4210688 set  2 08:31
DC=FORESTDNSZONES,DC=EMPRESA,DC=COM,DC=BR.ldb
920601 -rw-rw---- 1 root bind  1286144 set  2 08:16
DC=EMPRESA,DC=COM,DC=BR.ldb
920708 -rw-rw---- 2 root bind   831488 set  2 08:16 metadata.tdb

Regards,

M?rcio Bacci

Em seg, 2 de set de 2019 ?s 09:07, Rowland penny via samba <
samba at lists.samba.org> escreveu:
> On 02/09/2019 12:58, Marcio Demetrio Bacci wrote:
> > Hi,
> >
> > My DNS Service isn't working properly!
> >
> > root at samba4-dc1:~#  host -t SRV _kerberos._udp.EMPRESA.COM.BR
> > <http://udp.EMPRESA.COM.BR>
> > ;; connection timed out; no servers could be reached
> > root at samba4-dc1:~# host -t SRV _ldap._tcp.EMPRESA.COM.BR
> > <http://tcp.EMPRESA.COM.BR>
> > ;; connection timed out; no servers could be reached
> > root at samba4-dc1:~# host -t A EMPRESA.COM.BR
<http://EMPRESA.COM.BR>
> > ;; connection timed out; no servers could be reached
> > root at samba4-dc1:~# host -t A proxy-server
> > ;; connection timed out; no servers could be reached
> >
> > What should I do?
> >
> is Bind9 running ?
>
> Does the DC use itself as its nameserver ?
>
> Is Samba running ?
>
> Have you altered the DC smb.conf ?
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

Rowland penny

2019-Sep-02 12:27 UTC

head link

[Samba] Problems with Internal DNS Samba 4

On 02/09/2019 13:19, Marcio Demetrio Bacci wrote:> Hi,
>
>
>
> >is Bind9 running ?
> Yes
> netstat -lntup | grep 53
> tcp ? ? ? ?0 ? ? ?0 127.0.0.1:953 <http://127.0.0.1:953> ? ? ? ? ? 
> 0.0.0.0:* ? ? ? ? ? ? ? OU?A ? ? ? 13296/named
> tcp ? ? ? ?0 ? ? ?0 0.0.0.0:49153 <http://0.0.0.0:49153> ? ? ? ? ? 
> 0.0.0.0:* ? ? ? ? ? ? ? OU?A ? ? ? 15105/samba: task[d
> tcp6 ? ? ? 0 ? ? ?0 :::49153 ? ? ? ? ? ? ? ?:::* ? ? ?OU?A ? ? ? 
> 15105/samba: task[d
That will be a NO then.

On my DC:

netstat -lntup | grep 53
tcp??????? 0????? 0 192.168.0.6:53 0.0.0.0:*?????????????? LISTEN????? 
30254/named
tcp??????? 0????? 0 127.0.0.1:53 0.0.0.0:*?????????????? LISTEN????? 
30254/named
tcp??????? 0????? 0 127.0.0.1:953 0.0.0.0:*?????????????? LISTEN????? 
30254/named
tcp??????? 0????? 0 0.0.0.0:49153 0.0.0.0:*?????????????? LISTEN????? 
4324/samba: task[dc
tcp6?????? 0????? 0 ::1:953 :::*??????????????????? LISTEN????? 30254/named
tcp6?????? 0????? 0 :::49153 :::*??????????????????? LISTEN????? 
4324/samba: task[dc
udp??????? 0????? 0 192.168.0.6:53 0.0.0.0:*?????????????????????????? 
30254/named
udp??????? 0????? 0 127.0.0.1:53 0.0.0.0:*?????????????????????????? 
30254/named
>
> ?/etc/init.d/bind9 status
> ? bind9.service - BIND Domain Name Server
> ? ?Loaded: loaded (/lib/systemd/system/bind9.service; enabled; vendor 
> preset: enabled)
> ? ?Active: active (running) since Mon 2019-09-02 08:28:13 -03; 3s ago
> ? ? ?Docs: man:named(8)
> ?Main PID: 13296 (named)
> ? ? Tasks: 7 (limit: 4720)
> ? ?CGroup: /system.slice/bind9.service
> ? ? ? ? ? ???13296 /usr/sbin/named -f -u bind -4
>
> set 02 08:28:13 samba4-dc1 named[13296]: set up managed keys zone for 
> view _default, file 'managed-keys.bind'
> set 02 08:28:13 samba4-dc1 named[13296]: configuring command channel 
> from '/etc/bind/rndc.key'
> set 02 08:28:13 samba4-dc1 named[13296]: command channel listening on 
> 127.0.0.1#953
> set 02 08:28:13 samba4-dc1 named[13296]: managed-keys-zone: loaded 
> serial 0
> set 02 08:28:13 samba4-dc1 named[13296]: zone 0.in-addr.arpa/IN: 
> loaded serial 1
> set 02 08:28:13 samba4-dc1 named[13296]: zone localhost/IN: loaded 
> serial 2
> set 02 08:28:13 samba4-dc1 named[13296]: zone 255.in-addr.arpa/IN: 
> loaded serial 1
> set 02 08:28:13 samba4-dc1 named[13296]: zone 127.in-addr.arpa/IN: 
> loaded serial 1
> set 02 08:28:13 samba4-dc1 named[13296]: all zones loaded
> set 02 08:28:13 samba4-dc1 named[13296]: running
No AD domains !

Double check all the Bind9 named.conf files.

Rowland

Marcio Demetrio Bacci

2019-Sep-02 13:09 UTC

head link

[Samba] Problems with Internal DNS Samba 4

Hi,

I have solved.

I change parameter "listen-on port 53", as follows:
From:
listen-on port 53 { 192.168.1.20; 127.0.01; };

To:
listen-on port 53 { any; };

netstat -lntup | grep 53
tcp        0      0 0.0.0.0:81              0.0.0.0:*               OU?A
    534/lighttpd
tcp        0      0 192.168.1.20:53          0.0.0.0:*               OU?A
    1930/named
tcp        0      0 127.0.0.1:53            0.0.0.0:*               OU?A
    1930/named
tcp        0      0 127.0.0.1:953           0.0.0.0:*               OU?A
    1930/named
tcp        0      0 0.0.0.0:49153           0.0.0.0:*               OU?A
    662/samba: task[dce
tcp6       0      0 :::81                   :::*                    OU?A
    534/lighttpd
tcp6       0      0 :::49153                :::*                    OU?A
    662/samba: task[dce
udp        0      0  192.168. 1.20:53          0.0.0.0:*
        1930/named
udp        0      0 127.0.0.1:53            0.0.0.0:*
    1930/named


Should I perform the same procedures on DC 2 or is there any difference?

Regards,

M?rcio Bacci

Em seg, 2 de set de 2019 ?s 09:27, Rowland penny via samba <
samba at lists.samba.org> escreveu:
> On 02/09/2019 13:19, Marcio Demetrio Bacci wrote:
> > Hi,
> >
> >
> >
> > >is Bind9 running ?
> > Yes
> > netstat -lntup | grep 53
> > tcp        0      0 127.0.0.1:953 <http://127.0.0.1:953>
> > 0.0.0.0:*               OU?A       13296/named
> > tcp        0      0 0.0.0.0:49153 <http://0.0.0.0:49153>
> > 0.0.0.0:*               OU?A       15105/samba: task[d
> > tcp6       0      0 :::49153                :::*      OU?A
> > 15105/samba: task[d
>
> That will be a NO then.
>
> On my DC:
>
> netstat -lntup | grep 53
> tcp        0      0 192.168.0.6:53 0.0.0.0:*               LISTEN
> 30254/named
> tcp        0      0 127.0.0.1:53 0.0.0.0:*               LISTEN
> 30254/named
> tcp        0      0 127.0.0.1:953 0.0.0.0:*               LISTEN
> 30254/named
> tcp        0      0 0.0.0.0:49153 0.0.0.0:*               LISTEN
> 4324/samba: task[dc
> tcp6       0      0 ::1:953 :::*                    LISTEN      30254/named
> tcp6       0      0 :::49153 :::*                    LISTEN
> 4324/samba: task[dc
> udp        0      0 192.168.0.6:53 0.0.0.0:*
> 30254/named
> udp        0      0 127.0.0.1:53 0.0.0.0:*
> 30254/named
>
> >
> >  /etc/init.d/bind9 status
> > ? bind9.service - BIND Domain Name Server
> >    Loaded: loaded (/lib/systemd/system/bind9.service; enabled; vendor
> > preset: enabled)
> >    Active: active (running) since Mon 2019-09-02 08:28:13 -03; 3s ago
> >      Docs: man:named(8)
> >  Main PID: 13296 (named)
> >     Tasks: 7 (limit: 4720)
> >    CGroup: /system.slice/bind9.service
> >            ??13296 /usr/sbin/named -f -u bind -4
> >
> > set 02 08:28:13 samba4-dc1 named[13296]: set up managed keys zone for
> > view _default, file 'managed-keys.bind'
> > set 02 08:28:13 samba4-dc1 named[13296]: configuring command channel
> > from '/etc/bind/rndc.key'
> > set 02 08:28:13 samba4-dc1 named[13296]: command channel listening on
> > 127.0.0.1#953
> > set 02 08:28:13 samba4-dc1 named[13296]: managed-keys-zone: loaded
> > serial 0
> > set 02 08:28:13 samba4-dc1 named[13296]: zone 0.in-addr.arpa/IN:
> > loaded serial 1
> > set 02 08:28:13 samba4-dc1 named[13296]: zone localhost/IN: loaded
> > serial 2
> > set 02 08:28:13 samba4-dc1 named[13296]: zone 255.in-addr.arpa/IN:
> > loaded serial 1
> > set 02 08:28:13 samba4-dc1 named[13296]: zone 127.in-addr.arpa/IN:
> > loaded serial 1
> > set 02 08:28:13 samba4-dc1 named[13296]: all zones loaded
> > set 02 08:28:13 samba4-dc1 named[13296]: running
>
> No AD domains !
>
> Double check all the Bind9 named.conf files.
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

Reasonably Related Threads

Search for more reasonably related threads

samba - Sep 2019 - Problems with Internal DNS Samba 4

[Samba] Problems with Internal DNS Samba 4

[Samba] Problems with Internal DNS Samba 4

[Samba] Problems with Internal DNS Samba 4

Reasonably Related Threads