On 12/22/19 12:07 PM, Rowland penny via samba wrote:>> >> Are there any suggestions to to fix the problem? >> > Cached record somewhere ? > > You seem to have done everything correctly. >Okay I discovered that any changes to my DNS are not being seeing by bind.? So exploring the Wiki https://wiki.samba.org/index.php/BIND9_DLZ_DNS_Back_End#Reconfiguring_the_BIND9_DLZ_Back_End I found this entry: If you create new DNS records in the directory and are not able to resolve them using the |nslookup|, |host| or other DNS lookup tools, the database hard links can got lost. This happens, for example, if you move the databases across mount points. To verify that the domain and forest partition as well as the |metadata.tdb| database are hard linked in both directories, run # ls -lai /usr/local/samba/private/sam.ldb.d/ # ls -lai /usr/local/samba/private/dns/sam.ldb.d/ The same files must have the same inode number in the first column of the output in the both directories. If they differ, the hard link got lost and Samba and BIND use separate database files and thus DNS updates in the directory are not resolveable through the BIND DNS server. So I did the procedure on my system and much to my chagrin I found: > ls -lai /var/lib/samba/private/sam.ldb.d/ total 83720 67868145 drwxr-x--- 2 root named????? 296 Dec 21 17:54 . ? 810580 drwxr-x--- 8 root named???? 4096 Jan? 1 15:31 .. 67868196 -rw------- 1 root root? 29609984 Nov? 7 09:29 CN=CONFIGURATION,DC=MYHOME,DC=NURDOG,DC=COM.ldb 67868195 -rw------- 1 root root? 33222656 Nov? 7 09:29 CN=SCHEMA,CN=CONFIGURATION,DC=MYHOME,DC=NURDOG,DC=COM.ldb 67868192 -rw-rw---- 1 root named? 6950912 Jan? 1 14:30 DC=DOMAINDNSZONES,DC=MYHOME,DC=NURDOG,DC=COM.ldb 67868194 -rw-rw---- 1 root named? 4247552 Nov? 7 09:29 DC=FORESTDNSZONES,DC=MYHOME,DC=NURDOG,DC=COM.ldb 67868202 -rw------- 1 root root? 10862592 Jan? 1 15:20 DC=MYHOME,DC=NURDOG,DC=COM.ldb 67868159 -rw-rw---- 1 root named?? 831488 Jan? 1 14:30 metadata.tdb root at nureyev> ls -lai /var/lib/samba/private/dns/sam.ldb.d/ total 74520 34684505 drwxrwx--- 2 root named????? 296 Dec 21 17:54 . ? 810835 drwxrwx--- 3 root named?????? 38 Dec 21 17:54 .. 34685771 -rw-rw---- 1 root named 27410432 Jan? 1 15:04 CN=CONFIGURATION,DC=MYHOME,DC=NURDOG,DC=COM.ldb 34684600 -rw-rw---- 1 root named 32534528 Jan? 1 15:04 CN=SCHEMA,CN=CONFIGURATION,DC=MYHOME,DC=NURDOG,DC=COM.ldb 34684570 -rw-rw---- 1 root named? 6950912 Jan? 1 15:04 DC=DOMAINDNSZONES,DC=MYHOME,DC=NURDOG,DC=COM.ldb 34684597 -rw-rw---- 1 root named? 4247552 Jan? 1 15:04 DC=FORESTDNSZONES,DC=MYHOME,DC=NURDOG,DC=COM.ldb 34684507 -rw-rw---- 1 root named? 4333568 Jan? 1 15:04 DC=MYHOME,DC=NURDOG,DC=COM.ldb 34685651 -rw-rw---- 1 root named?? 831488 Dec? 2? 2018 metadata.tdb Unfortunately the inode numbers do not match. I also found this entry in the Wiki: To auto-repair the hard linking, see Reconfiguring the BIND9_DLZ Back End <https://wiki.samba.org/index.php/BIND9_DLZ_DNS_Back_End#Reconfiguring_the_BIND9_DLZ_Back_End>. So I ran the auto-repair > samba_upgradedns --dns-backend=BIND9_DLZ Reading domain information DNS accounts already exist No zone file /var/lib/samba/bind-dns/dns/MYHOME.NURDOG.COM.zone DNS records will be automatically created DNS partitions already exist dns-nureyev account already exists Failed to create link /var/lib/samba/private/dns.keytab -> /var/lib/samba/bind-dns/dns.keytab: No such file or directory Failed to chown /var/lib/samba/bind-dns to bind gid 25 Failed to chown /var/lib/samba/bind-dns/dns.keytab to bind gid 25 Traceback (most recent call last): ? File "/sbin/samba_upgradedns", line 533, in <module> ??? create_dns_dir(logger, paths) ? File "/usr/lib64/python3.6/site-packages/samba/provision/sambadns.py", line 704, in create_dns_dir ??? os.mkdir(dns_dir, 0o770) FileNotFoundError: [Errno 2] No such file or directory: '/var/lib/samba/bind-dns/dns' I have been running this domain for quite a while and don't quite understand why this problem would occur. What is somewhat strange is the location of certain files. For example my dns.keytab is located here: > ls /var/lib/samba/private/dns.keytab /var/lib/samba/private/dns.keytab Does anyone have an idea how to fix the problem? Can I just create /var/lib/samba/bind-dns/ and re-run? Suggestions are appreciated. Thanks. -- Paul (ganci at nurdog.com) Cell: (303)257-5208
On 1/1/20 3:49 PM, Paul R. Ganci via samba wrote:> I have been running this domain for quite a while and don't quite > understand why this problem would occur. What is somewhat strange is > the location of certain files. For example my dns.keytab is located here: > > > > ls /var/lib/samba/private/dns.keytab > /var/lib/samba/private/dns.keytab > > Does anyone have an idea how to fix the problem? Can I just create > /var/lib/samba/bind-dns/ and re-run? Suggestions are appreciated. Thanks. >I just went ahead and created the /var/lib/samba/bind-dns/ directory manually and then re-ran the samba_upgradedns command and now it looks like it worked: > samba_upgradedns --dns-backend=BIND9_DLZ Reading domain information DNS accounts already exist No zone file /var/lib/samba/bind-dns/dns/MYHOME.NURDOG.COM.zone DNS records will be automatically created DNS partitions already exist dns-nureyev account already exists ATTENTION: The BIND configuration and keytab has been moved to: /var/lib/samba/bind-dns ?????????? Please update your BIND configuration accordingly. Finished upgrading DNS I didn't realize that at some point the bind configuration had changed. However this seemed to only fix some of the problem. 67868145 drwxr-x--- 2 root named????? 296 Jan? 1 16:03 . ? 810580 drwxr-x--- 7 root named???? 4096 Jan? 1 16:03 .. 67868196 -rw------- 1 root root? 29609984 Nov? 7 09:29 CN=CONFIGURATION,DC=MYHOME,DC=NURDOG,DC=COM.ldb 67868195 -rw------- 1 root root? 33222656 Nov? 7 09:29 CN=SCHEMA,CN=CONFIGURATION,DC=MYHOME,DC=NURDOG,DC=COM.ldb 67868192 -rw-rw---- 2 root named? 6950912 Jan? 1 16:02 DC=DOMAINDNSZONES,DC=MYHOME,DC=NURDOG,DC=COM.ldb 67868194 -rw-rw---- 2 root named? 4247552 Nov? 7 09:29 DC=FORESTDNSZONES,DC=MYHOME,DC=NURDOG,DC=COM.ldb 67868202 -rw------- 1 root root? 10862592 Jan? 1 16:05 DC=MYHOME,DC=NURDOG,DC=COM.ldb 67868159 -rw-rw---- 2 root named?? 831488 Jan? 1 16:02 metadata.tdb root at nureyev> ls -lai bind-dns/dns/sam.ldb.d/ total 28252 34551301 drwxrwx--- 2 root named???? 296 Jan? 1 16:03 . ??? 2784 drwxrwx--- 3 root named????? 38 Jan? 1 16:03 .. 68150376 -rw-rw---- 1 root named 7512064 Jan? 1 16:03 CN=CONFIGURATION,DC=MYHOME,DC=NURDOG,DC=COM.ldb 68150375 -rw-rw---- 1 root named 8101888 Jan? 1 16:03 CN=SCHEMA,CN=CONFIGURATION,DC=MYHOME,DC=NURDOG,DC=COM.ldb 67868192 -rw-rw---- 2 root named 6950912 Jan? 1 16:02 DC=DOMAINDNSZONES,DC=MYHOME,DC=NURDOG,DC=COM.ldb 67868194 -rw-rw---- 2 root named 4247552 Nov? 7 09:29 DC=FORESTDNSZONES,DC=MYHOME,DC=NURDOG,DC=COM.ldb 34551310 -rw-rw---- 1 root named 1286144 Jan? 1 16:03 DC=MYHOME,DC=NURDOG,DC=COM.ldb 67868159 -rw-rw---- 2 root named? 831488 Jan? 1 16:02 metadata.tdb The CN=CONFIGURATION,DC=MYHOME,DC=NURDOG,DC=COM.ldb and CN=SCHEMA,CN=CONFIGURATION,DC=MYHOME,DC=NURDOG,DC=COM.ldb? and DC=MYHOME,DC=NURDOG,DC=COM.ldb are still different. I can add, delete and update entries and I do not see the changes in bind. Is there some way to fix the problem? -- Paul (ganci at nurdog.com) Cell: (303)257-5208
On 01/01/2020 23:11, Paul R. Ganci via samba wrote:> On 1/1/20 3:49 PM, Paul R. Ganci via samba wrote: >> I have been running this domain for quite a while and don't quite >> understand why this problem would occur. What is somewhat strange is >> the location of certain files. For example my dns.keytab is located >> here: >> >> >> > ls /var/lib/samba/private/dns.keytab >> /var/lib/samba/private/dns.keytab >> >> Does anyone have an idea how to fix the problem? Can I just create >> /var/lib/samba/bind-dns/ and re-run? Suggestions are appreciated. >> Thanks. >> > I just went ahead and created the /var/lib/samba/bind-dns/ directory > manually and then re-ran the samba_upgradedns command and now it looks > like it worked: > > > samba_upgradedns --dns-backend=BIND9_DLZ > Reading domain information > DNS accounts already exist > No zone file /var/lib/samba/bind-dns/dns/MYHOME.NURDOG.COM.zone > DNS records will be automatically created > DNS partitions already exist > dns-nureyev account already exists > ATTENTION: The BIND configuration and keytab has been moved to: > /var/lib/samba/bind-dns > ?????????? Please update your BIND configuration accordingly. > Finished upgrading DNS > > I didn't realize that at some point the bind configuration had > changed. However this seemed to only fix some of the problem. > > 67868145 drwxr-x--- 2 root named????? 296 Jan? 1 16:03 . > ? 810580 drwxr-x--- 7 root named???? 4096 Jan? 1 16:03 .. > 67868196 -rw------- 1 root root? 29609984 Nov? 7 09:29 > CN=CONFIGURATION,DC=MYHOME,DC=NURDOG,DC=COM.ldb > 67868195 -rw------- 1 root root? 33222656 Nov? 7 09:29 > CN=SCHEMA,CN=CONFIGURATION,DC=MYHOME,DC=NURDOG,DC=COM.ldb > 67868192 -rw-rw---- 2 root named? 6950912 Jan? 1 16:02 > DC=DOMAINDNSZONES,DC=MYHOME,DC=NURDOG,DC=COM.ldb > 67868194 -rw-rw---- 2 root named? 4247552 Nov? 7 09:29 > DC=FORESTDNSZONES,DC=MYHOME,DC=NURDOG,DC=COM.ldb > 67868202 -rw------- 1 root root? 10862592 Jan? 1 16:05 > DC=MYHOME,DC=NURDOG,DC=COM.ldb > 67868159 -rw-rw---- 2 root named?? 831488 Jan? 1 16:02 metadata.tdb > > root at nureyev> ls -lai bind-dns/dns/sam.ldb.d/ > total 28252 > 34551301 drwxrwx--- 2 root named???? 296 Jan? 1 16:03 . > ??? 2784 drwxrwx--- 3 root named????? 38 Jan? 1 16:03 .. > 68150376 -rw-rw---- 1 root named 7512064 Jan? 1 16:03 > CN=CONFIGURATION,DC=MYHOME,DC=NURDOG,DC=COM.ldb > 68150375 -rw-rw---- 1 root named 8101888 Jan? 1 16:03 > CN=SCHEMA,CN=CONFIGURATION,DC=MYHOME,DC=NURDOG,DC=COM.ldb > 67868192 -rw-rw---- 2 root named 6950912 Jan? 1 16:02 > DC=DOMAINDNSZONES,DC=MYHOME,DC=NURDOG,DC=COM.ldb > 67868194 -rw-rw---- 2 root named 4247552 Nov? 7 09:29 > DC=FORESTDNSZONES,DC=MYHOME,DC=NURDOG,DC=COM.ldb > 34551310 -rw-rw---- 1 root named 1286144 Jan? 1 16:03 > DC=MYHOME,DC=NURDOG,DC=COM.ldb > 67868159 -rw-rw---- 2 root named? 831488 Jan? 1 16:02 metadata.tdb > > The CN=CONFIGURATION,DC=MYHOME,DC=NURDOG,DC=COM.ldb and > CN=SCHEMA,CN=CONFIGURATION,DC=MYHOME,DC=NURDOG,DC=COM.ldb? and > DC=MYHOME,DC=NURDOG,DC=COM.ldb are still different. I can add, delete > and update entries and I do not see the changes in bind. Is there some > way to fix the problem? >If you read the wiki page correctly, the important files are: DC=DOMAINDNSZONES,DC=MYHOME,DC=NURDOG,DC=COM.ldb DC=FORESTDNSZONES,DC=MYHOME,DC=NURDOG,DC=COM.ldb metadata.tdb Yours now match, you just need to update the paths in your Bind9 config files. Rowland