Hai,> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Paul > R. Ganci via samba > Verzonden: woensdag 1 januari 2020 23:49 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] Cannot remove old NS record > > On 12/22/19 12:07 PM, Rowland penny via samba wrote: > >> > >> Are there any suggestions to to fix the problem? > >> > > Cached record somewhere ? > > > > You seem to have done everything correctly. > > > Okay I discovered that any changes to my DNS are not being seeing by > bind.? So exploring the Wiki > > https://wiki.samba.org/index.php/BIND9_DLZ_DNS_Back_End#Reconfiguring_the_BIND9_DLZ_Back_End> > I found this entry: > > If you create new DNS records in the directory and are not able to > resolve them using the |nslookup|, |host| or other DNS lookup > tools, the > database hard links can got lost. This happens, for example, > if you move > the databases across mount points. > > To verify that the domain and forest partition as well as the > |metadata.tdb| database are hard linked in both directories, run > > # ls -lai /usr/local/samba/private/sam.ldb.d/ > > # ls -lai /usr/local/samba/private/dns/sam.ldb.d/ > > The same files must have the same inode number in the first column of > the output in the both directories. If they differ, the hard link got > lost and Samba and BIND use separate database files and thus > DNS updates > in the directory are not resolveable through the BIND DNS server. > > So I did the procedure on my system and much to my chagrin I found: > > > ls -lai /var/lib/samba/private/sam.ldb.d/ > total 83720 > 67868145 drwxr-x--- 2 root named????? 296 Dec 21 17:54 . > ? 810580 drwxr-x--- 8 root named???? 4096 Jan? 1 15:31 .. > 67868196 -rw------- 1 root root? 29609984 Nov? 7 09:29 > CN=CONFIGURATION,DC=MYHOME,DC=NURDOG,DC=COM.ldb > 67868195 -rw------- 1 root root? 33222656 Nov? 7 09:29 > CN=SCHEMA,CN=CONFIGURATION,DC=MYHOME,DC=NURDOG,DC=COM.ldb > 67868192 -rw-rw---- 1 root named? 6950912 Jan? 1 14:30 > DC=DOMAINDNSZONES,DC=MYHOME,DC=NURDOG,DC=COM.ldb > 67868194 -rw-rw---- 1 root named? 4247552 Nov? 7 09:29 > DC=FORESTDNSZONES,DC=MYHOME,DC=NURDOG,DC=COM.ldb > 67868202 -rw------- 1 root root? 10862592 Jan? 1 15:20 > DC=MYHOME,DC=NURDOG,DC=COM.ldb > 67868159 -rw-rw---- 1 root named?? 831488 Jan? 1 14:30 metadata.tdb > > root at nureyev> ls -lai /var/lib/samba/private/dns/sam.ldb.d/ > total 74520 > 34684505 drwxrwx--- 2 root named????? 296 Dec 21 17:54 . > ? 810835 drwxrwx--- 3 root named?????? 38 Dec 21 17:54 .. > 34685771 -rw-rw---- 1 root named 27410432 Jan? 1 15:04 > CN=CONFIGURATION,DC=MYHOME,DC=NURDOG,DC=COM.ldb > 34684600 -rw-rw---- 1 root named 32534528 Jan? 1 15:04 > CN=SCHEMA,CN=CONFIGURATION,DC=MYHOME,DC=NURDOG,DC=COM.ldb > 34684570 -rw-rw---- 1 root named? 6950912 Jan? 1 15:04 > DC=DOMAINDNSZONES,DC=MYHOME,DC=NURDOG,DC=COM.ldb > 34684597 -rw-rw---- 1 root named? 4247552 Jan? 1 15:04 > DC=FORESTDNSZONES,DC=MYHOME,DC=NURDOG,DC=COM.ldb > 34684507 -rw-rw---- 1 root named? 4333568 Jan? 1 15:04 > DC=MYHOME,DC=NURDOG,DC=COM.ldb > 34685651 -rw-rw---- 1 root named?? 831488 Dec? 2? 2018 metadata.tdb > > Unfortunately the inode numbers do not match. > > I also found this entry in the Wiki: > > To auto-repair the hard linking, see Reconfiguring the BIND9_DLZ Back > End > <https://wiki.samba.org/index.php/BIND9_DLZ_DNS_Back_End#Reconfiguring_the_BIND9_DLZ_Back_End>.> > > So I ran the auto-repair > > > samba_upgradedns --dns-backend=BIND9_DLZ > Reading domain information > DNS accounts already exist > No zone file /var/lib/samba/bind-dns/dns/MYHOME.NURDOG.COM.zone > DNS records will be automatically created > DNS partitions already exist > dns-nureyev account already exists > Failed to create link /var/lib/samba/private/dns.keytab -> > /var/lib/samba/bind-dns/dns.keytab: No such file or directory > Failed to chown /var/lib/samba/bind-dns to bind gid 25 > Failed to chown /var/lib/samba/bind-dns/dns.keytab to bind gid 25 > Traceback (most recent call last): > ? File "/sbin/samba_upgradedns", line 533, in <module> > ??? create_dns_dir(logger, paths) > ? File > "/usr/lib64/python3.6/site-packages/samba/provision/sambadns.py", line> 704, in create_dns_dir > ??? os.mkdir(dns_dir, 0o770) > FileNotFoundError: [Errno 2] No such file or directory: > '/var/lib/samba/bind-dns/dns' > > I have been running this domain for quite a while and don't quite > understand why this problem would occur. What is somewhat > strange is the > location of certain files. For example my dns.keytab is located here: > > > > ls /var/lib/samba/private/dns.keytab > /var/lib/samba/private/dns.keytab > > Does anyone have an idea how to fix the problem? Can I just create > /var/lib/samba/bind-dns/ and re-run? Suggestions are > appreciated. Thanks.Yes, you can use : install -d /var/lib/samba/bind-dns/ -o root -g bind -m 770 And rerun it. Just dont forget to adjust the bind config files also. Greetz, Louis
On 1/2/20 1:00 AM, L.P.H. van Belle via samba wrote> Yes, you can use : > > install -d /var/lib/samba/bind-dns/ -o root -g bind -m 770 > And rerun it. > > Just dont forget to adjust the bind config files also.So after moving everything, fixing the bind config and restarting there is still an issue. While the forward zone myhome.nurdog.com is working fine,? the reverse zone has a problem. > samba-tool dns query nureyev.myhome.nurdog.com 1.168.192.in-addr.arpa @ all Password for [administrator at MYHOME.NURDOG.COM]: ? Name=, Records=2, Children=0 ??? SOA: serial=130, refresh=900, retry=600, expire=86400, minttl=3600, ns=nikita.myhome.nurdog.com., email=hostmaster.myhome.nurdog.com. (flags=600000f0, serial=130, ttl=3600) ??? NS: nikita.myhome.nurdog.com. (flags=600000f0, serial=1, ttl=0) ? Name=1, Records=1, Children=0 ??? PTR: lan-A.myhome.nurdog.com (flags=f0, serial=50, ttl=900) ? Name=12, Records=1, Children=0 ??? PTR: dyn-192-168-1-12.myhome.nurdog.com (flags=f0, serial=80, ttl=900) ? Name=13, Records=1, Children=0 ??? PTR: dyn-192-168-1-13.myhome.nurdog.com (flags=f0, serial=81, ttl=900) ? Name=14, Records=1, Children=0 ??? PTR: dyn-192-168-1-14.myhome.nurdog.com (flags=f0, serial=82, ttl=900) ? Name=2, Records=1, Children=0 ??? PTR: mcduff.myhome.nurdog.com (flags=f0, serial=3, ttl=0) ? Name=3, Records=1, Children=0 ??? PTR: shamu.myhome.nurdog.com (flags=f0, serial=4, ttl=0) ? Name=4, Records=1, Children=0 ??? PTR: mx.myhome.nurdog.com (flags=f0, serial=112, ttl=900) ? Name=5, Records=1, Children=0 ??? PTR: nas.myhome.nurdog.com (flags=f0, serial=98, ttl=900) ? Name=6, Records=1, Children=0 ??? PTR: www-new.myhome.nurdog.com (flags=f0, serial=100, ttl=900) ? Name=7, Records=1, Children=0 ??? PTR: edge-switch.myhome.nurdog.com (flags=f0, serial=104, ttl=900) ? Name=8, Records=1, Children=0 ??? PTR: nureyev.myhome.nurdog.com (flags=f0, serial=106, ttl=900) ? Name=9, Records=1, Children=0 ??? PTR: rpi3-server-2.myhome.nurdog.com (flags=f0, serial=108, ttl=900) Note that this zone appears to still be pointing at nikita.myhome.nurdog.com (should be nureyev.myhome.nurdog.com) as its nameserver and the records for Name=10 and Name=11 are missing. Something still seems to be broken because if I add the missing entry: > samba-tool dns add nureyev.myhome.nurdog.com 1.168.192.in-addr.arpa 10 PTR sasha.myhome.nurdog.com Record added successfully But subsequently: > samba-tool dns query nureyev.myhome.nurdog.com 1.168.192.in-addr.arpa @ all Password for [administrator at MYHOME.NURDOG.COM]: ? Name=, Records=2, Children=0 ??? SOA: serial=131, refresh=900, retry=600, expire=86400, minttl=3600, ns=nikita.myhome.nurdog.com., email=hostmaster.myhome.nurdog.com. (flags=600000f0, serial=131, ttl=3600) ??? NS: nikita.myhome.nurdog.com. (flags=600000f0, serial=1, ttl=0) ? Name=1, Records=1, Children=0 ??? PTR: lan-A.myhome.nurdog.com (flags=f0, serial=50, ttl=900) ? Name=12, Records=1, Children=0 ??? PTR: dyn-192-168-1-12.myhome.nurdog.com (flags=f0, serial=80, ttl=900) ? Name=13, Records=1, Children=0 ??? PTR: dyn-192-168-1-13.myhome.nurdog.com (flags=f0, serial=81, ttl=900) ? Name=14, Records=1, Children=0 ??? PTR: dyn-192-168-1-14.myhome.nurdog.com (flags=f0, serial=82, ttl=900) ? Name=2, Records=1, Children=0 ??? PTR: mcduff.myhome.nurdog.com (flags=f0, serial=3, ttl=0) ? Name=3, Records=1, Children=0 ??? PTR: shamu.myhome.nurdog.com (flags=f0, serial=4, ttl=0) ? Name=4, Records=1, Children=0 ??? PTR: mx.myhome.nurdog.com (flags=f0, serial=112, ttl=900) ? Name=5, Records=1, Children=0 ??? PTR: nas.myhome.nurdog.com (flags=f0, serial=98, ttl=900) ? Name=6, Records=1, Children=0 ??? PTR: www-new.myhome.nurdog.com (flags=f0, serial=100, ttl=900) ? Name=7, Records=1, Children=0 ??? PTR: edge-switch.myhome.nurdog.com (flags=f0, serial=104, ttl=900) ? Name=8, Records=1, Children=0 ??? PTR: nureyev.myhome.nurdog.com (flags=f0, serial=106, ttl=900) ? Name=9, Records=1, Children=0 ??? PTR: rpi3-server-2.myhome.nurdog.com (flags=f0, serial=108, ttl=900) And still no Name=10 appears. It appears that there is a problem with the reverse zone still pointing to something old. Admittedly this problem is not so critical but I would like to fix it. -- Paul (ganci at nurdog.com) Cell: (303)257-5208
On 1/3/20 3:33 PM, Paul R. Ganci via samba wrote:> On 1/2/20 1:00 AM, L.P.H. van Belle via samba wrote >> Yes, you can use : >> >> install -d /var/lib/samba/bind-dns/ -o root -g bind -m 770 >> And rerun it. >> >> Just dont forget to adjust the bind config files also. > > So after moving everything, fixing the bind config and restarting > there is still an issue. While the forward zone myhome.nurdog.com is > working fine,? the reverse zone has a problem. > > > samba-tool dns query nureyev.myhome.nurdog.com > 1.168.192.in-addr.arpa @ all > Password for [administrator at MYHOME.NURDOG.COM]: > ? Name=, Records=2, Children=0 > ??? SOA: serial=130, refresh=900, retry=600, expire=86400, > minttl=3600, ns=nikita.myhome.nurdog.com., > email=hostmaster.myhome.nurdog.com. (flags=600000f0, serial=130, > ttl=3600) > ??? NS: nikita.myhome.nurdog.com. (flags=600000f0, serial=1, ttl=0) > ? Name=1, Records=1, Children=0 > ??? PTR: lan-A.myhome.nurdog.com (flags=f0, serial=50, ttl=900) > ? Name=12, Records=1, Children=0 > ??? PTR: dyn-192-168-1-12.myhome.nurdog.com (flags=f0, serial=80, > ttl=900) > ? Name=13, Records=1, Children=0 > ??? PTR: dyn-192-168-1-13.myhome.nurdog.com (flags=f0, serial=81, > ttl=900) > ? Name=14, Records=1, Children=0 > ??? PTR: dyn-192-168-1-14.myhome.nurdog.com (flags=f0, serial=82, > ttl=900) > ? Name=2, Records=1, Children=0 > ??? PTR: mcduff.myhome.nurdog.com (flags=f0, serial=3, ttl=0) > ? Name=3, Records=1, Children=0 > ??? PTR: shamu.myhome.nurdog.com (flags=f0, serial=4, ttl=0) > ? Name=4, Records=1, Children=0 > ??? PTR: mx.myhome.nurdog.com (flags=f0, serial=112, ttl=900) > ? Name=5, Records=1, Children=0 > ??? PTR: nas.myhome.nurdog.com (flags=f0, serial=98, ttl=900) > ? Name=6, Records=1, Children=0 > ??? PTR: www-new.myhome.nurdog.com (flags=f0, serial=100, ttl=900) > ? Name=7, Records=1, Children=0 > ??? PTR: edge-switch.myhome.nurdog.com (flags=f0, serial=104, ttl=900) > ? Name=8, Records=1, Children=0 > ??? PTR: nureyev.myhome.nurdog.com (flags=f0, serial=106, ttl=900) > ? Name=9, Records=1, Children=0 > ??? PTR: rpi3-server-2.myhome.nurdog.com (flags=f0, serial=108, ttl=900) > > Note that this zone appears to still be pointing at > nikita.myhome.nurdog.com (should be nureyev.myhome.nurdog.com) as its > nameserver and the records for Name=10 and Name=11 are missing. > Something still seems to be broken because if I add the missing entry: > > > samba-tool dns add nureyev.myhome.nurdog.com 1.168.192.in-addr.arpa > 10 PTR sasha.myhome.nurdog.com > Record added successfully > > But subsequently: > > > samba-tool dns query nureyev.myhome.nurdog.com > 1.168.192.in-addr.arpa @ all > Password for [administrator at MYHOME.NURDOG.COM]: > ? Name=, Records=2, Children=0 > ??? SOA: serial=131, refresh=900, retry=600, expire=86400, > minttl=3600, ns=nikita.myhome.nurdog.com., > email=hostmaster.myhome.nurdog.com. (flags=600000f0, serial=131, > ttl=3600) > ??? NS: nikita.myhome.nurdog.com. (flags=600000f0, serial=1, ttl=0) > ? Name=1, Records=1, Children=0 > ??? PTR: lan-A.myhome.nurdog.com (flags=f0, serial=50, ttl=900) > ? Name=12, Records=1, Children=0 > ??? PTR: dyn-192-168-1-12.myhome.nurdog.com (flags=f0, serial=80, > ttl=900) > ? Name=13, Records=1, Children=0 > ??? PTR: dyn-192-168-1-13.myhome.nurdog.com (flags=f0, serial=81, > ttl=900) > ? Name=14, Records=1, Children=0 > ??? PTR: dyn-192-168-1-14.myhome.nurdog.com (flags=f0, serial=82, > ttl=900) > ? Name=2, Records=1, Children=0 > ??? PTR: mcduff.myhome.nurdog.com (flags=f0, serial=3, ttl=0) > ? Name=3, Records=1, Children=0 > ??? PTR: shamu.myhome.nurdog.com (flags=f0, serial=4, ttl=0) > ? Name=4, Records=1, Children=0 > ??? PTR: mx.myhome.nurdog.com (flags=f0, serial=112, ttl=900) > ? Name=5, Records=1, Children=0 > ??? PTR: nas.myhome.nurdog.com (flags=f0, serial=98, ttl=900) > ? Name=6, Records=1, Children=0 > ??? PTR: www-new.myhome.nurdog.com (flags=f0, serial=100, ttl=900) > ? Name=7, Records=1, Children=0 > ??? PTR: edge-switch.myhome.nurdog.com (flags=f0, serial=104, ttl=900) > ? Name=8, Records=1, Children=0 > ??? PTR: nureyev.myhome.nurdog.com (flags=f0, serial=106, ttl=900) > ? Name=9, Records=1, Children=0 > ??? PTR: rpi3-server-2.myhome.nurdog.com (flags=f0, serial=108, ttl=900) > > And still no Name=10 appears. It appears that there is a problem with > the reverse zone still pointing to something old. Admittedly this > problem is not so critical but I would like to fix it. >I should also add that if I try to add it again I get this error: > samba-tool dns add nureyev.myhome.nurdog.com 1.168.192.in-addr.arpa 10 PTR sasha.myhome.nurdog.com ERROR(runtime): uncaught exception - (9711, 'WERR_DNS_ERROR_RECORD_ALREADY_EXISTS') ? File "/usr/lib64/python3.6/site-packages/samba/netcmd/__init__.py", line 186, in _run ??? return self.run(*args, **kwargs) ? File "/usr/lib64/python3.6/site-packages/samba/netcmd/dns.py", line 945, in run ??? raise e ? File "/usr/lib64/python3.6/site-packages/samba/netcmd/dns.py", line 941, in run ??? 0, server, zone, name, add_rec_buf, None) What is also strange is that I have other reverse zones which do not have this problem. And I was able to at least fix the SOA and NS so that they now point to nureyev.myhome.nurdog.com like they should. I managed that by modifying those particular records from a Windows 10 using the DNS administrative tool. It seems some things I can update easily via Windows 10 Pro + Administrative tools. But I cannot add, modify or delete things in the 1.168.192.in-addr.arpa zone have it seen. -- Paul (ganci at nurdog.com) Cell: (303)257-5208