samba - Feb 2020 - WERR_DNS_ERROR_NAME_DOES_NOT_EXIST when samba_dnsupdate tries to add to _msdcs

I'm been stumped trying to resolve a samba error when it runs
samba_dnsupdate to resync
with a Windows Server 2008 DC. 

This is on a Debian 9 VM on which I have configured a Samba 4.5.16 / BIND 9.10.3
server
joined as a DC to an existing Windows 2008 domain. 

It's mostly working now, but I can't get rid of one error that is
preventing some additions to the
_msdcs for the new Samba DC when samba_dnsupdate is run. 

Here's a portion of the output of "samba_dnsupdate --verbose
--use-samba-tool"
showing the failures... 
---- 
... 
(samba_dnsupdate detects 9 missing _msdcs records for the samba server (dc2) in
two
other windows 2008 DC's) 
... 
9 DNS updates and 0 DNS deletes needed 
Successfully obtained Kerberos ticket to DNS/dc2.office.example.com as DC2$ 
update (samba-tool): NS _msdcs.office.example.com dc2.office.example.com 
Calling samba-tool dns for NS _msdcs.office.example.com dc2.office.example.com
(add)
Calling samba-tool dns add -k no -P ['192.168.0.10',
'_msdcs.office.example.com', '@', 'NS',
'dc2.office.example.com'] 
ERROR(runtime): uncaught exception - (9714, 
'WERR_DNS_ERROR_NAME_DOES_NOT_EXIST') 
File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line
176, in _run
return self.run(*args, **kwargs) 
File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line
1076, in run
0, server, zone, name, add_rec_buf, None) 
update (samba-tool): SRV _ldap._tcp.dc._msdcs.office.example.com 
dc2.office.example.com 389 
Calling samba-tool dns for SRV _ldap._tcp.dc._msdcs.office.example.com 
dc2.office.example.com 389 (add) 
Calling samba-tool dns add -k no -P ['192.168.0.10',
'_msdcs.office.example.com',
'_ldap._tcp.dc', 'SRV', 'dc2.office.example.com 389 0
100']
ERROR(runtime): uncaught exception - (9714, 
'WERR_DNS_ERROR_NAME_DOES_NOT_EXIST') 
File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line
176, in _run
return self.run(*args, **kwargs) 
File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line
1076, in run
0, server, zone, name, add_rec_buf, None) 
... ETC. 
---- 
It's weird because other similar entries were made successfully during the
join (e.g. under
_msdcs._sites ) 
Has anyone else seen an issue like this???? 
Thanks for any advice...

On 03/02/2020 18:54, Rick Hollinbeck via samba wrote:
> I'm been stumped trying to resolve a samba error when it runs
samba_dnsupdate to resync
> with a Windows Server 2008 DC.
>
> This is on a Debian 9 VM on which I have configured a Samba 4.5.16 / BIND
9.10.3 server
> joined as a DC to an existing Windows 2008 domain.
This sounds like a new DC, so why did you use Debian 9 ?

This gets you, as you have found, a version of Samba that is EOL, can I 
suggest that you upgrade your distro to Debian 10, which will get you 
Samba 4.9.5 ( which will go EOL shortly) and use Samba from here: 
http://apt.van-belle.nl/
>
> It's mostly working now, but I can't get rid of one error that is
preventing some additions to the
> _msdcs for the new Samba DC when samba_dnsupdate is run.
>
> Here's a portion of the output of "samba_dnsupdate --verbose
--use-samba-tool"
> showing the failures...
> ----
> ...
> (samba_dnsupdate detects 9 missing _msdcs records for the samba server
(dc2) in two
> other windows 2008 DC's)
> ...
> 9 DNS updates and 0 DNS deletes needed
> Successfully obtained Kerberos ticket to DNS/dc2.office.example.com as DC2$
> update (samba-tool): NS _msdcs.office.example.com dc2.office.example.com
> Calling samba-tool dns for NS _msdcs.office.example.com
dc2.office.example.com (add)
> Calling samba-tool dns add -k no -P ['192.168.0.10',
'_msdcs.office.example.com', '@', 'NS',
> 'dc2.office.example.com']
> ERROR(runtime): uncaught exception - (9714,
> 'WERR_DNS_ERROR_NAME_DOES_NOT_EXIST')
> File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
line 176, in _run
> return self.run(*args, **kwargs)
> File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line
1076, in run
> 0, server, zone, name, add_rec_buf, None)
> update (samba-tool): SRV _ldap._tcp.dc._msdcs.office.example.com
> dc2.office.example.com 389
> Calling samba-tool dns for SRV _ldap._tcp.dc._msdcs.office.example.com
> dc2.office.example.com 389 (add)
> Calling samba-tool dns add -k no -P ['192.168.0.10',
'_msdcs.office.example.com',
> '_ldap._tcp.dc', 'SRV', 'dc2.office.example.com 389 0
100']
> ERROR(runtime): uncaught exception - (9714,
> 'WERR_DNS_ERROR_NAME_DOES_NOT_EXIST')
> File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
line 176, in _run
> return self.run(*args, **kwargs)
> File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line
1076, in run
> 0, server, zone, name, add_rec_buf, None)
> ... ETC.
> ----
> It's weird because other similar entries were made successfully during
the join (e.g. under
> _msdcs._sites )
> Has anyone else seen an issue like this????
> Thanks for any advice...
>
>
Things like this used to happen, but the numerous fixes that have gone 
into Samba have made them less likely ;-)

Rowland