Hai Christian,> Can someone reproduce this?No, tried, but sorry, works fine for me on my 4.11.6 server. And what is you try it like this. samba-tool dns add dc1.zone1.domain.de 0.168.192.in-addr.arpa 157 PTR zone1.domain.de -U Administrator samba-tool dns add dc1.zone1.domain.de 1.168.192.in-addr.arpa 157 PTR zone2.domain.de -U Administrator I tested on my production where i have 6 forward/reverse zones in use. Is the hostname "dc1" also in other zones? Yes, use FQDN as i showed and test it. No, we need to investigate more most probely. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Christian Naumer via samba > Verzonden: maandag 10 februari 2020 16:17 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] New DNS-Records not aviable > > After some more digging it looks like this: > > I will try to explain. > > I have to reverse zones: > > 0.168.192.in-addr.arpa > 2.168.192.in-addr.arpa > > I create a new entry with > > samba-tool dns add dc1 0.168.192.in-addr.arpa 157 PTR xxxxxx.domain.de > > This works only if 157.2.168.192.in-addr.arpa (pointing to any other > host) does not exist. If it does the entry is created again. > > 157.2.168.192.in-addr.arpa ponting to xxxxxx. > > If there is no entry in the 2.168.192.in-addr.arpa zone then the entry > is correctly created in the 0.168.192.in-addr.arpa zone. > > Can someone reproduce this? > > > > > Am 10.02.20 um 11:13 schrieb Christian Naumer via samba: > > Funny you should post this now. I was just cleaning up some > DNS records > > and the following happend. > > I had to PTR records with an empty timestamp. I deleted > them and wanted > > to recreate them. > > My reverse Zones are > > > > 0.168.192.in-addr.arpa > > > > and > > > > 2.168.192.in-addr.arpa > > > > > > both of the records I delted were in the "0" zone. > > > > The first i recreated with: > > > > samba-tool dns add dc1 0.168.192.in-addr.arpa 212 PTR drac.domain.de > > > > works as expected > > > > samba-tool dns add dc1 0.168.192.in-addr.arpa 80 PTR > device.domain.de > > > > And this gets created in the "2" zone. > > > > If I try the same comamnd again it says entry exits. So it > really thinks > > it is creating in the right zone. > > > > I tried using the Windows DNS tool and it created the entry > in the same > > wrong zone! > > > > Weird! > > > > I got it to created the right record by expunging all > tombstones on all DCs. > > > > I don't know if this is related but it sound similar. > > > > Regards > > > > > > Christian > > > > > > > > Am 10.02.20 um 10:44 schrieb Heinz H?lzl via samba: > >> hi again. > >> > >> after some tests, (on my operational domain and on a new > testdomain) i > >> detected this behavior: > >> > >> > >> > >> on samba 4.11.6 sometimes the new DNS-records finisches on > a wrong dns > >> zone. > >> > >> the problem occurs, if more then 5 records are created > with the same > >> name in more then one domain zone > >> > >> for example: > >> testa1.jupiter.mydom.org > >> testa2.jupiter.mydom.org > >> testa3.jupiter.mydom.org > >> testa4.jupiter.mydom.org > >> testa5.jupiter.mydom.org > >> testa6.jupiter.mydom.org > >> testa7.jupiter.mydom.org > >> ... > >> testa1.saturn.mydom.org > >> testa2.saturn.mydom.org > >> testa3.saturn.mydom.org > >> te > >> sta4.saturn.mydom.org > >> testa5.saturn.mydom.org > >> testa6.saturn.mydom.org > >> test > >> a7.saturn.mydom.org > >> ... > >> > >> > >> > >> can anyone confirm this ? > >> > >> > >> > >> To reproduce: > >> 1. create a new domain zone (jupiter.mydom.org) and create > 10 A records > >> (testa1-testa10 -> 192.168.1.1-192.168.1.10 ) > >> and 10 CNAME (testc1-testc10 -> testa1-testa10) in the new zone > >> > >> > >> samba-tool dns zonecreate dc2 jupiter.mydom.org > >> samba-tool dns add dc2 jupiter.mydom.org testa1 A 192.168.1.1 > >> samba-tool dns add dc2 jupiter.mydom.org testc1 CNAME > >> testa1.jupiter.mydom.org > >> samba-tool dns add dc2 jupiter.mydom.org testa2 A 192.168.1.2 > >> samba-tool dns add dc2 jupiter.mydom.org testc2 CNAME > >> testa2.jupiter.mydom.org > >> samba-tool dns add dc2 jupiter.mydom.org testa3 A 192.168.1.3 > >> samba-tool dns add dc2 jupiter.mydom.org testc3 CNAME > >> testa3.jupiter.mydom.org > >> samba-tool dns add dc2 jupiter.mydom.org testa4 A 192.168.1.4 > >> samba-tool dns add dc2 jupiter.mydom.org testc4 CNAME > >> testa4.jupiter.mydom.org > >> samba-tool dns add dc2 jupiter.mydom.org testa5 A 192.168.1.5 > >> samba-tool dns add dc2 jupiter.mydom.org testc5 CNAME > >> testa5.jupiter.mydom.org > >> samba-tool dns add dc2 jupiter.mydom.org testa6 A 192.168.1.6 > >> samba-tool dns add dc2 jupiter.mydom.org testc6 CNAME > >> testa6.jupiter.mydom.org > >> samba-tool dns add dc2 jupiter.mydom.org testa7 A 192.168.1.7 > >> samba-tool dns add dc2 jupiter.mydom.org testc7 CNAME > >> testa7.jupiter.mydom.org > >> samba-tool dns add dc2 jupiter.mydom.org testa8 A 192.168.1.8 > >> samba-tool dns add dc2 jupiter.mydom.org testc8 CNAME > >> testa8.jupiter.mydom.org > >> samba-tool dns add dc2 jupiter.mydom.org testa9 A 192.168.1.9 > >> samba-tool dns add dc2 jupiter.mydom.org testc9 CNAME > >> testa9.jupiter.mydom.org > >> samba-tool dns add dc2 jupiter.mydom.org testa10 A 192.168.1.10 > >> samba-tool dns add dc2 jupiter.mydom.org testc10 CNAME > >> testa10.jupiter.mydom.org > >> > >> > >> The result until here is as expected: > >> > >> samba-tool dns query dc2 jupiter.mydom.org jupiter.mydom.org all > >> Name=, Records=2, Children=0 > >> SOA: serial=21, refresh=900, retry=600, expire=86400, > minttl=3600, > >> ns=dc2.mydom.org., email=hostmaster.mydom.org. (flags=600000f0, > >> serial=21, ttl=3600) > >> NS: dc2.mydom.org. (flags=600000f0, serial=1, ttl=3600) > >> Name=testa1, Records=1, Children=0 > >> A: 192.168.1.1 (flags=f0, serial=2, ttl=900) > >> Name=testa10, Records=1, Children=0 > >> A: 192.168.1.10 (flags=f0, serial=20, ttl=900) > >> Name=testa2, Records=1, Children=0 > >> A: 192.168.1.2 (flags=f0, serial=4, ttl=900) > >> Name=testa3, Records=1, Children=0 > >> A: 192.168.1.3 (flags=f0, serial=6, ttl=900) > >> Name=testa4, Records=1, Children=0 > >> A: 192.168.1.4 (flags=f0, serial=8, ttl=900) > >> Name=testa5, Records=1, Children=0 > >> A: 192.168.1.5 (flags=f0, serial=10, ttl=900) > >> Name=testa6, Records=1, Children=0 > >> A: 192.168.1.6 (flags=f0, serial=12, ttl=900) > >> Name=testa7, Records=1, Children=0 > >> A: 192.168.1.7 (flags=f0, serial=14, ttl=900) > >> Name=testa8, Records=1, Children=0 > >> A: 192.168.1.8 (flags=f0, serial=16, ttl=900) > >> Name=testa9, Records=1, Children=0 > >> A: 192.168.1.9 (flags=f0, serial=18, ttl=900) > >> Name=testc1, Records=1, Children=0 > >> CNAME: testa1.jupiter.mydom.org. (flags=f0, serial=3, ttl=900) > >> Name=testc10, Records=1, Children=0 > >> CNAME: testa10.jupiter.mydom.org. (flags=f0, > serial=21, ttl=900) > >> Name=testc2, Records=1, Children=0 > >> CNAME: testa2.jupiter.mydom.org. (flags=f0, serial=5, ttl=900) > >> Name=testc3, Records=1, Children=0 > >> CNAME: testa3.jupiter.mydom.org. (flags=f0, serial=7, ttl=900) > >> Name=testc4, Records=1, Children=0 > >> CNAME: testa4.jupiter.mydom.org. (flags=f0, serial=9, ttl=900) > >> Name=testc5, Records=1, Children=0 > >> CNAME: testa5.jupiter.mydom.org. (flags=f0, serial=11, ttl=900) > >> Name=testc6, Records=1, Children=0 > >> CNAME: testa6.jupiter.mydom.org. (flags=f0, serial=13, ttl=900) > >> Name=testc7, Records=1, Children=0 > >> CNAME: testa7.jupiter.mydom.org. (flags=f0, serial=15, ttl=900) > >> Name=testc8, Records=1, Children=0 > >> CNAME: testa8.jupiter.mydom.org. (flags=f0, serial=17, ttl=900) > >> Name=testc9, Records=1, Children=0 > >> CNAME: testa9.jupiter.mydom.org. (flags=f0, serial=19, ttl=900) > >> > >> > >> > >> > >> 2. create a other domain zone (saturn.mydom.org) and > create the same 10 > >> A records (testa1-testa10 -> 192.168.2.1-192.168.2.10) > >> and the same 10 CNAME (testc1-testc10 -> testa1-testa10) in the > >> second zone > >> > >> now, the first 5 A and the first 5 CNAME goes tho the second zone > >> (saturn.mydom.org), but the rest is located in the wrong zone > >> (jupiter.mydom.org) > >> > >> samba-tool dns zonecreate dc2 saturn.mydom.org > >> samba-tool dns add dc2 saturn.mydom.org testa1 A 192.168.2.1 > >> samba-tool dns add dc2 saturn.mydom.org testc1 CNAME > >> testa1.saturn.mydom.org > >> samba-tool dns add dc2 saturn.mydom.org testa2 A 192.168.2.2 > >> samba-tool dns add dc2 saturn.mydom.org testc2 CNAME > >> testa2.saturn.mydom.org > >> samba-tool dns add dc2 saturn.mydom.org testa3 A 192.168.2.3 > >> samba-tool dns add dc2 saturn.mydom.org testc3 CNAME > >> testa3.saturn.mydom.org > >> samba-tool dns add dc2 saturn.mydom.org testa4 A 192.168.2.4 > >> samba-tool dns add dc2 saturn.mydom.org testc4 CNAME > >> testa4.saturn.mydom.org > >> samba-tool dns add dc2 saturn.mydom.org testa5 A 192.168.2.5 > >> samba-tool dns add dc2 saturn.mydom.org testc5 CNAME > >> testa5.saturn.mydom.org > >> samba-tool dns add dc2 saturn.mydom.org testa6 A 192.168.2.6 > >> samba-tool dns add dc2 saturn.mydom.org testc6 CNAME > >> testa6.saturn.mydom.org > >> samba-tool dns add dc2 saturn.mydom.org testa7 A 192.168.2.7 > >> samba-tool dns add dc2 saturn.mydom.org testc7 CNAME > >> testa7.saturn.mydom.org > >> samba-tool dns add dc2 saturn.mydom.org testa8 A 192.168.2.8 > >> samba-tool dns add dc2 saturn.mydom.org testc8 CNAME > >> testa8.saturn.mydom.org > >> samba-tool dns add dc2 saturn.mydom.org testa9 A 192.168.2.9 > >> samba-tool dns add dc2 saturn.mydom.org testc9 CNAME > >> testa9.saturn.mydom.org > >> samba-tool dns add dc2 saturn.mydom.org testa10 A 192.168.2.10 > >> samba-tool dns add dc2 saturn.mydom.org testc10 CNAME > >> testa10.saturn.mydom.org > >> > >> > >> Now the new result is: > >> > >> samba-tool dns query dc2 saturn.mydom.org saturn.mydom.org all > >> Name=, Records=2, Children=0 > >> SOA: serial=21, refresh=900, retry=600, expire=86400, > minttl=3600, > >> ns=dc2.mydom.org., email=hostmaster.mydom.org. (flags=600000f0, > >> serial=21, ttl=3600) > >> NS: dc2.mydom.org. (flags=600000f0, serial=1, ttl=3600) > >> Name=testa1, Records=1, Children=0 > >> A: 192.168.2.1 (flags=f0, serial=2, ttl=900) > >> Name=testa2, Records=1, Children=0 > >> A: 192.168.2.2 (flags=f0, serial=4, ttl=900) > >> Name=testa3, Records=1, Children=0 > >> A: 192.168.2.3 (flags=f0, serial=6, ttl=900) > >> Name=testa4, Records=1, Children=0 > >> A: 192.168.2.4 (flags=f0, serial=8, ttl=900) > >> Name=testa5, Records=1, Children=0 > >> A: 192.168.2.5 (flags=f0, serial=10, ttl=900) > >> Name=testc1, Records=1, Children=0 > >> CNAME: testa1.saturn.mydom.org. (flags=f0, serial=3, ttl=900) > >> Name=testc2, Records=1, Children=0 > >> CNAME: testa2.saturn.mydom.org. (flags=f0, serial=5, ttl=900) > >> Name=testc3, Records=1, Children=0 > >> CNAME: testa3.saturn.mydom.org. (flags=f0, serial=7, ttl=900) > >> Name=testc4, Records=1, Children=0 > >> CNAME: testa4.saturn.mydom.org. (flags=f0, serial=9, ttl=900) > >> Name=testc5, Records=1, Children=0 > >> CNAME: testa5.saturn.mydom.org. (flags=f0, serial=11, ttl=900) > >> > >> > >> samba-tool dns query dc2 jupiter.mydom.org jupiter.mydom.org all > >> Name=, Records=2, Children=0 > >> SOA: serial=21, refresh=900, retry=600, expire=86400, > minttl=3600, > >> ns=dc2.mydom.org., email=hostmaster.mydom.org. (flags=600000f0, > >> serial=21, ttl=3600) > >> NS: dc2.mydom.org. (flags=600000f0, serial=1, ttl=3600) > >> Name=testa1, Records=1, Children=0 > >> A: 192.168.1.1 (flags=f0, serial=2, ttl=900) > >> Name=testa10, Records=2, Children=0 > >> A: 192.168.1.10 (flags=f0, serial=20, ttl=900) > >> A: 192.168.2.10 (flags=f0, serial=20, ttl=900) > >> Name=testa2, Records=1, Children=0 > >> A: 192.168.1.2 (flags=f0, serial=4, ttl=900) > >> Name=testa3, Records=1, Children=0 > >> A: 192.168.1.3 (flags=f0, serial=6, ttl=900) > >> Name=testa4, Records=1, Children=0 > >> A: 192.168.1.4 (flags=f0, serial=8, ttl=900) > >> Name=testa5, Records=1, Children=0 > >> A: 192.168.1.5 (flags=f0, serial=10, ttl=900) > >> Name=testa6, Records=2, Children=0 > >> A: 192.168.1.6 (flags=f0, serial=12, ttl=900) > >> A: 192.168.2.6 (flags=f0, serial=12, ttl=900) > >> Name=testa7, Records=2, Children=0 > >> A: 192.168.1.7 (flags=f0, serial=14, ttl=900) > >> A: 192.168.2.7 (flags=f0, serial=14, ttl=900) > >> Name=testa8, Records=2, Children=0 > >> A: 192.168.1.8 (flags=f0, serial=16, ttl=900) > >> A: 192.168.2.8 (flags=f0, serial=16, ttl=900) > >> Name=testa9, Records=2, Children=0 > >> A: 192.168.1.9 (flags=f0, serial=18, ttl=900) > >> A: 192.168.2.9 (flags=f0, serial=18, ttl=900) > >> Name=testc1, Records=1, Children=0 > >> CNAME: testa1.jupiter.mydom.org. (flags=f0, serial=3, ttl=900) > >> Name=testc10, Records=2, Children=0 > >> CNAME: testa10.jupiter.mydom.org. (flags=f0, > serial=21, ttl=900) > >> CNAME: testa10.saturn.mydom.org. (flags=f0, serial=21, ttl=900) > >> Name=testc2, Records=1, Children=0 > >> CNAME: testa2.jupiter.mydom.org. (flags=f0, serial=5, ttl=900) > >> Name=testc3, Records=1, Children=0 > >> CNAME: testa3.jupiter.mydom.org. (flags=f0, serial=7, ttl=900) > >> Name=testc4, Records=1, Children=0 > >> CNAME: testa4.jupiter.mydom.org. (flags=f0, serial=9, ttl=900) > >> Name=testc5, Records=1, Children=0 > >> CNAME: testa5.jupiter.mydom.org. (flags=f0, serial=11, ttl=900) > >> Name=testc6, Records=2, Children=0 > >> CNAME: testa6.jupiter.mydom.org. (flags=f0, serial=13, ttl=900) > >> CNAME: testa6.saturn.mydom.org. (flags=f0, serial=13, ttl=900) > >> Name=testc7, Records=2, Children=0 > >> CNAME: testa7.jupiter.mydom.org. (flags=f0, serial=15, ttl=900) > >> CNAME: testa7.saturn.mydom.org. (flags=f0, serial=15, ttl=900) > >> Name=testc8, Records=2, Children=0 > >> CNAME: testa8.jupiter.mydom.org. (flags=f0, serial=17, ttl=900) > >> CNAME: testa8.saturn.mydom.org. (flags=f0, serial=17, ttl=900) > >> Name=testc9, Records=2, Children=0 > >> CNAME: testa9.jupiter.mydom.org. (flags=f0, serial=19, ttl=900) > >> CNAME: testa9.saturn.mydom.org. (flags=f0, serial=19, ttl=900) > >> > >> > >> Regards, > >> Heinz > >> > >> > >> > >> Am Donnerstag, > >> den 23.01.2020, 09:22 +0000 schrieb Heinz H?lzl via > >> samba: > >>> Hi, > >>> > >>> after a downgrade to samba 4.10 everything works fine. > >>> > >>> How should i proceed now? > >>> > >>> Regards, > >>> Heinz > >>> > >>> Am Dienstag, den 21.01.2020, 15:48 +0000 schrieb Heinz H?lzl via > >>> samba: > >>>> Hi list, > >>>> > >>>> after the upgrade to samba 4.11.4 i have a problem with new added > >>>> DNS > >>>> records. > >>>> If i add a new dns-record, the "samba-tool dns add" returns a > >>>> "Record > >>>> added successfully" but the new record is not aviable: > >>>> > >>>> "samba-tool dns query" returns "ERROR: Record or zone does not > >>>> exist." > >>>> > >>>> "nslookup" or "host" returns nothing regarding the added record. > >>>> > >>>> if i retry to reinsert the new record, i get a > >>>> WERR_DNS_ERROR_RECORD_ALREADY_EXISTS > >>>> > >>>> > >>>> I have 4 domain controllers, 2 DCs are working with > SAMBA_INTERNAL > >>>> - > >>>> DNS and 2 DCs are working with BIND9_DLZ. > >>>> > >>>> I tried also to rejoin a DC ... same issue. > >>>> > >>>> > >>>> Thanks! > >>>> > >>>> Regards, > >>>> Heinz > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> root at dctest2:~# /usr/local/samba/bin/samba-tool dns add dc2 > >>>> klingons.gvcc.net xy A 172.27.10.32 > >>>> Record added successfully > >>>> root at dctest2:~# /usr/local/samba/bin/samba-tool dns query dc2 > >>>> klingons.gvcc.net xy A > >>>> ERROR: Record or zone does not exist. > >>>> root at dctest2:~# host xy.klingons.gvcc.net > >>>> Host xy.klingons.gvcc.net not found: 3(NXDOMAIN) > >>>> root at dctest2:~# /usr/local/samba/bin/samba-tool dns add dc2 > >>>> klingons.gvcc.net xy A 172.27.10.32 > >>>> ERROR(runtime): uncaught exception - (9711, > >>>> 'WERR_DNS_ERROR_RECORD_ALREADY_EXISTS') > >>>> File "/usr/local/samba/lib/python3.6/site- > >>>> packages/samba/netcmd/__init__.py", line 186, in _run > >>>> return self.run(*args, **kwargs) > >>>> File "/usr/local/samba/lib/python3.6/site- > >>>> packages/samba/netcmd/dns.py", line 945, in run > >>>> raise e > >>>> File "/usr/local/samba/lib/python3.6/site- > >>>> packages/samba/netcmd/dns.py", line 941, in run > >>>> 0, server, zone, name, add_rec_buf, None) > >>>> root at dctest2:~# /usr/local/samba/bin/samba-tool dns delete dc2 > >>>> klingons.gvcc.net xy A 172.27.10.32 > >>>> Record deleted successfully > >>>> root at dctest2:~# > > > > -- > Dr. Christian Naumer > Unit Head Bioprocess Development > B.R.A.I.N Aktiengesellschaft > Darmstaedter Str. 34-36, D-64673 Zwingenberg > e-mail cn at brain-biotech.com, homepage www.brain-biotech.com > fon +49-6251-9331-30 / fax +49-6251-9331-11 > > Sitz der Gesellschaft: Zwingenberg/Bergstrasse > Registergericht AG Darmstadt, HRB 24758 > Vorstand: Adriaan Moelker (Vorstandsvorsitzender), > Manfred Bender, Ludger Roedder > Aufsichtsratsvorsitzender: Dr. Georg Kellinghusen > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >
Am Montag, den 10.02.2020, 16:44 +0100 schrieb L.P.H. van Belle via samba:> Hai Christian, > > > Can someone reproduce this? > No, tried, but sorry, works fine for me on my 4.11.6 server. >i reproduced this. you have to add more then 10 PTR with the same entry in 2 different arpazones! i created 15 PTR in the zone 0.168.192.in-addr.arpa pointing to testaNN.jupiter.klingons.net the result is as expected. all 15 PRT are pointing to the corresponding hostname. THEN: i created the same 15 PTR in the zone 1.168.192.in-addr.arpa pointing to testaNN.venus.klingons.net and the result: the first 10 PTR are in 1.168.192.in-addr.arpa: samba-tool dns query dc2 1.168.192.in-addr.arpa 1.168.192.in-addr.arpa all Name=, Records=2, Children=0 SOA: serial=16, refresh=900, retry=600, expire=86400, minttl=3600, ns=dc2.klingons.net., email=hostmaster.klingons.net. (flags=600000f0, serial=16, ttl=3600) NS: dc2.klingons.net. (flags=600000f0, serial=1, ttl=3600) Name=1, Records=1, Children=0 PTR: testa1.venus.klingons.net (flags=f0, serial=2, ttl=900) Name=10, Records=1, Children=0 PTR: testa10.venus.klingons.net (flags=f0, serial=11, ttl=900) Name=2, Records=1, Children=0 PTR: testa2.venus.klingons.net (flags=f0, serial=3, ttl=900) Name=3, Records=1, Children=0 PTR: testa3.venus.klingons.net (flags=f0, serial=4, ttl=900) Name=4, Records=1, Children=0 PTR: testa4.venus.klingons.net (flags=f0, serial=5, ttl=900) Name=5, Records=1, Children=0 PTR: testa5.venus.klingons.net (flags=f0, serial=6, ttl=900) Name=6, Records=1, Children=0 PTR: testa6.venus.klingons.net (flags=f0, serial=7, ttl=900) Name=7, Records=1, Children=0 PTR: testa7.venus.klingons.net (flags=f0, serial=8, ttl=900) Name=8, Records=1, Children=0 PTR: testa8.venus.klingons.net (flags=f0, serial=9, ttl=900) Name=9, Records=1, Children=0 PTR: testa9.venus.klingons.net (flags=f0, serial=10, ttl=900) and the PRT from 11 to 15 are in the wrong zone 0.168.192.in-addr.arpa instead of 1.168.192.in-addr.arpa: samba-tool dns query dc2 0.168.192.in-addr.arpa 0.168.192.in-addr.arpa all Name=, Records=2, Children=0 SOA: serial=16, refresh=900, retry=600, expire=86400, minttl=3600, ns=dc2.klingons.net., email=hostmaster.klingons.net. (flags=600000f0, serial=16, ttl=3600) NS: dc2.klingons.net. (flags=600000f0, serial=1, ttl=3600) Name=1, Records=1, Children=0 PTR: testa1.jupiter.klingons.net (flags=f0, serial=2, ttl=900) Name=10, Records=1, Children=0 PTR: testa10.jupiter.klingons.net (flags=f0, serial=11, ttl=900) Name=11, Records=2, Children=0 PTR: testa11.jupiter.klingons.net (flags=f0, serial=12, ttl=900) PTR: testa11.venus.klingons.net (flags=f0, serial=12, ttl=900) Name=12, Records=2, Children=0 PTR: testa12.jupiter.klingons.net (flags=f0, serial=13, ttl=900) PTR: testa12.venus.klingons.net (flags=f0, serial=13, ttl=900) Name=13, Records=2, Children=0 PTR: testa13.jupiter.klingons.net (flags=f0, serial=14, ttl=900) PTR: testa13.venus.klingons.net (flags=f0, serial=14, ttl=900) Name=14, Records=2, Children=0 PTR: testa14.jupiter.klingons.net (flags=f0, serial=15, ttl=900) PTR: testa14.venus.klingons.net (flags=f0, serial=15, ttl=900) Name=15, Records=2, Children=0 PTR: testa15.jupiter.klingons.net (flags=f0, serial=16, ttl=900) PTR: testa15.venus.klingons.net (flags=f0, serial=16, ttl=900) Name=2, Records=1, Children=0 PTR: testa2.jupiter.klingons.net (flags=f0, serial=3, ttl=900) Name=3, Records=1, Children=0 PTR: testa3.jupiter.klingons.net (flags=f0, serial=4, ttl=900) Name=4, Records=1, Children=0 PTR: testa4.jupiter.klingons.net (flags=f0, serial=5, ttl=900) Name=5, Records=1, Children=0 PTR: testa5.jupiter.klingons.net (flags=f0, serial=6, ttl=900) Name=6, Records=1, Children=0 PTR: testa6.jupiter.klingons.net (flags=f0, serial=7, ttl=900) Name=7, Records=1, Children=0 PTR: testa7.jupiter.klingons.net (flags=f0, serial=8, ttl=900) Name=8, Records=1, Children=0 PTR: testa8.jupiter.klingons.net (flags=f0, serial=9, ttl=900) Name=9, Records=1, Children=0 PTR: testa9.jupiter.klingons.net (flags=f0, serial=10, ttl=900) regards, heinz> And what is you try it like this. > > samba-tool dns add dc1.zone1.domain.de 0.168.192.in-addr.arpa 157 PTR > zone1.domain.de -U Administrator > samba-tool dns add dc1.zone1.domain.de 1.168.192.in-addr.arpa 157 PTR > zone2.domain.de -U Administrator > > I tested on my production where i have 6 forward/reverse zones in > use. > > Is the hostname "dc1" also in other zones? > Yes, use FQDN as i showed and test it. > No, we need to investigate more most probely. > > > Greetz, > > Louis > > > -----Oorspronkelijk bericht----- > > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > > Christian Naumer via samba > > Verzonden: maandag 10 februari 2020 16:17 > > Aan: samba at lists.samba.org > > Onderwerp: Re: [Samba] New DNS-Records not aviable > > > > After some more digging it looks like this: > > > > I will try to explain. > > > > I have to reverse zones: > > > > 0.168.192.in-addr.arpa > > 2.168.192.in-addr.arpa > > > > I create a new entry with > > > > samba-tool dns add dc1 0.168.192.in-addr.arpa 157 PTR > > xxxxxx.domain.de > > > > This works only if 157.2.168.192.in-addr.arpa (pointing to any > > other > > host) does not exist. If it does the entry is created again. > > > > 157.2.168.192.in-addr.arpa ponting to xxxxxx. > > > > If there is no entry in the 2.168.192.in-addr.arpa zone then the > > entry > > is correctly created in the 0.168.192.in-addr.arpa zone. > > > > Can someone reproduce this? > > > > > > > > > > Am 10.02.20 um 11:13 schrieb Christian Naumer via samba: > > > Funny you should post this now. I was just cleaning up some > > DNS records > > > and the following happend. > > > I had to PTR records with an empty timestamp. I deleted > > them and wanted > > > to recreate them. > > > My reverse Zones are > > > > > > 0.168.192.in-addr.arpa > > > > > > and > > > > > > 2.168.192.in-addr.arpa > > > > > > > > > both of the records I delted were in the "0" zone. > > > > > > The first i recreated with: > > > > > > samba-tool dns add dc1 0.168.192.in-addr.arpa 212 PTR > > > drac.domain.de > > > > > > works as expected > > > > > > samba-tool dns add dc1 0.168.192.in-addr.arpa 80 PTR > > device.domain.de > > > And this gets created in the "2" zone. > > > > > > If I try the same comamnd again it says entry exits. So it > > really thinks > > > it is creating in the right zone. > > > > > > I tried using the Windows DNS tool and it created the entry > > in the same > > > wrong zone! > > > > > > Weird! > > > > > > I got it to created the right record by expunging all > > tombstones on all DCs. > > > I don't know if this is related but it sound similar. > > > > > > Regards > > > > > > > > > Christian > > > > > > > > > > > > Am 10.02.20 um 10:44 schrieb Heinz H?lzl via samba: > > > > hi again. > > > > > > > > after some tests, (on my operational domain and on a new > > testdomain) i > > > > detected this behavior: > > > > > > > > > > > > > > > > on samba 4.11.6 sometimes the new DNS-records finisches on > > a wrong dns > > > > zone. > > > > > > > > the problem occurs, if more then 5 records are created > > with the same > > > > name in more then one domain zone > > > > > > > > for example: > > > > testa1.jupiter.mydom.org > > > > testa2.jupiter.mydom.org > > > > testa3.jupiter.mydom.org > > > > testa4.jupiter.mydom.org > > > > testa5.jupiter.mydom.org > > > > testa6.jupiter.mydom.org > > > > testa7.jupiter.mydom.org > > > > ... > > > > testa1.saturn.mydom.org > > > > testa2.saturn.mydom.org > > > > testa3.saturn.mydom.org > > > > te > > > > sta4.saturn.mydom.org > > > > testa5.saturn.mydom.org > > > > testa6.saturn.mydom.org > > > > test > > > > a7.saturn.mydom.org > > > > ... > > > > > > > > > > > > > > > > can anyone confirm this ? > > > > > > > > > > > > > > > > To reproduce: > > > > 1. create a new domain zone (jupiter.mydom.org) and create > > 10 A records > > > > (testa1-testa10 -> 192.168.1.1-192.168.1.10 ) > > > > and 10 CNAME (testc1-testc10 -> testa1-testa10) in the new > > > > zone > > > > > > > > > > > > samba-tool dns zonecreate dc2 jupiter.mydom.org > > > > samba-tool dns add dc2 jupiter.mydom.org testa1 A 192.168.1.1 > > > > samba-tool dns add dc2 jupiter.mydom.org testc1 CNAME > > > > testa1.jupiter.mydom.org > > > > samba-tool dns add dc2 jupiter.mydom.org testa2 A 192.168.1.2 > > > > samba-tool dns add dc2 jupiter.mydom.org testc2 CNAME > > > > testa2.jupiter.mydom.org > > > > samba-tool dns add dc2 jupiter.mydom.org testa3 A 192.168.1.3 > > > > samba-tool dns add dc2 jupiter.mydom.org testc3 CNAME > > > > testa3.jupiter.mydom.org > > > > samba-tool dns add dc2 jupiter.mydom.org testa4 A 192.168.1.4 > > > > samba-tool dns add dc2 jupiter.mydom.org testc4 CNAME > > > > testa4.jupiter.mydom.org > > > > samba-tool dns add dc2 jupiter.mydom.org testa5 A 192.168.1.5 > > > > samba-tool dns add dc2 jupiter.mydom.org testc5 CNAME > > > > testa5.jupiter.mydom.org > > > > samba-tool dns add dc2 jupiter.mydom.org testa6 A 192.168.1.6 > > > > samba-tool dns add dc2 jupiter.mydom.org testc6 CNAME > > > > testa6.jupiter.mydom.org > > > > samba-tool dns add dc2 jupiter.mydom.org testa7 A 192.168.1.7 > > > > samba-tool dns add dc2 jupiter.mydom.org testc7 CNAME > > > > testa7.jupiter.mydom.org > > > > samba-tool dns add dc2 jupiter.mydom.org testa8 A 192.168.1.8 > > > > samba-tool dns add dc2 jupiter.mydom.org testc8 CNAME > > > > testa8.jupiter.mydom.org > > > > samba-tool dns add dc2 jupiter.mydom.org testa9 A 192.168.1.9 > > > > samba-tool dns add dc2 jupiter.mydom.org testc9 CNAME > > > > testa9.jupiter.mydom.org > > > > samba-tool dns add dc2 jupiter.mydom.org testa10 A 192.168.1.10 > > > > samba-tool dns add dc2 jupiter.mydom.org testc10 CNAME > > > > testa10.jupiter.mydom.org > > > > > > > > > > > > The result until here is as expected: > > > > > > > > samba-tool dns query dc2 jupiter.mydom.org jupiter.mydom.org > > > > all > > > > Name=, Records=2, Children=0 > > > > SOA: serial=21, refresh=900, retry=600, expire=86400, > > minttl=3600, > > > > ns=dc2.mydom.org., email=hostmaster.mydom.org. (flags=600000f0, > > > > serial=21, ttl=3600) > > > > NS: dc2.mydom.org. (flags=600000f0, serial=1, ttl=3600) > > > > Name=testa1, Records=1, Children=0 > > > > A: 192.168.1.1 (flags=f0, serial=2, ttl=900) > > > > Name=testa10, Records=1, Children=0 > > > > A: 192.168.1.10 (flags=f0, serial=20, ttl=900) > > > > Name=testa2, Records=1, Children=0 > > > > A: 192.168.1.2 (flags=f0, serial=4, ttl=900) > > > > Name=testa3, Records=1, Children=0 > > > > A: 192.168.1.3 (flags=f0, serial=6, ttl=900) > > > > Name=testa4, Records=1, Children=0 > > > > A: 192.168.1.4 (flags=f0, serial=8, ttl=900) > > > > Name=testa5, Records=1, Children=0 > > > > A: 192.168.1.5 (flags=f0, serial=10, ttl=900) > > > > Name=testa6, Records=1, Children=0 > > > > A: 192.168.1.6 (flags=f0, serial=12, ttl=900) > > > > Name=testa7, Records=1, Children=0 > > > > A: 192.168.1.7 (flags=f0, serial=14, ttl=900) > > > > Name=testa8, Records=1, Children=0 > > > > A: 192.168.1.8 (flags=f0, serial=16, ttl=900) > > > > Name=testa9, Records=1, Children=0 > > > > A: 192.168.1.9 (flags=f0, serial=18, ttl=900) > > > > Name=testc1, Records=1, Children=0 > > > > CNAME: testa1.jupiter.mydom.org. (flags=f0, serial=3, > > > > ttl=900) > > > > Name=testc10, Records=1, Children=0 > > > > CNAME: testa10.jupiter.mydom.org. (flags=f0, > > serial=21, ttl=900) > > > > Name=testc2, Records=1, Children=0 > > > > CNAME: testa2.jupiter.mydom.org. (flags=f0, serial=5, > > > > ttl=900) > > > > Name=testc3, Records=1, Children=0 > > > > CNAME: testa3.jupiter.mydom.org. (flags=f0, serial=7, > > > > ttl=900) > > > > Name=testc4, Records=1, Children=0 > > > > CNAME: testa4.jupiter.mydom.org. (flags=f0, serial=9, > > > > ttl=900) > > > > Name=testc5, Records=1, Children=0 > > > > CNAME: testa5.jupiter.mydom.org. (flags=f0, serial=11, > > > > ttl=900) > > > > Name=testc6, Records=1, Children=0 > > > > CNAME: testa6.jupiter.mydom.org. (flags=f0, serial=13, > > > > ttl=900) > > > > Name=testc7, Records=1, Children=0 > > > > CNAME: testa7.jupiter.mydom.org. (flags=f0, serial=15, > > > > ttl=900) > > > > Name=testc8, Records=1, Children=0 > > > > CNAME: testa8.jupiter.mydom.org. (flags=f0, serial=17, > > > > ttl=900) > > > > Name=testc9, Records=1, Children=0 > > > > CNAME: testa9.jupiter.mydom.org. (flags=f0, serial=19, > > > > ttl=900) > > > > > > > > > > > > > > > > > > > > 2. create a other domain zone (saturn.mydom.org) and > > create the same 10 > > > > A records (testa1-testa10 -> 192.168.2.1-192.168.2.10) > > > > and the same 10 CNAME (testc1-testc10 -> testa1-testa10) in > > > > the > > > > second zone > > > > > > > > now, the first 5 A and the first 5 CNAME goes tho the second > > > > zone > > > > (saturn.mydom.org), but the rest is located in the wrong zone > > > > (jupiter.mydom.org) > > > > > > > > samba-tool dns zonecreate dc2 saturn.mydom.org > > > > samba-tool dns add dc2 saturn.mydom.org testa1 A 192.168.2.1 > > > > samba-tool dns add dc2 saturn.mydom.org testc1 CNAME > > > > testa1.saturn.mydom.org > > > > samba-tool dns add dc2 saturn.mydom.org testa2 A 192.168.2.2 > > > > samba-tool dns add dc2 saturn.mydom.org testc2 CNAME > > > > testa2.saturn.mydom.org > > > > samba-tool dns add dc2 saturn.mydom.org testa3 A 192.168.2.3 > > > > samba-tool dns add dc2 saturn.mydom.org testc3 CNAME > > > > testa3.saturn.mydom.org > > > > samba-tool dns add dc2 saturn.mydom.org testa4 A 192.168.2.4 > > > > samba-tool dns add dc2 saturn.mydom.org testc4 CNAME > > > > testa4.saturn.mydom.org > > > > samba-tool dns add dc2 saturn.mydom.org testa5 A 192.168.2.5 > > > > samba-tool dns add dc2 saturn.mydom.org testc5 CNAME > > > > testa5.saturn.mydom.org > > > > samba-tool dns add dc2 saturn.mydom.org testa6 A 192.168.2.6 > > > > samba-tool dns add dc2 saturn.mydom.org testc6 CNAME > > > > testa6.saturn.mydom.org > > > > samba-tool dns add dc2 saturn.mydom.org testa7 A 192.168.2.7 > > > > samba-tool dns add dc2 saturn.mydom.org testc7 CNAME > > > > testa7.saturn.mydom.org > > > > samba-tool dns add dc2 saturn.mydom.org testa8 A 192.168.2.8 > > > > samba-tool dns add dc2 saturn.mydom.org testc8 CNAME > > > > testa8.saturn.mydom.org > > > > samba-tool dns add dc2 saturn.mydom.org testa9 A 192.168.2.9 > > > > samba-tool dns add dc2 saturn.mydom.org testc9 CNAME > > > > testa9.saturn.mydom.org > > > > samba-tool dns add dc2 saturn.mydom.org testa10 A 192.168.2.10 > > > > samba-tool dns add dc2 saturn.mydom.org testc10 CNAME > > > > testa10.saturn.mydom.org > > > > > > > > > > > > Now the new result is: > > > > > > > > samba-tool dns query dc2 saturn.mydom.org saturn.mydom.org > > > > all > > > > Name=, Records=2, Children=0 > > > > SOA: serial=21, refresh=900, retry=600, expire=86400, > > minttl=3600, > > > > ns=dc2.mydom.org., email=hostmaster.mydom.org. (flags=600000f0, > > > > serial=21, ttl=3600) > > > > NS: dc2.mydom.org. (flags=600000f0, serial=1, ttl=3600) > > > > Name=testa1, Records=1, Children=0 > > > > A: 192.168.2.1 (flags=f0, serial=2, ttl=900) > > > > Name=testa2, Records=1, Children=0 > > > > A: 192.168.2.2 (flags=f0, serial=4, ttl=900) > > > > Name=testa3, Records=1, Children=0 > > > > A: 192.168.2.3 (flags=f0, serial=6, ttl=900) > > > > Name=testa4, Records=1, Children=0 > > > > A: 192.168.2.4 (flags=f0, serial=8, ttl=900) > > > > Name=testa5, Records=1, Children=0 > > > > A: 192.168.2.5 (flags=f0, serial=10, ttl=900) > > > > Name=testc1, Records=1, Children=0 > > > > CNAME: testa1.saturn.mydom.org. (flags=f0, serial=3, > > > > ttl=900) > > > > Name=testc2, Records=1, Children=0 > > > > CNAME: testa2.saturn.mydom.org. (flags=f0, serial=5, > > > > ttl=900) > > > > Name=testc3, Records=1, Children=0 > > > > CNAME: testa3.saturn.mydom.org. (flags=f0, serial=7, > > > > ttl=900) > > > > Name=testc4, Records=1, Children=0 > > > > CNAME: testa4.saturn.mydom.org. (flags=f0, serial=9, > > > > ttl=900) > > > > Name=testc5, Records=1, Children=0 > > > > CNAME: testa5.saturn.mydom.org. (flags=f0, serial=11, > > > > ttl=900) > > > > > > > > > > > > samba-tool dns query dc2 jupiter.mydom.org jupiter.mydom.org > > > > all > > > > Name=, Records=2, Children=0 > > > > SOA: serial=21, refresh=900, retry=600, expire=86400, > > minttl=3600, > > > > ns=dc2.mydom.org., email=hostmaster.mydom.org. (flags=600000f0, > > > > serial=21, ttl=3600) > > > > NS: dc2.mydom.org. (flags=600000f0, serial=1, ttl=3600) > > > > Name=testa1, Records=1, Children=0 > > > > A: 192.168.1.1 (flags=f0, serial=2, ttl=900) > > > > Name=testa10, Records=2, Children=0 > > > > A: 192.168.1.10 (flags=f0, serial=20, ttl=900) > > > > A: 192.168.2.10 (flags=f0, serial=20, ttl=900) > > > > Name=testa2, Records=1, Children=0 > > > > A: 192.168.1.2 (flags=f0, serial=4, ttl=900) > > > > Name=testa3, Records=1, Children=0 > > > > A: 192.168.1.3 (flags=f0, serial=6, ttl=900) > > > > Name=testa4, Records=1, Children=0 > > > > A: 192.168.1.4 (flags=f0, serial=8, ttl=900) > > > > Name=testa5, Records=1, Children=0 > > > > A: 192.168.1.5 (flags=f0, serial=10, ttl=900) > > > > Name=testa6, Records=2, Children=0 > > > > A: 192.168.1.6 (flags=f0, serial=12, ttl=900) > > > > A: 192.168.2.6 (flags=f0, serial=12, ttl=900) > > > > Name=testa7, Records=2, Children=0 > > > > A: 192.168.1.7 (flags=f0, serial=14, ttl=900) > > > > A: 192.168.2.7 (flags=f0, serial=14, ttl=900) > > > > Name=testa8, Records=2, Children=0 > > > > A: 192.168.1.8 (flags=f0, serial=16, ttl=900) > > > > A: 192.168.2.8 (flags=f0, serial=16, ttl=900) > > > > Name=testa9, Records=2, Children=0 > > > > A: 192.168.1.9 (flags=f0, serial=18, ttl=900) > > > > A: 192.168.2.9 (flags=f0, serial=18, ttl=900) > > > > Name=testc1, Records=1, Children=0 > > > > CNAME: testa1.jupiter.mydom.org. (flags=f0, serial=3, > > > > ttl=900) > > > > Name=testc10, Records=2, Children=0 > > > > CNAME: testa10.jupiter.mydom.org. (flags=f0, > > serial=21, ttl=900) > > > > CNAME: testa10.saturn.mydom.org. (flags=f0, serial=21, > > > > ttl=900) > > > > Name=testc2, Records=1, Children=0 > > > > CNAME: testa2.jupiter.mydom.org. (flags=f0, serial=5, > > > > ttl=900) > > > > Name=testc3, Records=1, Children=0 > > > > CNAME: testa3.jupiter.mydom.org. (flags=f0, serial=7, > > > > ttl=900) > > > > Name=testc4, Records=1, Children=0 > > > > CNAME: testa4.jupiter.mydom.org. (flags=f0, serial=9, > > > > ttl=900) > > > > Name=testc5, Records=1, Children=0 > > > > CNAME: testa5.jupiter.mydom.org. (flags=f0, serial=11, > > > > ttl=900) > > > > Name=testc6, Records=2, Children=0 > > > > CNAME: testa6.jupiter.mydom.org. (flags=f0, serial=13, > > > > ttl=900) > > > > CNAME: testa6.saturn.mydom.org. (flags=f0, serial=13, > > > > ttl=900) > > > > Name=testc7, Records=2, Children=0 > > > > CNAME: testa7.jupiter.mydom.org. (flags=f0, serial=15, > > > > ttl=900) > > > > CNAME: testa7.saturn.mydom.org. (flags=f0, serial=15, > > > > ttl=900) > > > > Name=testc8, Records=2, Children=0 > > > > CNAME: testa8.jupiter.mydom.org. (flags=f0, serial=17, > > > > ttl=900) > > > > CNAME: testa8.saturn.mydom.org. (flags=f0, serial=17, > > > > ttl=900) > > > > Name=testc9, Records=2, Children=0 > > > > CNAME: testa9.jupiter.mydom.org. (flags=f0, serial=19, > > > > ttl=900) > > > > CNAME: testa9.saturn.mydom.org. (flags=f0, serial=19, > > > > ttl=900) > > > > > > > > > > > > Regards, > > > > Heinz > > > > > > > > > > > > > > > > Am Donnerstag, > > > > den 23.01.2020, 09:22 +0000 schrieb Heinz H?lzl via > > > > samba: > > > > > Hi, > > > > > > > > > > after a downgrade to samba 4.10 everything works fine. > > > > > > > > > > How should i proceed now? > > > > > > > > > > Regards, > > > > > Heinz > > > > > > > > > > Am Dienstag, den 21.01.2020, 15:48 +0000 schrieb Heinz H?lzl > > > > > via > > > > > samba: > > > > > > Hi list, > > > > > > > > > > > > after the upgrade to samba 4.11.4 i have a problem with new > > > > > > added > > > > > > DNS > > > > > > records. > > > > > > If i add a new dns-record, the "samba-tool dns add" returns > > > > > > a > > > > > > "Record > > > > > > added successfully" but the new record is not aviable: > > > > > > > > > > > > "samba-tool dns query" returns "ERROR: Record or zone does > > > > > > not > > > > > > exist." > > > > > > > > > > > > "nslookup" or "host" returns nothing regarding the added > > > > > > record. > > > > > > > > > > > > if i retry to reinsert the new record, i get a > > > > > > WERR_DNS_ERROR_RECORD_ALREADY_EXISTS > > > > > > > > > > > > > > > > > > I have 4 domain controllers, 2 DCs are working with > > SAMBA_INTERNAL > > > > > > - > > > > > > DNS and 2 DCs are working with BIND9_DLZ. > > > > > > > > > > > > I tried also to rejoin a DC ... same issue. > > > > > > > > > > > > > > > > > > Thanks! > > > > > > > > > > > > Regards, > > > > > > Heinz > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > root at dctest2:~# /usr/local/samba/bin/samba-tool dns add dc2 > > > > > > klingons.gvcc.net xy A 172.27.10.32 > > > > > > Record added successfully > > > > > > root at dctest2:~# /usr/local/samba/bin/samba-tool dns query > > > > > > dc2 > > > > > > klingons.gvcc.net xy A > > > > > > ERROR: Record or zone does not exist. > > > > > > root at dctest2:~# host xy.klingons.gvcc.net > > > > > > Host xy.klingons.gvcc.net not found: 3(NXDOMAIN) > > > > > > root at dctest2:~# /usr/local/samba/bin/samba-tool dns add dc2 > > > > > > klingons.gvcc.net xy A 172.27.10.32 > > > > > > ERROR(runtime): uncaught exception - (9711, > > > > > > 'WERR_DNS_ERROR_RECORD_ALREADY_EXISTS') > > > > > > File "/usr/local/samba/lib/python3.6/site- > > > > > > packages/samba/netcmd/__init__.py", line 186, in _run > > > > > > return self.run(*args, **kwargs) > > > > > > File "/usr/local/samba/lib/python3.6/site- > > > > > > packages/samba/netcmd/dns.py", line 945, in run > > > > > > raise e > > > > > > File "/usr/local/samba/lib/python3.6/site- > > > > > > packages/samba/netcmd/dns.py", line 941, in run > > > > > > 0, server, zone, name, add_rec_buf, None) > > > > > > root at dctest2:~# /usr/local/samba/bin/samba-tool dns delete > > > > > > dc2 > > > > > > klingons.gvcc.net xy A 172.27.10.32 > > > > > > Record deleted successfully > > > > > > root at dctest2:~# > > > > -- > > Dr. Christian Naumer > > Unit Head Bioprocess Development > > B.R.A.I.N Aktiengesellschaft > > Darmstaedter Str. 34-36, D-64673 Zwingenberg > > e-mail cn at brain-biotech.com, homepage www.brain-biotech.com > > fon +49-6251-9331-30 / fax +49-6251-9331-11 > > > > Sitz der Gesellschaft: Zwingenberg/Bergstrasse > > Registergericht AG Darmstadt, HRB 24758 > > Vorstand: Adriaan Moelker (Vorstandsvorsitzender), > > Manfred Bender, Ludger Roedder > > Aufsichtsratsvorsitzender: Dr. Georg Kellinghusen > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > > > > >
Hi Louis. Am 10.02.20 um 16:44 schrieb L.P.H. van Belle via samba:> Hai Christian, > >> Can someone reproduce this? > No, tried, but sorry, works fine for me on my 4.11.6 server. > > And what is you try it like this. > > samba-tool dns add dc1.zone1.domain.de 0.168.192.in-addr.arpa 157 PTR zone1.domain.de -U AdministratorThis creates this entry (output from host 192.168.2.157, host 192.168.0.157 returns NXDOMAIN): 157.2.168.192.in-addr.arpa domain name pointer zone1.hq.brain-biotech.de.> samba-tool dns add dc1.zone1.domain.de 2.168.192.in-addr.arpa 157 PTR zone2.domain.de -U AdministratorThis creates the right record: 157.2.168.192.in-addr.arpa domain name pointer zone2.hq.brain-biotech.de. I tested some more. I have these zones: 0.168.192.in-addr.arpa 1.168.192.in-addr.arpa 2.168.192.in-addr.arpa 3.168.192.in-addr.arpa 4.168.192.in-addr.arpa 5.168.192.in-addr.arpa 6.168.192.in-addr.arpa 7.168.192.in-addr.arpa I can create in all zone the right record except "0" where it is then created in "2" (not in "1") only if there is already a record with the same last digit. The zones 0,1 and 2 contain ~100-200 records the rest only 10 or so. In another attempt I deleted all the records I created in the test and tried again. Strangely it only happens if in zone "2" there is a record with the same last digit. Then the new record is created in zone "2" although I want it in zone "0". It also works if in zone "0" there is an entry and I try to create zone in zone "2". The record is then created in zone "0". Here is a sequence of commands used with a d10: Add a record in zone "2": samba-tool dns add dc1.domain.de 2.168.192.in-addr.arpa 157 PTR zone0.domain.de -U Administrator Password for [DOMAIN-02\Administrator]: Record added successfully Check record: host 192.168.2.157 157.2.168.192.in-addr.arpa domain name pointer zone0.domain.de. Add the record in zone "0" with d10: samba-tool dns add dc1.domain.de 0.168.192.in-addr.arpa 157 PTR zone0.domain.de -d10 -U Administrator INFO: Current debug levels: all: 10 tdb: 10 printdrivers: 10 lanman: 10 smb: 10 rpc_parse: 10 rpc_srv: 10 rpc_cli: 10 passdb: 10 sam: 10 auth: 10 winbind: 10 vfs: 10 idmap: 10 quota: 10 acls: 10 locking: 10 msdfs: 10 dmapi: 10 registry: 10 scavenger: 10 dns: 10 ldb: 10 tevent: 10 auth_audit: 10 auth_json_audit: 10 kerberos: 10 drs_repl: 10 smb2: 10 smb2_credits: 10 dsdb_audit: 10 dsdb_json_audit: 10 dsdb_password_audit: 10 dsdb_password_json_audit: 10 dsdb_transaction_audit: 10 dsdb_transaction_json_audit: 10 dsdb_group_audit: 10 dsdb_group_json_audit: 10 lpcfg_load: refreshing parameters from /etc/samba/smb.conf Processing section "[global]" Processing section "[netlogon]" Processing section "[sysvol]" pm_process() returned Yes GENSEC backend 'gssapi_spnego' registered GENSEC backend 'gssapi_krb5' registered GENSEC backend 'gssapi_krb5_sasl' registered GENSEC backend 'spnego' registered GENSEC backend 'schannel' registered GENSEC backend 'naclrpc_as_system' registered GENSEC backend 'sasl-EXTERNAL' registered GENSEC backend 'ntlmssp' registered GENSEC backend 'ntlmssp_resume_ccache' registered GENSEC backend 'http_basic' registered GENSEC backend 'http_ntlm' registered GENSEC backend 'http_negotiate' registered GENSEC backend 'krb5' registered GENSEC backend 'fake_gssapi_krb5' registered Using binding ncacn_ip_tcp:dc1.domain.de[,sign] Mapped to DCERPC endpoint 135 resolve_lmhosts: Attempting lmhosts lookup for name dc1.domain.de<0x20> startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No such file or directory rpc request data: [0000] 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 02 00 00 00 4B 00 00 00 4B 00 00 00 ........ K...K... [0020] 05 00 13 00 0D A4 C2 AB 50 4D 57 B3 40 9D 66 EE ........ PMW. at .f. [0030] 4F D5 FB A0 76 05 00 02 00 00 00 13 00 0D 04 5D O...v... .......] [0040] 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 02 00 ........ ..+.H`.. [0050] 02 00 00 00 01 00 0B 02 00 00 00 01 00 07 02 00 ........ ........ [0060] 00 00 01 00 09 04 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 01 00 00 00 .... rpc reply data: [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 01 00 00 00 01 00 00 00 00 00 00 00 ........ ........ [0020] 01 00 00 00 03 00 00 00 4B 00 00 00 4B 00 00 00 ........ K...K... [0030] 05 00 13 00 0D A4 C2 AB 50 4D 57 B3 40 9D 66 EE ........ PMW. at .f. [0040] 4F D5 FB A0 76 05 00 02 00 00 00 13 00 0D 04 5D O...v... .......] [0050] 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 02 00 ........ ..+.H`.. [0060] 02 00 00 00 01 00 0B 02 00 00 00 01 00 07 02 00 ........ ........ [0070] C0 01 01 00 09 04 00 00 00 00 00 00 00 00 00 00 ........ ........ Mapped to DCERPC endpoint 49153 resolve_lmhosts: Attempting lmhosts lookup for name dc1.domain.de<0x20> startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No such file or directory Starting GENSEC mechanism spnego Starting GENSEC submechanism gssapi_krb5 Password for [DOMAIN-02\Administrator]: Received smb_krb5 packet of length 313 Received smb_krb5 packet of length 189 kinit for Administrator at DOMAIN.DE succeeded gensec_update_send: gssapi_krb5[0x20a1840]: subreq: 0x209f180 gensec_update_send: spnego[0x20a1450]: subreq: 0x208fe80 gensec_update_done: gssapi_krb5[0x20a1840]: NT_STATUS_MORE_PROCESSING_REQUIRED tevent_req[0x209f180/../../source4/auth/gensec/gensec_gssapi.c:1057]: state[2] error[0 (0x0)] state[struct gensec_gssapi_update_state (0x209f330)] timer[(nil)] finish[../../source4/auth/gensec/gensec_gssapi.c:1067] gensec_update_done: spnego[0x20a1450]: NT_STATUS_MORE_PROCESSING_REQUIRED tevent_req[0x208fe80/../../auth/gensec/spnego.c:1631]: state[2] error[0 (0x0)] state[struct gensec_spnego_update_state (0x2090030)] timer[(nil)] finish[../../auth/gensec/spnego.c:2115] dcerpc_pull_auth_trailer: auth_pad_length 0 gensec_gssapi: NO credentials were delegated GSSAPI Connection will be cryptographically signed gensec_update_send: gssapi_krb5[0x20a1840]: subreq: 0x20a2550 gensec_update_send: spnego[0x20a1450]: subreq: 0x2094480 gensec_update_done: gssapi_krb5[0x20a1840]: NT_STATUS_OK tevent_req[0x20a2550/../../source4/auth/gensec/gensec_gssapi.c:1057]: state[2] error[0 (0x0)] state[struct gensec_gssapi_update_state (0x20a2700)] timer[(nil)] finish[../../source4/auth/gensec/gensec_gssapi.c:1074] gensec_update_done: spnego[0x20a1450]: NT_STATUS_MORE_PROCESSING_REQUIRED tevent_req[0x2094480/../../auth/gensec/spnego.c:1631]: state[2] error[0 (0x0)] state[struct gensec_spnego_update_state (0x2094630)] timer[(nil)] finish[../../auth/gensec/spnego.c:2115] dcerpc_pull_auth_trailer: auth_pad_length 0 gensec_update_send: spnego[0x20a1450]: subreq: 0x2094430 gensec_update_done: spnego[0x20a1450]: NT_STATUS_OK tevent_req[0x2094430/../../auth/gensec/spnego.c:1631]: state[2] error[0 (0x0)] state[struct gensec_spnego_update_state (0x20945e0)] timer[(nil)] finish[../../auth/gensec/spnego.c:2115] rpc request data: [0000] 00 00 07 00 00 00 00 00 00 00 02 00 18 00 00 00 ........ ........ [0010] 00 00 00 00 18 00 00 00 64 00 63 00 31 00 2E 00 ........ d.c.1... [0020] 68 00 71 00 2E 00 62 00 72 00 61 00 69 00 6E 00 x.x...x. x.x.x.x. [0030] 2D 00 62 00 69 00 6F 00 74 00 65 00 63 00 68 00 -.x.x.x. x.x.x.x. [0040] 2E 00 64 00 65 00 00 00 04 00 02 00 17 00 00 00 ..d.e... ........ [0050] 00 00 00 00 17 00 00 00 30 2E 31 36 38 2E 31 39 ........ 0.168.19 [0060] 32 2E 69 6E 2D 61 64 64 72 2E 61 72 70 61 00 00 2.in-add r.arpa.. [0070] 04 00 00 00 00 00 00 00 04 00 00 00 31 35 37 00 ........ ....157. [0080] 08 00 02 00 1A 00 00 00 1A 00 0C 00 F0 00 00 00 ........ ........ [0090] 01 00 00 00 84 03 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 19 7A 6F 6E 65 30 2E 68 71 2E 62 72 61 69 6E 2D .zone0.x x.xxxxx- [00B0] 62 69 6F 74 65 63 68 2E 64 65 00 00 00 00 00 00 xxxxxxx. xx...... t: struct dcerpc_sec_verification_trailer _pad : DATA_BLOB length=0 magic : 0000000000000000 count: struct dcerpc_sec_vt_count count : 0x0002 (2) commands: ARRAY(2) commands: struct dcerpc_sec_vt command : 0x0001 (1) 0x01: DCERPC_SEC_VT_COMMAND_ENUM (1) 0: DCERPC_SEC_VT_COMMAND_END 0: DCERPC_SEC_VT_MUST_PROCESS u : union dcerpc_sec_vt_union(case 0x1) bitmask1 : 0x00000001 (1) 1: DCERPC_SEC_VT_CLIENT_SUPPORTS_HEADER_SIGNING commands: struct dcerpc_sec_vt command : 0x4002 (16386) 0x02: DCERPC_SEC_VT_COMMAND_ENUM (2) 1: DCERPC_SEC_VT_COMMAND_END 0: DCERPC_SEC_VT_MUST_PROCESS u : union dcerpc_sec_vt_union(case 0x2) pcontext: struct dcerpc_sec_vt_pcontext abstract_syntax: struct ndr_syntax_id uuid : 50abc2a4-574d-40b3-9d66-ee4fd5fba076 if_version : 0x00000005 (5) transfer_syntax: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) dcerpc_pull_auth_trailer: auth_pad_length 12 rpc reply data: [0000] EF 25 00 00 .%.. ERROR(runtime): uncaught exception - (9711, 'WERR_DNS_ERROR_RECORD_ALREADY_EXISTS') File "/usr/lib64/python3.6/site-packages/samba/netcmd/__init__.py", line 186, in _run return self.run(*args, **kwargs) File "/usr/lib64/python3.6/site-packages/samba/netcmd/dns.py", line 945, in run raise e File "/usr/lib64/python3.6/site-packages/samba/netcmd/dns.py", line 941, in run 0, server, zone, name, add_rec_buf, None) It says it already exists. But it does not exist in zone "0" only in "2". Anything more I can do?> > I tested on my production where i have 6 forward/reverse zones in use. > > Is the hostname "dc1" also in other zones? > Yes, use FQDN as i showed and test it. > No, we need to investigate more most probely.-- Dr. Christian Naumer Unit Head Bioprocess Development B.R.A.I.N Aktiengesellschaft Darmstaedter Str. 34-36, D-64673 Zwingenberg e-mail cn at brain-biotech.com, homepage www.brain-biotech.com fon +49-6251-9331-30 / fax +49-6251-9331-11 Sitz der Gesellschaft: Zwingenberg/Bergstrasse Registergericht AG Darmstadt, HRB 24758 Vorstand: Adriaan Moelker (Vorstandsvorsitzender), Manfred Bender, Ludger Roedder Aufsichtsratsvorsitzender: Dr. Georg Kellinghusen
@Heinz, Thanks for testing also, but what is your samba version, OS and packages samba of compiled samba. To keep info bit more complete @Christian, can you try purge the deleted DNS records. Can you also add the debug 10 log, shown below to this bugreport. https://bugzilla.samba.org/show_bug.cgi?id=14268 I'll retest it here later on today with a few more zones. But i must finish some work first. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Christian Naumer via samba > Verzonden: dinsdag 11 februari 2020 9:23 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] New DNS-Records not aviable > > Hi Louis. > > Am 10.02.20 um 16:44 schrieb L.P.H. van Belle via samba: > > Hai Christian, > > > >> Can someone reproduce this? > > No, tried, but sorry, works fine for me on my 4.11.6 server. > > > > And what is you try it like this. > > > > samba-tool dns add dc1.zone1.domain.de > 0.168.192.in-addr.arpa 157 PTR zone1.domain.de -U Administrator > > This creates this entry (output from host 192.168.2.157, host > 192.168.0.157 returns NXDOMAIN): > > 157.2.168.192.in-addr.arpa domain name pointer > zone1.hq.brain-biotech.de. > > > > > > samba-tool dns add dc1.zone1.domain.de > 2.168.192.in-addr.arpa 157 PTR zone2.domain.de -U Administrator > > This creates the right record: > > 157.2.168.192.in-addr.arpa domain name pointer > zone2.hq.brain-biotech.de. > > I tested some more. I have these zones: > > 0.168.192.in-addr.arpa > 1.168.192.in-addr.arpa > 2.168.192.in-addr.arpa > 3.168.192.in-addr.arpa > 4.168.192.in-addr.arpa > 5.168.192.in-addr.arpa > 6.168.192.in-addr.arpa > 7.168.192.in-addr.arpa > > I can create in all zone the right record except "0" where it is then > created in "2" (not in "1") only if there is already a record with the > same last digit. The zones 0,1 and 2 contain ~100-200 records the rest > only 10 or so. > > In another attempt I deleted all the records I created in the test and > tried again. Strangely it only happens if in zone "2" there > is a record > with the same last digit. Then the new record is created in zone "2" > although I want it in zone "0". > > It also works if in zone "0" there is an entry and I try to > create zone > in zone "2". The record is then created in zone "0". > > > Here is a sequence of commands used with a d10: > > Add a record in zone "2": > > samba-tool dns add dc1.domain.de 2.168.192.in-addr.arpa 157 PTR > zone0.domain.de -U Administrator > Password for [DOMAIN-02\Administrator]: > Record added successfully > > Check record: > > host 192.168.2.157 > 157.2.168.192.in-addr.arpa domain name pointer zone0.domain.de. > > > Add the record in zone "0" with d10: > > samba-tool dns add dc1.domain.de 0.168.192.in-addr.arpa 157 PTR > zone0.domain.de -d10 -U Administrator > > INFO: Current debug levels: > all: 10 > tdb: 10 > printdrivers: 10 > lanman: 10 > smb: 10 > rpc_parse: 10 > rpc_srv: 10 > rpc_cli: 10 > passdb: 10 > sam: 10 > auth: 10 > winbind: 10 > vfs: 10 > idmap: 10 > quota: 10 > acls: 10 > locking: 10 > msdfs: 10 > dmapi: 10 > registry: 10 > scavenger: 10 > dns: 10 > ldb: 10 > tevent: 10 > auth_audit: 10 > auth_json_audit: 10 > kerberos: 10 > drs_repl: 10 > smb2: 10 > smb2_credits: 10 > dsdb_audit: 10 > dsdb_json_audit: 10 > dsdb_password_audit: 10 > dsdb_password_json_audit: 10 > dsdb_transaction_audit: 10 > dsdb_transaction_json_audit: 10 > dsdb_group_audit: 10 > dsdb_group_json_audit: 10 > lpcfg_load: refreshing parameters from /etc/samba/smb.conf > Processing section "[global]" > Processing section "[netlogon]" > Processing section "[sysvol]" > pm_process() returned Yes > GENSEC backend 'gssapi_spnego' registered > GENSEC backend 'gssapi_krb5' registered > GENSEC backend 'gssapi_krb5_sasl' registered > GENSEC backend 'spnego' registered > GENSEC backend 'schannel' registered > GENSEC backend 'naclrpc_as_system' registered > GENSEC backend 'sasl-EXTERNAL' registered > GENSEC backend 'ntlmssp' registered > GENSEC backend 'ntlmssp_resume_ccache' registered > GENSEC backend 'http_basic' registered > GENSEC backend 'http_ntlm' registered > GENSEC backend 'http_negotiate' registered > GENSEC backend 'krb5' registered > GENSEC backend 'fake_gssapi_krb5' registered > Using binding ncacn_ip_tcp:dc1.domain.de[,sign] > Mapped to DCERPC endpoint 135 > resolve_lmhosts: Attempting lmhosts lookup for name > dc1.domain.de<0x20> > startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No > such file or directory > rpc request data: > [0000] 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > ........ ........ > [0010] 00 00 00 00 02 00 00 00 4B 00 00 00 4B 00 00 00 > ........ K...K... > [0020] 05 00 13 00 0D A4 C2 AB 50 4D 57 B3 40 9D 66 EE > ........ PMW. at .f. > [0030] 4F D5 FB A0 76 05 00 02 00 00 00 13 00 0D 04 5D > O...v... .......] > [0040] 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 02 00 > ........ ..+.H`.. > [0050] 02 00 00 00 01 00 0B 02 00 00 00 01 00 07 02 00 > ........ ........ > [0060] 00 00 01 00 09 04 00 00 00 00 00 00 00 00 00 00 > ........ ........ > [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > ........ ........ > [0080] 01 00 00 00 .... > rpc reply data: > [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > ........ ........ > [0010] 00 00 00 00 01 00 00 00 01 00 00 00 00 00 00 00 > ........ ........ > [0020] 01 00 00 00 03 00 00 00 4B 00 00 00 4B 00 00 00 > ........ K...K... > [0030] 05 00 13 00 0D A4 C2 AB 50 4D 57 B3 40 9D 66 EE > ........ PMW. at .f. > [0040] 4F D5 FB A0 76 05 00 02 00 00 00 13 00 0D 04 5D > O...v... .......] > [0050] 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 02 00 > ........ ..+.H`.. > [0060] 02 00 00 00 01 00 0B 02 00 00 00 01 00 07 02 00 > ........ ........ > [0070] C0 01 01 00 09 04 00 00 00 00 00 00 00 00 00 00 > ........ ........ > Mapped to DCERPC endpoint 49153 > resolve_lmhosts: Attempting lmhosts lookup for name > dc1.domain.de<0x20> > startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No > such file or directory > Starting GENSEC mechanism spnego > Starting GENSEC submechanism gssapi_krb5 > Password for [DOMAIN-02\Administrator]: > Received smb_krb5 packet of length 313 > Received smb_krb5 packet of length 189 > kinit for Administrator at DOMAIN.DE succeeded > gensec_update_send: gssapi_krb5[0x20a1840]: subreq: 0x209f180 > gensec_update_send: spnego[0x20a1450]: subreq: 0x208fe80 > gensec_update_done: gssapi_krb5[0x20a1840]: > NT_STATUS_MORE_PROCESSING_REQUIRED > tevent_req[0x209f180/../../source4/auth/gensec/gensec_gssapi.c:1057]: > state[2] error[0 (0x0)] state[struct gensec_gssapi_update_state > (0x209f330)] timer[(nil)] > finish[../../source4/auth/gensec/gensec_gssapi.c:1067] > gensec_update_done: spnego[0x20a1450]: > NT_STATUS_MORE_PROCESSING_REQUIRED > tevent_req[0x208fe80/../../auth/gensec/spnego.c:1631]: > state[2] error[0 > (0x0)] state[struct gensec_spnego_update_state (0x2090030)] > timer[(nil)] finish[../../auth/gensec/spnego.c:2115] > dcerpc_pull_auth_trailer: auth_pad_length 0 > gensec_gssapi: NO credentials were delegated > GSSAPI Connection will be cryptographically signed > gensec_update_send: gssapi_krb5[0x20a1840]: subreq: 0x20a2550 > gensec_update_send: spnego[0x20a1450]: subreq: 0x2094480 > gensec_update_done: gssapi_krb5[0x20a1840]: NT_STATUS_OK > tevent_req[0x20a2550/../../source4/auth/gensec/gensec_gssapi.c:1057]: > state[2] error[0 (0x0)] state[struct gensec_gssapi_update_state > (0x20a2700)] timer[(nil)] > finish[../../source4/auth/gensec/gensec_gssapi.c:1074] > gensec_update_done: spnego[0x20a1450]: > NT_STATUS_MORE_PROCESSING_REQUIRED > tevent_req[0x2094480/../../auth/gensec/spnego.c:1631]: > state[2] error[0 > (0x0)] state[struct gensec_spnego_update_state (0x2094630)] > timer[(nil)] finish[../../auth/gensec/spnego.c:2115] > dcerpc_pull_auth_trailer: auth_pad_length 0 > gensec_update_send: spnego[0x20a1450]: subreq: 0x2094430 > gensec_update_done: spnego[0x20a1450]: NT_STATUS_OK > tevent_req[0x2094430/../../auth/gensec/spnego.c:1631]: > state[2] error[0 > (0x0)] state[struct gensec_spnego_update_state (0x20945e0)] > timer[(nil)] finish[../../auth/gensec/spnego.c:2115] > rpc request data: > [0000] 00 00 07 00 00 00 00 00 00 00 02 00 18 00 00 00 > ........ ........ > [0010] 00 00 00 00 18 00 00 00 64 00 63 00 31 00 2E 00 > ........ d.c.1... > [0020] 68 00 71 00 2E 00 62 00 72 00 61 00 69 00 6E 00 > x.x...x. x.x.x.x. > [0030] 2D 00 62 00 69 00 6F 00 74 00 65 00 63 00 68 00 > -.x.x.x. x.x.x.x. > [0040] 2E 00 64 00 65 00 00 00 04 00 02 00 17 00 00 00 > ..d.e... ........ > [0050] 00 00 00 00 17 00 00 00 30 2E 31 36 38 2E 31 39 > ........ 0.168.19 > [0060] 32 2E 69 6E 2D 61 64 64 72 2E 61 72 70 61 00 00 > 2.in-add r.arpa.. > [0070] 04 00 00 00 00 00 00 00 04 00 00 00 31 35 37 00 > ........ ....157. > [0080] 08 00 02 00 1A 00 00 00 1A 00 0C 00 F0 00 00 00 > ........ ........ > [0090] 01 00 00 00 84 03 00 00 00 00 00 00 00 00 00 00 > ........ ........ > [00A0] 19 7A 6F 6E 65 30 2E 68 71 2E 62 72 61 69 6E 2D > .zone0.x x.xxxxx- > [00B0] 62 69 6F 74 65 63 68 2E 64 65 00 00 00 00 00 00 > xxxxxxx. xx...... > t: struct dcerpc_sec_verification_trailer > _pad : DATA_BLOB length=0 > magic : 0000000000000000 > count: struct dcerpc_sec_vt_count > count : 0x0002 (2) > commands: ARRAY(2) > commands: struct dcerpc_sec_vt > command : 0x0001 (1) > 0x01: DCERPC_SEC_VT_COMMAND_ENUM (1) > 0: DCERPC_SEC_VT_COMMAND_END > 0: DCERPC_SEC_VT_MUST_PROCESS > u : union > dcerpc_sec_vt_union(case 0x1) > bitmask1 : 0x00000001 (1) > 1: DCERPC_SEC_VT_CLIENT_SUPPORTS_HEADER_SIGNING > commands: struct dcerpc_sec_vt > command : 0x4002 (16386) > 0x02: DCERPC_SEC_VT_COMMAND_ENUM (2) > 1: DCERPC_SEC_VT_COMMAND_END > 0: DCERPC_SEC_VT_MUST_PROCESS > u : union > dcerpc_sec_vt_union(case 0x2) > pcontext: struct dcerpc_sec_vt_pcontext > abstract_syntax: struct ndr_syntax_id > uuid : > 50abc2a4-574d-40b3-9d66-ee4fd5fba076 > if_version : 0x00000005 (5) > transfer_syntax: struct ndr_syntax_id > uuid : > 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > dcerpc_pull_auth_trailer: auth_pad_length 12 > rpc reply data: > [0000] EF 25 00 00 .%.. > ERROR(runtime): uncaught exception - (9711, > 'WERR_DNS_ERROR_RECORD_ALREADY_EXISTS') > File "/usr/lib64/python3.6/site-packages/samba/netcmd/__init__.py", > line 186, in _run > return self.run(*args, **kwargs) > File "/usr/lib64/python3.6/site-packages/samba/netcmd/dns.py", line > 945, in run > raise e > File "/usr/lib64/python3.6/site-packages/samba/netcmd/dns.py", line > 941, in run > 0, server, zone, name, add_rec_buf, None) > > It says it already exists. But it does not exist in zone "0" > only in "2". > > Anything more I can do? > > > > > > > > I tested on my production where i have 6 forward/reverse > zones in use. > > > > Is the hostname "dc1" also in other zones? > > Yes, use FQDN as i showed and test it. > > No, we need to investigate more most probely. > > -- > Dr. Christian Naumer > Unit Head Bioprocess Development > B.R.A.I.N Aktiengesellschaft > Darmstaedter Str. 34-36, D-64673 Zwingenberg > e-mail cn at brain-biotech.com, homepage www.brain-biotech.com > fon +49-6251-9331-30 / fax +49-6251-9331-11 > > Sitz der Gesellschaft: Zwingenberg/Bergstrasse > Registergericht AG Darmstadt, HRB 24758 > Vorstand: Adriaan Moelker (Vorstandsvorsitzender), > Manfred Bender, Ludger Roedder > Aufsichtsratsvorsitzender: Dr. Georg Kellinghusen > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >
Hi Louis,
my system:
Ubuntu 18.04.3 LTS
Kernel 4.15.0-74
samba Version 4.11.6 (on 4.12.0.rc2 same issue)
on samba 4.10.5 it works fine.
compile option:
./configure --with-gpgme --with-ads --with-winbind --enable-cups --
with-pam --with-quotas --with-acl-support --with-dnsupdate --with-
syslog --with-regedit --with-systemd --sysconfdir=/etc/samba
# Global parameters
[global]
bind interfaces only = Yes
interfaces = lo eth2
netbios name = DC2
realm = KLINGONS.NET
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
drepl, winbindd, ntp_signd, kcc, dnsupdate, dns
workgroup = KLINGONS
server role = active directory domain controller
idmap_ldb:use rfc2307 = yes
comment =
template homedir = /home/%U
template shell = /bin/bash
ldap server require strong auth = No
ntlm auth = Yes
log level = auth_json_audit:0 auth_audit:3
logging = syslog
password hash gpg key ids = "4FE6CFC510ADE7B9"
dns forwarder = 172.27.2.11
dns update command = /usr/local/samba/sbin/samba_dnsupdate --
use-samba-tool
2 DC are running with samba_internal DNS and 2 with bind9 DLZ.
Regards,
heinz
Am Dienstag, den 11.02.2020, 10:14 +0100 schrieb L.P.H. van Belle via
samba:> @Heinz,
> Thanks for testing also, but what is your samba version, OS and
> packages samba of compiled samba.
> To keep info bit more complete
>
>
> @Christian, can you try purge the deleted DNS records.
> Can you also add the debug 10 log, shown below to this bugreport.
> https://bugzilla.samba.org/show_bug.cgi?id=14268
>
> I'll retest it here later on today with a few more zones.
> But i must finish some work first.
>
>
> Greetz,
>
> Louis
>
>
>
> > -----Oorspronkelijk bericht-----
> > Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> > Christian Naumer via samba
> > Verzonden: dinsdag 11 februari 2020 9:23
> > Aan: samba at lists.samba.org
> > Onderwerp: Re: [Samba] New DNS-Records not aviable
> >
> > Hi Louis.
> >
> > Am 10.02.20 um 16:44 schrieb L.P.H. van Belle via samba:
> > > Hai Christian,
> > >
> > > > Can someone reproduce this?
> > > No, tried, but sorry, works fine for me on my 4.11.6 server.
> > >
> > > And what is you try it like this.
> > >
> > > samba-tool dns add dc1.zone1.domain.de
> > 0.168.192.in-addr.arpa 157 PTR zone1.domain.de -U Administrator
> >
> > This creates this entry (output from host 192.168.2.157, host
> > 192.168.0.157 returns NXDOMAIN):
> >
> > 157.2.168.192.in-addr.arpa domain name pointer
> > zone1.hq.brain-biotech.de.
> >
> >
> >
> >
> > > samba-tool dns add dc1.zone1.domain.de
> > 2.168.192.in-addr.arpa 157 PTR zone2.domain.de -U Administrator
> >
> > This creates the right record:
> >
> > 157.2.168.192.in-addr.arpa domain name pointer
> > zone2.hq.brain-biotech.de.
> >
> > I tested some more. I have these zones:
> >
> > 0.168.192.in-addr.arpa
> > 1.168.192.in-addr.arpa
> > 2.168.192.in-addr.arpa
> > 3.168.192.in-addr.arpa
> > 4.168.192.in-addr.arpa
> > 5.168.192.in-addr.arpa
> > 6.168.192.in-addr.arpa
> > 7.168.192.in-addr.arpa
> >
> > I can create in all zone the right record except "0" where
it is
> > then
> > created in "2" (not in "1") only if there is
already a record with
> > the
> > same last digit. The zones 0,1 and 2 contain ~100-200 records the
> > rest
> > only 10 or so.
> >
> > In another attempt I deleted all the records I created in the test
> > and
> > tried again. Strangely it only happens if in zone "2" there
> > is a record
> > with the same last digit. Then the new record is created in zone
> > "2"
> > although I want it in zone "0".
> >
> > It also works if in zone "0" there is an entry and I try to
> > create zone
> > in zone "2". The record is then created in zone
"0".
> >
> >
> > Here is a sequence of commands used with a d10:
> >
> > Add a record in zone "2":
> >
> > samba-tool dns add dc1.domain.de 2.168.192.in-addr.arpa 157 PTR
> > zone0.domain.de -U Administrator
> > Password for [DOMAIN-02\Administrator]:
> > Record added successfully
> >
> > Check record:
> >
> > host 192.168.2.157
> > 157.2.168.192.in-addr.arpa domain name pointer zone0.domain.de.
> >
> >
> > Add the record in zone "0" with d10:
> >
> > samba-tool dns add dc1.domain.de 0.168.192.in-addr.arpa 157 PTR
> > zone0.domain.de -d10 -U Administrator
> >
> > INFO: Current debug levels:
> > all: 10
> > tdb: 10
> > printdrivers: 10
> > lanman: 10
> > smb: 10
> > rpc_parse: 10
> > rpc_srv: 10
> > rpc_cli: 10
> > passdb: 10
> > sam: 10
> > auth: 10
> > winbind: 10
> > vfs: 10
> > idmap: 10
> > quota: 10
> > acls: 10
> > locking: 10
> > msdfs: 10
> > dmapi: 10
> > registry: 10
> > scavenger: 10
> > dns: 10
> > ldb: 10
> > tevent: 10
> > auth_audit: 10
> > auth_json_audit: 10
> > kerberos: 10
> > drs_repl: 10
> > smb2: 10
> > smb2_credits: 10
> > dsdb_audit: 10
> > dsdb_json_audit: 10
> > dsdb_password_audit: 10
> > dsdb_password_json_audit: 10
> > dsdb_transaction_audit: 10
> > dsdb_transaction_json_audit: 10
> > dsdb_group_audit: 10
> > dsdb_group_json_audit: 10
> > lpcfg_load: refreshing parameters from /etc/samba/smb.conf
> > Processing section "[global]"
> > Processing section "[netlogon]"
> > Processing section "[sysvol]"
> > pm_process() returned Yes
> > GENSEC backend 'gssapi_spnego' registered
> > GENSEC backend 'gssapi_krb5' registered
> > GENSEC backend 'gssapi_krb5_sasl' registered
> > GENSEC backend 'spnego' registered
> > GENSEC backend 'schannel' registered
> > GENSEC backend 'naclrpc_as_system' registered
> > GENSEC backend 'sasl-EXTERNAL' registered
> > GENSEC backend 'ntlmssp' registered
> > GENSEC backend 'ntlmssp_resume_ccache' registered
> > GENSEC backend 'http_basic' registered
> > GENSEC backend 'http_ntlm' registered
> > GENSEC backend 'http_negotiate' registered
> > GENSEC backend 'krb5' registered
> > GENSEC backend 'fake_gssapi_krb5' registered
> > Using binding ncacn_ip_tcp:dc1.domain.de[,sign]
> > Mapped to DCERPC endpoint 135
> > resolve_lmhosts: Attempting lmhosts lookup for name
> > dc1.domain.de<0x20>
> > startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error
was
> > No
> > such file or directory
> > rpc request data:
> > [0000] 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> > ........ ........
> > [0010] 00 00 00 00 02 00 00 00 4B 00 00 00 4B 00 00 00
> > ........ K...K...
> > [0020] 05 00 13 00 0D A4 C2 AB 50 4D 57 B3 40 9D 66 EE
> > ........ PMW. at .f.
> > [0030] 4F D5 FB A0 76 05 00 02 00 00 00 13 00 0D 04 5D
> > O...v... .......]
> > [0040] 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 02 00
> > ........ ..+.H`..
> > [0050] 02 00 00 00 01 00 0B 02 00 00 00 01 00 07 02 00
> > ........ ........
> > [0060] 00 00 01 00 09 04 00 00 00 00 00 00 00 00 00 00
> > ........ ........
> > [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> > ........ ........
> > [0080] 01 00 00 00 ....
> > rpc reply data:
> > [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> > ........ ........
> > [0010] 00 00 00 00 01 00 00 00 01 00 00 00 00 00 00 00
> > ........ ........
> > [0020] 01 00 00 00 03 00 00 00 4B 00 00 00 4B 00 00 00
> > ........ K...K...
> > [0030] 05 00 13 00 0D A4 C2 AB 50 4D 57 B3 40 9D 66 EE
> > ........ PMW. at .f.
> > [0040] 4F D5 FB A0 76 05 00 02 00 00 00 13 00 0D 04 5D
> > O...v... .......]
> > [0050] 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 02 00
> > ........ ..+.H`..
> > [0060] 02 00 00 00 01 00 0B 02 00 00 00 01 00 07 02 00
> > ........ ........
> > [0070] C0 01 01 00 09 04 00 00 00 00 00 00 00 00 00 00
> > ........ ........
> > Mapped to DCERPC endpoint 49153
> > resolve_lmhosts: Attempting lmhosts lookup for name
> > dc1.domain.de<0x20>
> > startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error
was
> > No
> > such file or directory
> > Starting GENSEC mechanism spnego
> > Starting GENSEC submechanism gssapi_krb5
> > Password for [DOMAIN-02\Administrator]:
> > Received smb_krb5 packet of length 313
> > Received smb_krb5 packet of length 189
> > kinit for Administrator at DOMAIN.DE succeeded
> > gensec_update_send: gssapi_krb5[0x20a1840]: subreq: 0x209f180
> > gensec_update_send: spnego[0x20a1450]: subreq: 0x208fe80
> > gensec_update_done: gssapi_krb5[0x20a1840]:
> > NT_STATUS_MORE_PROCESSING_REQUIRED
> > tevent_req[0x209f180/../../source4/auth/gensec/gensec_gssapi.c:1057
> > ]:
> > state[2] error[0 (0x0)] state[struct gensec_gssapi_update_state
> > (0x209f330)] timer[(nil)]
> > finish[../../source4/auth/gensec/gensec_gssapi.c:1067]
> > gensec_update_done: spnego[0x20a1450]:
> > NT_STATUS_MORE_PROCESSING_REQUIRED
> > tevent_req[0x208fe80/../../auth/gensec/spnego.c:1631]:
> > state[2] error[0
> > (0x0)] state[struct gensec_spnego_update_state (0x2090030)]
> > timer[(nil)] finish[../../auth/gensec/spnego.c:2115]
> > dcerpc_pull_auth_trailer: auth_pad_length 0
> > gensec_gssapi: NO credentials were delegated
> > GSSAPI Connection will be cryptographically signed
> > gensec_update_send: gssapi_krb5[0x20a1840]: subreq: 0x20a2550
> > gensec_update_send: spnego[0x20a1450]: subreq: 0x2094480
> > gensec_update_done: gssapi_krb5[0x20a1840]: NT_STATUS_OK
> > tevent_req[0x20a2550/../../source4/auth/gensec/gensec_gssapi.c:1057
> > ]:
> > state[2] error[0 (0x0)] state[struct gensec_gssapi_update_state
> > (0x20a2700)] timer[(nil)]
> > finish[../../source4/auth/gensec/gensec_gssapi.c:1074]
> > gensec_update_done: spnego[0x20a1450]:
> > NT_STATUS_MORE_PROCESSING_REQUIRED
> > tevent_req[0x2094480/../../auth/gensec/spnego.c:1631]:
> > state[2] error[0
> > (0x0)] state[struct gensec_spnego_update_state (0x2094630)]
> > timer[(nil)] finish[../../auth/gensec/spnego.c:2115]
> > dcerpc_pull_auth_trailer: auth_pad_length 0
> > gensec_update_send: spnego[0x20a1450]: subreq: 0x2094430
> > gensec_update_done: spnego[0x20a1450]: NT_STATUS_OK
> > tevent_req[0x2094430/../../auth/gensec/spnego.c:1631]:
> > state[2] error[0
> > (0x0)] state[struct gensec_spnego_update_state (0x20945e0)]
> > timer[(nil)] finish[../../auth/gensec/spnego.c:2115]
> > rpc request data:
> > [0000] 00 00 07 00 00 00 00 00 00 00 02 00 18 00 00 00
> > ........ ........
> > [0010] 00 00 00 00 18 00 00 00 64 00 63 00 31 00 2E 00
> > ........ d.c.1...
> > [0020] 68 00 71 00 2E 00 62 00 72 00 61 00 69 00 6E 00
> > x.x...x. x.x.x.x.
> > [0030] 2D 00 62 00 69 00 6F 00 74 00 65 00 63 00 68 00
> > -.x.x.x. x.x.x.x.
> > [0040] 2E 00 64 00 65 00 00 00 04 00 02 00 17 00 00 00
> > ..d.e... ........
> > [0050] 00 00 00 00 17 00 00 00 30 2E 31 36 38 2E 31 39
> > ........ 0.168.19
> > [0060] 32 2E 69 6E 2D 61 64 64 72 2E 61 72 70 61 00 00
> > 2.in-add r.arpa..
> > [0070] 04 00 00 00 00 00 00 00 04 00 00 00 31 35 37 00
> > ........ ....157.
> > [0080] 08 00 02 00 1A 00 00 00 1A 00 0C 00 F0 00 00 00
> > ........ ........
> > [0090] 01 00 00 00 84 03 00 00 00 00 00 00 00 00 00 00
> > ........ ........
> > [00A0] 19 7A 6F 6E 65 30 2E 68 71 2E 62 72 61 69 6E 2D
> > .zone0.x x.xxxxx-
> > [00B0] 62 69 6F 74 65 63 68 2E 64 65 00 00 00 00 00 00
> > xxxxxxx. xx......
> > t: struct dcerpc_sec_verification_trailer
> > _pad : DATA_BLOB length=0
> > magic : 0000000000000000
> > count: struct dcerpc_sec_vt_count
> > count : 0x0002 (2)
> > commands: ARRAY(2)
> > commands: struct dcerpc_sec_vt
> > command : 0x0001 (1)
> > 0x01: DCERPC_SEC_VT_COMMAND_ENUM (1)
> > 0: DCERPC_SEC_VT_COMMAND_END
> > 0: DCERPC_SEC_VT_MUST_PROCESS
> > u : union
> > dcerpc_sec_vt_union(case 0x1)
> > bitmask1 : 0x00000001 (1)
> > 1:
> > DCERPC_SEC_VT_CLIENT_SUPPORTS_HEADER_SIGNING
> > commands: struct dcerpc_sec_vt
> > command : 0x4002 (16386)
> > 0x02: DCERPC_SEC_VT_COMMAND_ENUM (2)
> > 1: DCERPC_SEC_VT_COMMAND_END
> > 0: DCERPC_SEC_VT_MUST_PROCESS
> > u : union
> > dcerpc_sec_vt_union(case 0x2)
> > pcontext: struct dcerpc_sec_vt_pcontext
> > abstract_syntax: struct ndr_syntax_id
> > uuid :
> > 50abc2a4-574d-40b3-9d66-ee4fd5fba076
> > if_version : 0x00000005 (5)
> > transfer_syntax: struct ndr_syntax_id
> > uuid :
> > 8a885d04-1ceb-11c9-9fe8-08002b104860
> > if_version : 0x00000002 (2)
> > dcerpc_pull_auth_trailer: auth_pad_length 12
> > rpc reply data:
> > [0000] EF 25 00 00 .%..
> > ERROR(runtime): uncaught exception - (9711,
> > 'WERR_DNS_ERROR_RECORD_ALREADY_EXISTS')
> > File "/usr/lib64/python3.6/site-
> > packages/samba/netcmd/__init__.py",
> > line 186, in _run
> > return self.run(*args, **kwargs)
> > File
"/usr/lib64/python3.6/site-packages/samba/netcmd/dns.py",
> > line
> > 945, in run
> > raise e
> > File
"/usr/lib64/python3.6/site-packages/samba/netcmd/dns.py",
> > line
> > 941, in run
> > 0, server, zone, name, add_rec_buf, None)
> >
> > It says it already exists. But it does not exist in zone "0"
> > only in "2".
> >
> > Anything more I can do?
> >
> >
> >
> >
> > > I tested on my production where i have 6 forward/reverse
> > zones in use.
> > > Is the hostname "dc1" also in other zones?
> > > Yes, use FQDN as i showed and test it.
> > > No, we need to investigate more most probely.
> >
> > --
> > Dr. Christian Naumer
> > Unit Head Bioprocess Development
> > B.R.A.I.N Aktiengesellschaft
> > Darmstaedter Str. 34-36, D-64673 Zwingenberg
> > e-mail cn at brain-biotech.com, homepage www.brain-biotech.com
> > fon +49-6251-9331-30 / fax +49-6251-9331-11
> >
> > Sitz der Gesellschaft: Zwingenberg/Bergstrasse
> > Registergericht AG Darmstadt, HRB 24758
> > Vorstand: Adriaan Moelker (Vorstandsvorsitzender),
> > Manfred Bender, Ludger Roedder
> > Aufsichtsratsvorsitzender: Dr. Georg Kellinghusen
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
> >
> >
>
>