On 02/03/2020 11:51, Paul Littlefield via samba wrote:> On 02/03/2020 10:49, Rowland penny via samba wrote: >> Does your DC have a fixed IP and if not, why not ? > > Yes, using netplan in Ubuntu 18.04... > > network: > ? ethernets: > ??? ens18: > ????? addresses: > ????? - 130.130.0.218/16 > ????? gateway4: 130.130.0.1 > ????? nameservers: > ??????? addresses: > ??????? - 130.130.0.218 > ??????? - 130.130.0.219 > ??????? search: > ??????? - mydomain.com > ????? optional: true > ? version: 2Samba runs samba_dnsupgrade on a regular basis, using dns_update_list as a template. Amongst the list of dns entries is this: AAAA ${HOSTNAME}?????????????????????????????????????????? $IP> > > > It's just happened AGAIN... the main servers A records have gone and > replaced by IPv6 ones.I am unsure why it is doing this, I have never seen this happening, but then again I do not use IPv6 or netplan.> > I'm using the Samba 4 Internal DNS and ISC DHCP Server and have > 'ddns-update-style none;' in the DHCP server config. > > Questions... > > 1. How do I turn on Samba 4 AD DC logging for DNS updates?add 'log level = 4' to the smb.conf on the DC> > 2. Can I watch for DNS requests in tcpdump?I do not see why you couldn't.> > > 3. I have another DC which is replicating fine with this DC and after > I have REMOVED the AAAA IPv6 entries + ADDED the A records in _either_ > DC it lasts for a while then they get removed again!Fairly sure this is samba_dnsupgrade doing this, but why is another question. Rowland
On 02/03/2020 13:16, Rowland Penny via samba wrote:> > Samba runs samba_dnsupgrade on a regular basis, using dns_update_list as a template. Amongst the list of dns entries is this: > > AAAA ${HOSTNAME}?????????????????????????????????????????? $IP >Hi Rowland, Thanks for replying so quickly. OK, is there a way to pause this process for the purposes of debugging? Can I change any of these which will not break my AD DC? allow dns updates = secure only dns update command = /usr/sbin/samba_dnsupdate> I am unsure why it is doing this, I have never seen this happening, but then again I do not use IPv6 or netplan.OK, so is it safe to (maybe at a future date) turn off IPv6 on Ubuntu and change to ifupdown if I want to?> add 'log level = 4' to the smb.conf on the DCThanks.>> 2. Can I watch for DNS requests in tcpdump? > I do not see why you couldn't.Done. Here are a few lines of santised output... 13:25:35.264891 IP 130.130.0.252.63006 > 130.130.0.218.53: 29782 update [1a] [3n] SOA? mydomain.com. (108) 13:25:35.265196 IP 130.130.0.218.53 > 130.130.0.252.63006: 29782 update Refused- 1/3/0 (Class 254) CNAME V-RDS02.mydomain.com. (108) 13:25:35.274443 IP 130.130.0.252.55001 > 130.130.0.218.53: 64781 update [1a] [3n] [1au] SOA? mydomain.com. (239) 13:25:35.354349 IP 130.130.0.218.53 > 130.130.0.252.55001: 64781 update 1/3/1 (Class 254) CNAME V-RDS02.mydomain.com. (224) ...what IS that Windows server trying to do?!> Fairly sure this is samba_dnsupgrade doing this, but why is another question.Oooo, goody... I've prompted a head scratching bug finding session! Joking aside... to be honest, I really wish I didn't have people moaning at me because they keep getting kicked out of Sage but that's I.T. for you. I look forward to your replies! As always... thanks, :) Paully
On 02/03/2020 13:16, Rowland penny via samba wrote:> On 02/03/2020 11:51, Paul Littlefield via samba wrote: >> On 02/03/2020 10:49, Rowland penny via samba wrote: >>> Does your DC have a fixed IP and if not, why not ? >> >> Yes, using netplan in Ubuntu 18.04... >> >> network: >> ? ethernets: >> ??? ens18: >> ????? addresses: >> ????? - 130.130.0.218/16 >> ????? gateway4: 130.130.0.1 >> ????? nameservers: >> ??????? addresses: >> ??????? - 130.130.0.218 >> ??????? - 130.130.0.219 >> ??????? search: >> ??????? - mydomain.com >> ????? optional: true >> ? version: 2 > > Samba runs samba_dnsupgrade on a regular basis, using dns_update_list > as a template. Amongst the list of dns entries is this: > > AAAA ${HOSTNAME}?????????????????????????????????????????? $IP > >> >> >> >> It's just happened AGAIN... the main servers A records have gone and >> replaced by IPv6 ones. > I am unsure why it is doing this, I have never seen this happening, > but then again I do not use IPv6 or netplan. >> >> I'm using the Samba 4 Internal DNS and ISC DHCP Server and have >> 'ddns-update-style none;' in the DHCP server config. >> >> Questions... >> >> 1. How do I turn on Samba 4 AD DC logging for DNS updates? > add 'log level = 4' to the smb.conf on the DC >> >> 2. Can I watch for DNS requests in tcpdump? > I do not see why you couldn't. >> >> >> 3. I have another DC which is replicating fine with this DC and after >> I have REMOVED the AAAA IPv6 entries + ADDED the A records in >> _either_ DC it lasts for a while then they get removed again! > > Fairly sure this is samba_dnsupgrade doing this, but why is another > question. > > Rowland > >And of course 'samba_dnsupgrade' should have been 'samba_dnsupdate' :-( Rowland
On 02/03/2020 13:16, Rowland Penny via samba wrote:> add 'log level = 4' to the smb.conf on the DCWhich file do I look in for DNS logging? :) Paully
On 02/03/2020 13:36, Paul Littlefield wrote:> On 02/03/2020 13:16, Rowland Penny via samba wrote: >> >> Samba runs samba_dnsupgrade on a regular basis, using dns_update_list >> as a template. Amongst the list of dns entries is this: >> >> AAAA ${HOSTNAME}?????????????????????????????????????????? $IP >> > > Hi Rowland, > > Can I change any of these which will not break my AD DC?You could try commenting out the line in dns_update_list.> dns update command = /usr/sbin/samba_dnsupdateWrite another script that does nothing and use that instead (just for testing) ?> > OK, so is it safe to (maybe at a future date) turn off IPv6 on Ubuntu > and change to ifupdown if I want to?Yes, this is what I did when testing Ubuntu 18.04, but perhaps Louis has further comments ?> > 13:25:35.264891 IP 130.130.0.252.63006 > 130.130.0.218.53: 29782 > update [1a] [3n] SOA? mydomain.com. (108) > 13:25:35.265196 IP 130.130.0.218.53 > 130.130.0.252.63006: 29782 > update Refused- 1/3/0 (Class 254) CNAME V-RDS02.mydomain.com. (108) > 13:25:35.274443 IP 130.130.0.252.55001 > 130.130.0.218.53: 64781 > update [1a] [3n] [1au] SOA? mydomain.com. (239) > 13:25:35.354349 IP 130.130.0.218.53 > 130.130.0.252.55001: 64781 > update 1/3/1 (Class 254) CNAME V-RDS02.mydomain.com. (224) > > ...what IS that Windows server trying to do?!It looks like it is trying to update its own dns records and if you are using dhcp to update the records in AD they shouldn't be. Rowland
On 02/03/2020 13:56, Paul Littlefield wrote:> On 02/03/2020 13:16, Rowland Penny via samba wrote: >> add 'log level = 4' to the smb.conf on the DC > > Which file do I look in for DNS logging? > > :) > > Paully/var/log/samba/log.samba Rowland
Guys, what i noticed. Look at this. Refused- 1/3/0 (Class 254) ( /24 ) Paully used /16 update 1/3/1 (Class 254) CNAME V-RDS02.mydomain.com CNAME ? And, if he uses in his example samba-tool dns add dc3 mydomain.com V-RDS02 A 130.130.0.252 A record was used. Is resolv.conf checked and it is sure in pointing to the correct DNS of the AD first? addresses: - 130.130.0.218/16 gateway4: 130.130.0.1 nameservers: addresses: - 130.130.0.218 - 130.130.0.219 What are these AD-DC's ? - 130.130.0.218 - 130.130.0.219 Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Rowland penny via samba > Verzonden: maandag 2 maart 2020 15:17 > Aan: sambalist > Onderwerp: Re: [Samba] samba_dnsupdate > > On 02/03/2020 13:36, Paul Littlefield wrote: > > On 02/03/2020 13:16, Rowland Penny via samba wrote: > >> > >> Samba runs samba_dnsupgrade on a regular basis, using > dns_update_list > >> as a template. Amongst the list of dns entries is this: > >> > >> AAAA ${HOSTNAME}?????????????????????????????????????????? $IP > >> > > > > Hi Rowland, > > > > Can I change any of these which will not break my AD DC? > You could try commenting out the line in dns_update_list. > > dns update command = /usr/sbin/samba_dnsupdate > Write another script that does nothing and use that instead (just for > testing) ? > > > > OK, so is it safe to (maybe at a future date) turn off IPv6 > on Ubuntu > > and change to ifupdown if I want to? > Yes, this is what I did when testing Ubuntu 18.04, but > perhaps Louis has > further comments ? > > > > 13:25:35.264891 IP 130.130.0.252.63006 > 130.130.0.218.53: 29782 > > update [1a] [3n] SOA? mydomain.com. (108) > > 13:25:35.265196 IP 130.130.0.218.53 > 130.130.0.252.63006: 29782 > > update Refused- 1/3/0 (Class 254) CNAME V-RDS02.mydomain.com. (108) > > 13:25:35.274443 IP 130.130.0.252.55001 > 130.130.0.218.53: 64781 > > update [1a] [3n] [1au] SOA? mydomain.com. (239) > > 13:25:35.354349 IP 130.130.0.218.53 > 130.130.0.252.55001: 64781 > > update 1/3/1 (Class 254) CNAME V-RDS02.mydomain.com. (224) > > > > ...what IS that Windows server trying to do?! > It looks like it is trying to update its own dns records and > if you are > using dhcp to update the records in AD they shouldn't be. > > Rowland > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >