On 02/03/2020 13:36, Paul Littlefield wrote:> On 02/03/2020 13:16, Rowland Penny via samba wrote: >> >> Samba runs samba_dnsupgrade on a regular basis, using dns_update_list >> as a template. Amongst the list of dns entries is this: >> >> AAAA ${HOSTNAME}?????????????????????????????????????????? $IP >> > > Hi Rowland, > > Can I change any of these which will not break my AD DC?You could try commenting out the line in dns_update_list.> dns update command = /usr/sbin/samba_dnsupdateWrite another script that does nothing and use that instead (just for testing) ?> > OK, so is it safe to (maybe at a future date) turn off IPv6 on Ubuntu > and change to ifupdown if I want to?Yes, this is what I did when testing Ubuntu 18.04, but perhaps Louis has further comments ?> > 13:25:35.264891 IP 130.130.0.252.63006 > 130.130.0.218.53: 29782 > update [1a] [3n] SOA? mydomain.com. (108) > 13:25:35.265196 IP 130.130.0.218.53 > 130.130.0.252.63006: 29782 > update Refused- 1/3/0 (Class 254) CNAME V-RDS02.mydomain.com. (108) > 13:25:35.274443 IP 130.130.0.252.55001 > 130.130.0.218.53: 64781 > update [1a] [3n] [1au] SOA? mydomain.com. (239) > 13:25:35.354349 IP 130.130.0.218.53 > 130.130.0.252.55001: 64781 > update 1/3/1 (Class 254) CNAME V-RDS02.mydomain.com. (224) > > ...what IS that Windows server trying to do?!It looks like it is trying to update its own dns records and if you are using dhcp to update the records in AD they shouldn't be. Rowland
On 02/03/2020 14:16, Rowland penny via samba wrote:> You could try commenting out the line in dns_update_list.OK.> Write another script that does nothing and use that instead (just for testing) ?OK, or add and change this line to remove the 'dnsupdate' service? server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate, dns> Yes, this is what I did when testing Ubuntu 18.04, but perhaps Louis has further comments ?Noted.> It looks like it is trying to update its own dns records and if you are using dhcp to update the records in AD they shouldn't be.I'm not using DHCP to update DNS... I don't use BIND. The plot thickens... the lease is set for 6 hours and should a Windows Server be trying to update anything to do with a Samba 4 AD DC?! Just to clarify, so far it's just 4 Windows Servers that are ADDING their IPv6 addresses. **UPDATE** It's just happened again, so I have logged in to the Windows Server and checked it's IPv6 address which bears NO resemblance to the entry in the Samba 4 DNS... Name=V-INT, Records=2, Children=0 AAAA: 2002:8282:00ca:0000:0000:0000:8282:00ca (flags=f0, serial=110, ttl=1200) A: 130.130.0.202 (flags=f0, serial=934, ttl=900) actual IPv^ address = 'fe80::7c57:b0d5:d6b9:ecc%12' Help! Regards, Paully
Ah the ipv6 : 2002:8282:00ca:0000:0000:0000:8282:00ca The corresponding IPv4 address is 130.130.0.202 Does that ring a bel?> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Paul > Littlefield via samba > Verzonden: maandag 2 maart 2020 16:04 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] samba_dnsupdate > > On 02/03/2020 14:16, Rowland penny via samba wrote: > > You could try commenting out the line in dns_update_list. > > OK. > > > Write another script that does nothing and use that instead > (just for testing) ? > > OK, or add and change this line to remove the 'dnsupdate' service? > > server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, > drepl, winbindd, ntp_signd, kcc, dnsupdate, dns > > > > Yes, this is what I did when testing Ubuntu 18.04, but > perhaps Louis has further comments ? > > Noted. > > > It looks like it is trying to update its own dns records > and if you are using dhcp to update the records in AD they > shouldn't be. > > I'm not using DHCP to update DNS... I don't use BIND. > > The plot thickens... the lease is set for 6 hours and should > a Windows Server be trying to update anything to do with a > Samba 4 AD DC?! > > Just to clarify, so far it's just 4 Windows Servers that are > ADDING their IPv6 addresses. > > **UPDATE** > > It's just happened again, so I have logged in to the Windows > Server and checked it's IPv6 address which bears NO > resemblance to the entry in the Samba 4 DNS... > > Name=V-INT, Records=2, Children=0 > AAAA: 2002:8282:00ca:0000:0000:0000:8282:00ca (flags=f0, > serial=110, ttl=1200) > A: 130.130.0.202 (flags=f0, serial=934, ttl=900) > > actual IPv^ address = 'fe80::7c57:b0d5:d6b9:ecc%12' > > > Help! > > Regards, > > Paully > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >
Can you run the debug script, that might give me more info. https://github.com/thctlo/samba4/raw/master/samba-collect-debug-info.sh Anonimze where needed. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > L.P.H. van Belle via samba > Verzonden: maandag 2 maart 2020 16:23 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] samba_dnsupdate > > Ah the ipv6 : 2002:8282:00ca:0000:0000:0000:8282:00ca > The corresponding IPv4 address is 130.130.0.202 > > Does that ring a bel? > > > > -----Oorspronkelijk bericht----- > > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Paul > > Littlefield via samba > > Verzonden: maandag 2 maart 2020 16:04 > > Aan: samba at lists.samba.org > > Onderwerp: Re: [Samba] samba_dnsupdate > > > > On 02/03/2020 14:16, Rowland penny via samba wrote: > > > You could try commenting out the line in dns_update_list. > > > > OK. > > > > > Write another script that does nothing and use that instead > > (just for testing) ? > > > > OK, or add and change this line to remove the 'dnsupdate' service? > > > > server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, > > drepl, winbindd, ntp_signd, kcc, dnsupdate, dns > > > > > > > Yes, this is what I did when testing Ubuntu 18.04, but > > perhaps Louis has further comments ? > > > > Noted. > > > > > It looks like it is trying to update its own dns records > > and if you are using dhcp to update the records in AD they > > shouldn't be. > > > > I'm not using DHCP to update DNS... I don't use BIND. > > > > The plot thickens... the lease is set for 6 hours and should > > a Windows Server be trying to update anything to do with a > > Samba 4 AD DC?! > > > > Just to clarify, so far it's just 4 Windows Servers that are > > ADDING their IPv6 addresses. > > > > **UPDATE** > > > > It's just happened again, so I have logged in to the Windows > > Server and checked it's IPv6 address which bears NO > > resemblance to the entry in the Samba 4 DNS... > > > > Name=V-INT, Records=2, Children=0 > > AAAA: 2002:8282:00ca:0000:0000:0000:8282:00ca (flags=f0, > > serial=110, ttl=1200) > > A: 130.130.0.202 (flags=f0, serial=934, ttl=900) > > > > actual IPv^ address = 'fe80::7c57:b0d5:d6b9:ecc%12' > > > > > > Help! > > > > Regards, > > > > Paully > > > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >
On 02/03/2020 15:23, L.P.H. van Belle via samba wrote:> Ah the ipv6 : 2002:8282:00ca:0000:0000:0000:8282:00ca > The corresponding IPv4 address is 130.130.0.202 > > Does that ring a bell?Yes, that's what the IPv4 address should be. I've just run my script to add those 4 'stolen deleted' A records... root at dc3.mydomain.com ~ $ (screen) /root/bin/dns_fix.sh Record added successfully Record added successfully Record added successfully Record added successfully ...and here is the DC3 AD DNS entry afterwards... Name=V-INT, Records=2, Children=0 AAAA: 2002:8282:00ca:0000:0000:0000:8282:00ca (flags=f0, serial=110, ttl=1200) A: 130.130.0.202 (flags=f0, serial=982, ttl=900) ...and this is happening every 15 minutes or so. What is going on?! Regards, Paully