On 26/05/2021 19:40, Roy Eastwood via samba wrote:> Hi Louis, > > Thanks for your help as always! See in-line responses below. > >> -----Original Message----- >> From: samba <samba-bounces at lists.samba.org> On Behalf Of L.P.H. van Belle via samba >> Sent: 25 May 2021 09:25 >> To: samba at lists.samba.org >> Subject: Re: [Samba] Reverse Lookup Zone Not Loaded by DNS Server >> >> Hai Roy, >> >> If you change a line like this in systemd : > ExecReload=/usr/sbin/rndc reload >> You MUST be done like this. >> >> # First empty Variable. >> ExecReload>> # Set new value. >> ExecReload=/usr/sbin/rndc restart >> >> Safest way to create the override files is. : systemct edit bind9 >> Why like that, that also runs systemctl daemon-reload for you. >> >> Just to be sure on that. >> > Yes, that's exactly how I did it. > >> I can recall i seen this also with some update last week, on the F5/refresh, >> but, a reboot fixed that for me. >> >> Hmm, verify the bind0 logs, check if bind9 is running fine. >> The output shown of the reverse zone looks fine to me. >> >> journalctl -u bind9 >> journalctl -u samba-ad-dc >> >> You can also do/add this. >> >> systemctl edit samba-ad-dc >> Part below makes sure samba is started after bind9 has started. >> >> # /etc/systemd/system/samba-ad-dc.service.d/override.conf >> [Unit] >> After=network.target network-online.target bind9.service >> > I've added this edit to the samba-ad-dc as suggested. > >> So, all i can think of atm, is add these suggestions i gave for the services. >> And reboot the server once more. >> >> If that didnt work, we need to up the debuglevels in smb.conf. > Rebooted and tried again, but still same error in Windows RSAT DNS Manager. In case it was particular to that workstation, used another Windows 10 member workstation, but the result is the same. > > Have increased the dns log level to 10 in smb.conf, but nothing is jumping out to me, but then again I don't know what I'm looking for! > Here are some snippets from various log files: https://gist.github.com/spindles7/1e812dc83eb61453f149e3d40962d6e2 after restarting the services and opening DNS Manager and pressing F5. > > Best regards, > Roy >> >> Greetz, >> >> Louis >Works for myself, so can you post your smb.conf and named.conf files Rowland
On 26 May 2021 20:02 Rowland penny wrote:> Works for myself, so can you post your smb.conf and named.conf files > > RowlandYes, here they are:>From tiger-db (DC owning the FSMA roles)=====================smb.conf: # Global parameters [global] netbios name = TIGER-DB realm = MICROLYNX.ORG server role = active directory domain controller server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate workgroup = MICROLYNX # prevent CUPS errors in syslog printcap name = /dev/null load printers = no # add the following two lines for testing ? remove for production # winbind enum users = yes # winbind enum groups = yes # allow clients to update their DNS records allow dns updates = nonsecure # allow AD users to log on template shell = /bin/bash template homedir = /home/%D/%U winbind refresh tickets = yes log file = /var/log/samba/log.samba log level = 1 dns:10 [sysvol] path = /var/lib/samba/sysvol read only = No [netlogon] path = /var/lib/samba/sysvol/microlynx.org/scripts read only = No ============ end smb.conf ==================named.conf: include "/etc/bind/named.conf.options"; include "/etc/bind/named.conf.local"; include "/etc/bind/named.conf.default-zones"; =============end named.conf===============named/conf.options: options { directory "/var/cache/bind"; auth-nxdomain yes; notify no; empty-zones-enable no; allow-query { 127.0.0.1; 192.168.2.0/24; 192.168.10.0/24; 10.16.0.0/24; }; allow-update { 127.0.0.1; 192.168.2.0/24; }; allow-recursion { 127.0.0.1; 192.168.2.0/24; 192.168.10.0/24; 10.16.0.0/24; }; allow-transfer { none; }; listen-on port 53 { any; }; listen-on-v6 port 53 { none; }; forwarders { 192.168.2.2; }; // for updates to AD zone tkey-gssapi-keytab "/var/lib/samba/bind-dns/dns.keytab"; minimal-responses yes; }; # below added to aid debugging " Reverse Lookup Zone Not Loaded by DNS Server" logging { channel default_file { file "/var/log/named/default.log" versions 3 size 5m; severity dynamic; print-time yes; }; channel general_file { file "/var/log/named/general.log" versions 3 size 5m; severity dynamic; print-time yes; }; channel database_file { file "/var/log/named/database.log" versions 3 size 5m; severity dynamic; print-time yes; }; channel security_file { file "/var/log/named/security.log" versions 3 size 5m; severity dynamic; print-time yes; }; channel config_file { file "/var/log/named/config.log" versions 3 size 5m; severity dynamic; print-time yes; }; channel resolver_file { file "/var/log/named/resolver.log" versions 3 size 5m; severity dynamic; print-time yes; }; channel xfer-in_file { file "/var/log/named/xfer-in.log" versions 3 size 5m; severity dynamic; print-time yes; }; channel xfer-out_file { file "/var/log/named/xfer-out.log" versions 3 size 5m; severity dynamic; print-time yes; }; channel notify_file { file "/var/log/named/notify.log" versions 3 size 5m; severity dynamic; print-time yes; }; channel client_file { file "/var/log/named/client.log" versions 3 size 5m; severity dynamic; print-time yes; }; channel unmatched_file { file "/var/log/named/unmatched.log" versions 3 size 5m; severity dynamic; print-time yes; }; # channel queries_file { # file "/var/log/named/queries.log" versions 3 size 5m; # severity dynamic; # print-time yes; # }; channel network_file { file "/var/log/named/network.log" versions 3 size 5m; severity dynamic; print-time yes; }; channel update_file { file "/var/log/named/update.log" versions 3 size 5m; severity dynamic; print-time yes; }; channel dispatch_file { file "/var/log/named/dispatch.log" versions 3 size 5m; severity dynamic; print-time yes; }; channel dnssec_file { file "/var/log/named/dnssec.log" versions 3 size 5m; severity dynamic; print-time yes; }; channel lame-servers_file { file "/var/log/named/lame-servers.log" versions 3 size 5m; severity dynamic; print-time yes; }; category default { default_file; }; category general { general_file; }; category database { database_file; }; category security { security_file; }; category config { config_file; }; category resolver { resolver_file; }; category xfer-in { xfer-in_file; }; category xfer-out { xfer-out_file; }; category notify { notify_file; }; category client { client_file; }; category unmatched { unmatched_file; }; # category queries { queries_file; }; category network { network_file; }; category update { update_file; }; category dispatch { dispatch_file; }; category dnssec { dnssec_file; }; category lame-servers { lame-servers_file; }; }; ===========end named.conf.options================named.conf.local: # self-compiled version: include "/usr/local/samba/bind-dns/named.conf"; include "/var/lib/samba/bind-dns/named.conf"; ===========end named.conf.local================== Thanks. Roy
L.P.H. van Belle
2021-May-27 07:30 UTC
[Samba] Reverse Lookup Zone Not Loaded by DNS Server
Hai Roy,
Im wondering.. did you fully disable IPv6 on the system?
These are all IPv6 related.
[2021/05/26 17:20:23.985592, 0]
../../source4/rpc_server/dcerpc_server.c:509(add_socket_rpc_tcp_iface)
service_setup_stream_socket(address=::,port=0) for netlogon mgmt failed -
NT_STATUS_INVALID_PARAMETER_MIX
[2021/05/26 17:20:23.993753, 0]
../../source4/rpc_server/dcerpc_server.c:509(add_socket_rpc_tcp_iface)
service_setup_stream_socket(address=::,port=0) for dnsserver backupkey
eventlog6 browser unixinfo dssetup drsuapi lsarpc mgmt failed -
NT_STATUS_INVALID_PARAMETER_MIX
[2021/05/26 17:20:23.996454, 0]
../../source4/rpc_server/dcerpc_server.c:509(add_socket_rpc_tcp_iface)
service_setup_stream_socket(address=::,port=0) for samr rpcecho wkssvc mgmt
failed - NT_STATUS_INVALID_PARAMETER_MIX
[2021/05/26 17:20:23.998398, 0]
../../source4/rpc_server/dcerpc_server.c:509(add_socket_rpc_tcp_iface)
service_setup_stream_socket(address=::,port=135) for epmapper mgmt failed -
NT_STATUS_INVALID_PARAMETER_MIX
[2021/05/26 17:20:24.007882, 0]
../../source4/kdc/kdc-server.c:585(kdc_add_socket)
Failed to bind to :::88 TCP - NT_STATUS_INVALID_PARAMETER_MIX
[2021/05/26 17:20:24.008072, 0]
../../source4/cldap_server/cldap_server.c:130(cldapd_add_socket)
Failed to bind to ipv6::::389 - NT_STATUS_INVALID_PARAMETER_MIX
[2021/05/26 17:20:24.010407, 0]
../../source4/kdc/kdc-server.c:585(kdc_add_socket)
Failed to bind to :::464 TCP - NT_STATUS_INVALID_PARAMETER_MIX
And
2021/05/26 17:20:24.299833, 0]
../../source3/lib/util_sock.c:265(open_socket_in)
open_socket_in(): socket() call failed: Address family not supported by
protocol
So pretty sure this is ipv4/ipv6 related.
Try these in steps..
In /etc/bind9/named.conf.options where you have "ipv6 none", set
listen-on-v6 { ::1; };
systemctl stop samba-ad-dc bind9
systemctl start samba-ad-dc bind9
Did it work, if not, next,
# Set BindDNS to only ipv4.
sed -i 's/OPTIONS="-u bind/OPTIONS="-u bind -4/g'
/etc/default/bind9
systemctl stop samba-ad-dc bind9
systemctl start samba-ad-dc bind9
Did it work, if not, next,
First, change your server service line to this, just this.
# meaning, all defaults, minus samba internal dns
server services = -dns
(optinal add server services = -dns -spoolss if you also dont want printer parts
disabled in ad-dc)
But thats more to make it more clear, the line you have "is" correct.
Try again, still not working.. ?
Reboot server..
After that im out of options. :-/
But try all above in order, see that the problem is.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Roy
> Eastwood via samba
> Verzonden: woensdag 26 mei 2021 23:20
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Reverse Lookup Zone Not Loaded by DNS Server
>
> On 26 May 2021 20:02 Rowland penny wrote:
> > Works for myself, so can you post your smb.conf and named.conf files
> >
> > Rowland
>
> Yes, here they are:
> From tiger-db (DC owning the FSMA roles)
> =====================> smb.conf:
> # Global parameters
> [global]
> netbios name = TIGER-DB
> realm = MICROLYNX.ORG
> server role = active directory domain controller
> server services = s3fs, rpc, nbt, wrepl, ldap, cldap,
> kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate
> workgroup = MICROLYNX
> # prevent CUPS errors in syslog
> printcap name = /dev/null
> load printers = no
>
> # add the following two lines for testing ? remove for production
> # winbind enum users = yes
> # winbind enum groups = yes
>
> # allow clients to update their DNS records
> allow dns updates = nonsecure
>
> # allow AD users to log on
> template shell = /bin/bash
> template homedir = /home/%D/%U
>
> winbind refresh tickets = yes
>
> log file = /var/log/samba/log.samba
> log level = 1 dns:10
>
> [sysvol]
> path = /var/lib/samba/sysvol
> read only = No
>
> [netlogon]
> path = /var/lib/samba/sysvol/microlynx.org/scripts
> read only = No
> ============ end smb.conf ==================> named.conf:
> include "/etc/bind/named.conf.options";
> include "/etc/bind/named.conf.local";
> include "/etc/bind/named.conf.default-zones";
> =============end named.conf===============> named/conf.options:
> options {
> directory "/var/cache/bind";
>
> auth-nxdomain yes;
> notify no;
> empty-zones-enable no;
>
> allow-query { 127.0.0.1; 192.168.2.0/24;
> 192.168.10.0/24; 10.16.0.0/24; };
> allow-update { 127.0.0.1; 192.168.2.0/24; };
> allow-recursion { 127.0.0.1; 192.168.2.0/24;
> 192.168.10.0/24; 10.16.0.0/24; };
> allow-transfer { none; };
>
> listen-on port 53 { any; };
> listen-on-v6 port 53 { none; };
>
> forwarders {
> 192.168.2.2;
> };
>
> // for updates to AD zone
> tkey-gssapi-keytab "/var/lib/samba/bind-dns/dns.keytab";
> minimal-responses yes;
> };
>
> # below added to aid debugging " Reverse Lookup Zone Not
> Loaded by DNS Server"
> logging {
> channel default_file {
> file "/var/log/named/default.log" versions 3 size 5m;
> severity dynamic;
> print-time yes;
> };
> channel general_file {
> file "/var/log/named/general.log" versions 3 size 5m;
> severity dynamic;
> print-time yes;
> };
> channel database_file {
> file "/var/log/named/database.log" versions 3 size 5m;
> severity dynamic;
> print-time yes;
> };
> channel security_file {
> file "/var/log/named/security.log" versions 3 size 5m;
> severity dynamic;
> print-time yes;
> };
> channel config_file {
> file "/var/log/named/config.log" versions 3 size 5m;
> severity dynamic;
> print-time yes;
> };
> channel resolver_file {
> file "/var/log/named/resolver.log" versions 3 size 5m;
> severity dynamic;
> print-time yes;
> };
> channel xfer-in_file {
> file "/var/log/named/xfer-in.log" versions 3 size 5m;
> severity dynamic;
> print-time yes;
> };
> channel xfer-out_file {
> file "/var/log/named/xfer-out.log" versions 3 size 5m;
> severity dynamic;
> print-time yes;
> };
> channel notify_file {
> file "/var/log/named/notify.log" versions 3 size 5m;
> severity dynamic;
> print-time yes;
> };
> channel client_file {
> file "/var/log/named/client.log" versions 3 size 5m;
> severity dynamic;
> print-time yes;
> };
> channel unmatched_file {
> file "/var/log/named/unmatched.log" versions 3 size 5m;
> severity dynamic;
> print-time yes;
> };
> # channel queries_file {
> # file "/var/log/named/queries.log" versions 3 size 5m;
> # severity dynamic;
> # print-time yes;
> # };
> channel network_file {
> file "/var/log/named/network.log" versions 3 size 5m;
> severity dynamic;
> print-time yes;
> };
> channel update_file {
> file "/var/log/named/update.log" versions 3 size 5m;
> severity dynamic;
> print-time yes;
> };
> channel dispatch_file {
> file "/var/log/named/dispatch.log" versions 3 size 5m;
> severity dynamic;
> print-time yes;
> };
> channel dnssec_file {
> file "/var/log/named/dnssec.log" versions 3 size 5m;
> severity dynamic;
> print-time yes;
> };
> channel lame-servers_file {
> file "/var/log/named/lame-servers.log" versions 3 size
5m;
> severity dynamic;
> print-time yes;
> };
>
> category default { default_file; };
> category general { general_file; };
> category database { database_file; };
> category security { security_file; };
> category config { config_file; };
> category resolver { resolver_file; };
> category xfer-in { xfer-in_file; };
> category xfer-out { xfer-out_file; };
> category notify { notify_file; };
> category client { client_file; };
> category unmatched { unmatched_file; };
> # category queries { queries_file; };
> category network { network_file; };
> category update { update_file; };
> category dispatch { dispatch_file; };
> category dnssec { dnssec_file; };
> category lame-servers { lame-servers_file; };
> };
> ===========end named.conf.options================> named.conf.local:
> # self-compiled version: include
> "/usr/local/samba/bind-dns/named.conf";
> include "/var/lib/samba/bind-dns/named.conf";
> ===========end named.conf.local==================>
> Thanks.
> Roy
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>