thr3ads.net - samba - [Samba] Strange DNS issue... [Jun 2021]

If this information is useful, please help other people find it:
Share via:

Marco Gaiarin

2021-Jun-09 14:18 UTC

[Samba] Strange DNS issue...

Samba 4.9.18+dfsg-0.1stretch1, Louis package, i know i need to upgrade.
A domain, 6 DC.

I've still a separate DNS/DHCP setup, so client get DHCP and DNS
addesses from another servers, in a different domain.
Clearly, they have also a (forward) domain DNS name.

Suddenly, by some days, i've some strange DNS issue. An example:

Machine 'wilkie' boot and get addresses from primary DNS/DHCP setup:

 Jun  9 08:31:10 vdmsv1 dhcpd[23742]: DHCPOFFER on 10.5.2.220 to
34:64:a9:1c:1e:4a (WILKIE) via eth0
 Jun  9 08:31:10 vdmsv1 named[10040]: client 127.0.0.1#31176/key sanvito:
updating zone 'dyn.sv.lnf.it/IN': adding an RR at
'WILKIE.dyn.sv.lnf.it' A 10.5.2.220
 Jun  9 08:31:10 vdmsv1 named[10040]: client 127.0.0.1#31176/key sanvito:
updating zone 'dyn.sv.lnf.it/IN': adding an RR at
'WILKIE.dyn.sv.lnf.it' TXT
"318a9edb2b4f1eac9e8b7e1d6e41f75b84"
 Jun  9 08:31:10 vdmsv1 dhcpd[23742]: DHCPREQUEST for 10.5.2.220 (10.5.1.3) from
34:64:a9:1c:1e:4a (WILKIE) via eth0
 Jun  9 08:31:10 vdmsv1 dhcpd[23742]: DHCPACK on 10.5.2.220 to 34:64:a9:1c:1e:4a
(WILKIE) via eth0
 Jun  9 08:31:10 vdmsv1 dhcpd[23742]: Added new forward map from
WILKIE.dyn.sv.lnf.it to 10.5.2.220
 Jun  9 08:31:10 vdmsv1 named[10040]: client 127.0.0.1#31176/key sanvito:
updating zone '2.5.10.in-addr.arpa/IN': adding an RR at
'220.2.5.10.in-addr.arpa' PTR WILKIE.dyn.sv.lnf.it.
 Jun  9 08:31:11 vdmsv1 dhcpd[23742]: Added reverse map from
220.2.5.10.in-addr.arpa. to WILKIE.dyn.sv.lnf.it
 Jun  9 08:36:11 vdmsv1 dhcpd[23742]: DHCPREQUEST for 10.5.2.220 from
34:64:a9:1c:1e:4a (WILKIE) via eth0
 Jun  9 08:36:11 vdmsv1 dhcpd[23742]: DHCPACK on 10.5.2.220 to 34:64:a9:1c:1e:4a
(WILKIE) via eth0
 [...]

At the same time, client register itself in domain DNS, on site 'SV',
indeed with correct IP:

 Jun  9 08:31:13 vdcsv1 named[664]: samba_dlz: allowing update of
signer=WILKIE\$\@AD.FVG.LNF.IT name=WILKIE.ad.fvg.lnf.it tcpaddr= type=A
key=1688-ms-7.1-4114.28c7707f-c8ec-11eb-64ab-3464a91c1e4a/160/0
 Jun  9 08:31:13 vdcsv1 named[664]: client 10.5.2.220#52285/key
WILKIE\$\@AD.FVG.LNF.IT: updating zone 'ad.fvg.lnf.it/NONE': deleting an
RR at WILKIE.ad.fvg.lnf.it A
 Jun  9 08:31:13 vdcsv1 named[664]: samba_dlz: subtracted rdataset
WILKIE.ad.fvg.lnf.it
'WILKIE.ad.fvg.lnf.it.#0111200#011IN#011A#01110.5.2.103'
 Jun  9 08:31:14 vdcsv1 named[664]: samba_dlz: allowing update of
signer=WILKIE\$\@AD.FVG.LNF.IT name=WILKIE.ad.fvg.lnf.it tcpaddr= type=AAAA
key=1688-ms-7.2-42f8.28c7707f-c8ec-11eb-64ab-3464a91c1e4a/160/0
 Jun  9 08:31:14 vdcsv1 named[664]: samba_dlz: allowing update of
signer=WILKIE\$\@AD.FVG.LNF.IT name=WILKIE.ad.fvg.lnf.it tcpaddr= type=A
key=1688-ms-7.2-42f8.28c7707f-c8ec-11eb-64ab-3464a91c1e4a/160/0
 Jun  9 08:31:14 vdcsv1 named[664]: samba_dlz: allowing update of
signer=WILKIE\$\@AD.FVG.LNF.IT name=WILKIE.ad.fvg.lnf.it tcpaddr= type=A
key=1688-ms-7.2-42f8.28c7707f-c8ec-11eb-64ab-3464a91c1e4a/160/0
 Jun  9 08:31:14 vdcsv1 named[664]: client 10.5.2.220#50264/key
WILKIE\$\@AD.FVG.LNF.IT: updating zone 'ad.fvg.lnf.it/NONE': deleting
rrset at 'WILKIE.ad.fvg.lnf.it' AAAA
 Jun  9 08:31:14 vdcsv1 named[664]: client 10.5.2.220#50264/key
WILKIE\$\@AD.FVG.LNF.IT: updating zone 'ad.fvg.lnf.it/NONE': deleting
rrset at 'WILKIE.ad.fvg.lnf.it' A
 Jun  9 08:31:14 vdcsv1 named[664]: client 10.5.2.220#50264/key
WILKIE\$\@AD.FVG.LNF.IT: updating zone 'ad.fvg.lnf.it/NONE': adding an
RR at 'WILKIE.ad.fvg.lnf.it' A 10.5.2.220
 Jun  9 08:31:14 vdcsv1 named[664]: samba_dlz: added rdataset
WILKIE.ad.fvg.lnf.it
'WILKIE.ad.fvg.lnf.it.#0111200#011IN#011A#01110.5.2.220'
 Jun  9 08:31:14 vdcsv1 named[664]: samba_dlz: allowing update of
signer=WILKIE\$\@AD.FVG.LNF.IT name=WILKIE.ad.fvg.lnf.it tcpaddr= type=AAAA
key=1688-ms-7.2-42f8.28c7707f-c8ec-11eb-64ab-3464a91c1e4a/160/0
 Jun  9 08:31:14 vdcsv1 named[664]: samba_dlz: allowing update of
signer=WILKIE\$\@AD.FVG.LNF.IT name=WILKIE.ad.fvg.lnf.it tcpaddr= type=A
key=1688-ms-7.2-42f8.28c7707f-c8ec-11eb-64ab-3464a91c1e4a/160/0
 Jun  9 08:31:14 vdcsv1 named[664]: samba_dlz: allowing update of
signer=WILKIE\$\@AD.FVG.LNF.IT name=WILKIE.ad.fvg.lnf.it tcpaddr= type=A
key=1688-ms-7.2-42f8.28c7707f-c8ec-11eb-64ab-3464a91c1e4a/160/0
 Jun  9 08:31:14 vdcsv1 named[664]: client 10.5.2.220#53932/key
WILKIE\$\@AD.FVG.LNF.IT: updating zone 'ad.fvg.lnf.it/NONE': deleting
rrset at 'WILKIE.ad.fvg.lnf.it' AAAA
 Jun  9 08:31:14 vdcsv1 named[664]: client 10.5.2.220#53932/key
WILKIE\$\@AD.FVG.LNF.IT: updating zone 'ad.fvg.lnf.it/NONE': deleting
rrset at 'WILKIE.ad.fvg.lnf.it' A
 Jun  9 08:31:14 vdcsv1 named[664]: samba_dlz: subtracted rdataset
WILKIE.ad.fvg.lnf.it
'WILKIE.ad.fvg.lnf.it.#0111200#011IN#011A#01110.5.2.220'
 Jun  9 08:31:14 vdcsv1 named[664]: client 10.5.2.220#53932/key
WILKIE\$\@AD.FVG.LNF.IT: updating zone 'ad.fvg.lnf.it/NONE': adding an
RR at 'WILKIE.ad.fvg.lnf.it' A 10.5.2.220
 Jun  9 08:31:14 vdcsv1 named[664]: samba_dlz: added rdataset
WILKIE.ad.fvg.lnf.it
'WILKIE.ad.fvg.lnf.it.#0111200#011IN#011A#01110.5.2.220'
 Jun  9 08:31:14 vdcsv1 named[664]: samba_dlz: allowing update of
signer=WILKIE\$\@AD.FVG.LNF.IT name=WILKIE.ad.fvg.lnf.it tcpaddr= type=AAAA
key=1688-ms-7.2-42f8.28c7707f-c8ec-11eb-64ab-3464a91c1e4a/160/0
 Jun  9 08:31:14 vdcsv1 named[664]: samba_dlz: allowing update of
signer=WILKIE\$\@AD.FVG.LNF.IT name=WILKIE.ad.fvg.lnf.it tcpaddr= type=A
key=1688-ms-7.2-42f8.28c7707f-c8ec-11eb-64ab-3464a91c1e4a/160/0
 Jun  9 08:31:14 vdcsv1 named[664]: samba_dlz: allowing update of
signer=WILKIE\$\@AD.FVG.LNF.IT name=WILKIE.ad.fvg.lnf.it tcpaddr= type=A
key=1688-ms-7.2-42f8.28c7707f-c8ec-11eb-64ab-3464a91c1e4a/160/0
 Jun  9 08:31:14 vdcsv1 named[664]: client 10.5.2.220#63100/key
WILKIE\$\@AD.FVG.LNF.IT: updating zone 'ad.fvg.lnf.it/NONE': deleting
rrset at 'WILKIE.ad.fvg.lnf.it' AAAA
 Jun  9 08:31:14 vdcsv1 named[664]: client 10.5.2.220#63100/key
WILKIE\$\@AD.FVG.LNF.IT: updating zone 'ad.fvg.lnf.it/NONE': deleting
rrset at 'WILKIE.ad.fvg.lnf.it' A
 Jun  9 08:31:14 vdcsv1 named[664]: samba_dlz: subtracted rdataset
WILKIE.ad.fvg.lnf.it
'WILKIE.ad.fvg.lnf.it.#0111200#011IN#011A#01110.5.2.220'
 Jun  9 08:31:14 vdcsv1 named[664]: client 10.5.2.220#63100/key
WILKIE\$\@AD.FVG.LNF.IT: updating zone 'ad.fvg.lnf.it/NONE': adding an
RR at 'WILKIE.ad.fvg.lnf.it' A 10.5.2.220
 Jun  9 08:31:14 vdcsv1 named[664]: samba_dlz: added rdataset
WILKIE.ad.fvg.lnf.it
'WILKIE.ad.fvg.lnf.it.#0111200#011IN#011A#01110.5.2.220'


If now i query DNS in their site, i get correct result:

 gaio at hermione:~$ dig a wilkie.ad.fvg.lnf.it @vdcsv1.ad.fvg.lnf.it | grep
^wilkie
 wilkie.ad.fvg.lnf.it.	1200	IN	A	10.5.2.220
 gaio at hermione:~$ dig a wilkie.ad.fvg.lnf.it @vdcsv2.ad.fvg.lnf.it | grep
^wilkie
 wilkie.ad.fvg.lnf.it.	1200	IN	A	10.5.2.220

but if i query DNS for other site DCs, i get incorrect result:

 gaio at hermione:~$ dig a wilkie.ad.fvg.lnf.it @vdcpp1.ad.fvg.lnf.it | grep
^wilkie
 wilkie.ad.fvg.lnf.it.	1200	IN	A	10.5.2.57
 gaio at hermione:~$ dig a wilkie.ad.fvg.lnf.it @vdcpp2.ad.fvg.lnf.it | grep
^wilkie
 wilkie.ad.fvg.lnf.it.	1200	IN	A	10.5.2.171
 gaio at hermione:~$ dig a wilkie.ad.fvg.lnf.it @vdc3t1.ad.fvg.lnf.it | grep
^wilkie
 wilkie.ad.fvg.lnf.it.	1200	IN	A	10.5.2.57
 gaio at hermione:~$ dig a wilkie.ad.fvg.lnf.it @vdctms1.ad.fvg.lnf.it | grep
^wilkie
 wilkie.ad.fvg.lnf.it.	1200	IN	A	10.5.2.57


Note that basic things like 'samba-tool drs showrepl' and
'samba-tool ldapcmp ldap://vdcsv1 ldap://vdcpp2 -U Administrator' show
no replication differences or errors.


What happens?! Thanks.

-- 
dott. Marco Gaiarin				        GNUPG Key ID: 240A3D66
  Associazione ``La Nostra Famiglia''         
http://www.lanostrafamiglia.it/
  Polo FVG   -   Via della Bont?, 7 - 33078   -   San Vito al Tagliamento (PN)
  marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711   f +39-0434-842797

		Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
      http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
	(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)

Rowland penny

2021-Jun-09 14:58 UTC

head link

[Samba] Strange DNS issue...

On 09/06/2021 15:18, Marco Gaiarin via samba wrote:> Samba 4.9.18+dfsg-0.1stretch1, Louis package, i know i need to upgrade.
> A domain, 6 DC.
>
> I've still a separate DNS/DHCP setup, so client get DHCP and DNS
> addesses from another servers, in a different domain.
> Clearly, they have also a (forward) domain DNS name.
>
> Suddenly, by some days, i've some strange DNS issue. An example:
>
> Machine 'wilkie' boot and get addresses from primary DNS/DHCP
setup:
>
>   Jun  9 08:31:10 vdmsv1 dhcpd[23742]: DHCPOFFER on 10.5.2.220 to
34:64:a9:1c:1e:4a (WILKIE) via eth0
>   Jun  9 08:31:10 vdmsv1 named[10040]: client 127.0.0.1#31176/key sanvito:
updating zone 'dyn.sv.lnf.it/IN': adding an RR at
'WILKIE.dyn.sv.lnf.it' A 10.5.2.220
>   Jun  9 08:31:10 vdmsv1 named[10040]: client 127.0.0.1#31176/key sanvito:
updating zone 'dyn.sv.lnf.it/IN': adding an RR at
'WILKIE.dyn.sv.lnf.it' TXT
"318a9edb2b4f1eac9e8b7e1d6e41f75b84"
>   Jun  9 08:31:10 vdmsv1 dhcpd[23742]: DHCPREQUEST for 10.5.2.220
(10.5.1.3) from 34:64:a9:1c:1e:4a (WILKIE) via eth0
>   Jun  9 08:31:10 vdmsv1 dhcpd[23742]: DHCPACK on 10.5.2.220 to
34:64:a9:1c:1e:4a (WILKIE) via eth0
>   Jun  9 08:31:10 vdmsv1 dhcpd[23742]: Added new forward map from
WILKIE.dyn.sv.lnf.it to 10.5.2.220
>   Jun  9 08:31:10 vdmsv1 named[10040]: client 127.0.0.1#31176/key sanvito:
updating zone '2.5.10.in-addr.arpa/IN': adding an RR at
'220.2.5.10.in-addr.arpa' PTR WILKIE.dyn.sv.lnf.it.
>   Jun  9 08:31:11 vdmsv1 dhcpd[23742]: Added reverse map from
220.2.5.10.in-addr.arpa. to WILKIE.dyn.sv.lnf.it
>   Jun  9 08:36:11 vdmsv1 dhcpd[23742]: DHCPREQUEST for 10.5.2.220 from
34:64:a9:1c:1e:4a (WILKIE) via eth0
>   Jun  9 08:36:11 vdmsv1 dhcpd[23742]: DHCPACK on 10.5.2.220 to
34:64:a9:1c:1e:4a (WILKIE) via eth0
>   [...]
>
> At the same time, client register itself in domain DNS, on site
'SV',
> indeed with correct IP:
>
>   Jun  9 08:31:13 vdcsv1 named[664]: samba_dlz: allowing update of
signer=WILKIE\$\@AD.FVG.LNF.IT name=WILKIE.ad.fvg.lnf.it tcpaddr= type=A
key=1688-ms-7.1-4114.28c7707f-c8ec-11eb-64ab-3464a91c1e4a/160/0
>   Jun  9 08:31:13 vdcsv1 named[664]: client 10.5.2.220#52285/key
WILKIE\$\@AD.FVG.LNF.IT: updating zone 'ad.fvg.lnf.it/NONE': deleting an
RR at WILKIE.ad.fvg.lnf.it A
>   Jun  9 08:31:13 vdcsv1 named[664]: samba_dlz: subtracted rdataset
WILKIE.ad.fvg.lnf.it
'WILKIE.ad.fvg.lnf.it.#0111200#011IN#011A#01110.5.2.103'
>   Jun  9 08:31:14 vdcsv1 named[664]: samba_dlz: allowing update of
signer=WILKIE\$\@AD.FVG.LNF.IT name=WILKIE.ad.fvg.lnf.it tcpaddr= type=AAAA
key=1688-ms-7.2-42f8.28c7707f-c8ec-11eb-64ab-3464a91c1e4a/160/0
>   Jun  9 08:31:14 vdcsv1 named[664]: samba_dlz: allowing update of
signer=WILKIE\$\@AD.FVG.LNF.IT name=WILKIE.ad.fvg.lnf.it tcpaddr= type=A
key=1688-ms-7.2-42f8.28c7707f-c8ec-11eb-64ab-3464a91c1e4a/160/0
>   Jun  9 08:31:14 vdcsv1 named[664]: samba_dlz: allowing update of
signer=WILKIE\$\@AD.FVG.LNF.IT name=WILKIE.ad.fvg.lnf.it tcpaddr= type=A
key=1688-ms-7.2-42f8.28c7707f-c8ec-11eb-64ab-3464a91c1e4a/160/0
>   Jun  9 08:31:14 vdcsv1 named[664]: client 10.5.2.220#50264/key
WILKIE\$\@AD.FVG.LNF.IT: updating zone 'ad.fvg.lnf.it/NONE': deleting
rrset at 'WILKIE.ad.fvg.lnf.it' AAAA
>   Jun  9 08:31:14 vdcsv1 named[664]: client 10.5.2.220#50264/key
WILKIE\$\@AD.FVG.LNF.IT: updating zone 'ad.fvg.lnf.it/NONE': deleting
rrset at 'WILKIE.ad.fvg.lnf.it' A
>   Jun  9 08:31:14 vdcsv1 named[664]: client 10.5.2.220#50264/key
WILKIE\$\@AD.FVG.LNF.IT: updating zone 'ad.fvg.lnf.it/NONE': adding an
RR at 'WILKIE.ad.fvg.lnf.it' A 10.5.2.220
>   Jun  9 08:31:14 vdcsv1 named[664]: samba_dlz: added rdataset
WILKIE.ad.fvg.lnf.it
'WILKIE.ad.fvg.lnf.it.#0111200#011IN#011A#01110.5.2.220'
>   Jun  9 08:31:14 vdcsv1 named[664]: samba_dlz: allowing update of
signer=WILKIE\$\@AD.FVG.LNF.IT name=WILKIE.ad.fvg.lnf.it tcpaddr= type=AAAA
key=1688-ms-7.2-42f8.28c7707f-c8ec-11eb-64ab-3464a91c1e4a/160/0
>   Jun  9 08:31:14 vdcsv1 named[664]: samba_dlz: allowing update of
signer=WILKIE\$\@AD.FVG.LNF.IT name=WILKIE.ad.fvg.lnf.it tcpaddr= type=A
key=1688-ms-7.2-42f8.28c7707f-c8ec-11eb-64ab-3464a91c1e4a/160/0
>   Jun  9 08:31:14 vdcsv1 named[664]: samba_dlz: allowing update of
signer=WILKIE\$\@AD.FVG.LNF.IT name=WILKIE.ad.fvg.lnf.it tcpaddr= type=A
key=1688-ms-7.2-42f8.28c7707f-c8ec-11eb-64ab-3464a91c1e4a/160/0
>   Jun  9 08:31:14 vdcsv1 named[664]: client 10.5.2.220#53932/key
WILKIE\$\@AD.FVG.LNF.IT: updating zone 'ad.fvg.lnf.it/NONE': deleting
rrset at 'WILKIE.ad.fvg.lnf.it' AAAA
>   Jun  9 08:31:14 vdcsv1 named[664]: client 10.5.2.220#53932/key
WILKIE\$\@AD.FVG.LNF.IT: updating zone 'ad.fvg.lnf.it/NONE': deleting
rrset at 'WILKIE.ad.fvg.lnf.it' A
>   Jun  9 08:31:14 vdcsv1 named[664]: samba_dlz: subtracted rdataset
WILKIE.ad.fvg.lnf.it
'WILKIE.ad.fvg.lnf.it.#0111200#011IN#011A#01110.5.2.220'
>   Jun  9 08:31:14 vdcsv1 named[664]: client 10.5.2.220#53932/key
WILKIE\$\@AD.FVG.LNF.IT: updating zone 'ad.fvg.lnf.it/NONE': adding an
RR at 'WILKIE.ad.fvg.lnf.it' A 10.5.2.220
>   Jun  9 08:31:14 vdcsv1 named[664]: samba_dlz: added rdataset
WILKIE.ad.fvg.lnf.it
'WILKIE.ad.fvg.lnf.it.#0111200#011IN#011A#01110.5.2.220'
>   Jun  9 08:31:14 vdcsv1 named[664]: samba_dlz: allowing update of
signer=WILKIE\$\@AD.FVG.LNF.IT name=WILKIE.ad.fvg.lnf.it tcpaddr= type=AAAA
key=1688-ms-7.2-42f8.28c7707f-c8ec-11eb-64ab-3464a91c1e4a/160/0
>   Jun  9 08:31:14 vdcsv1 named[664]: samba_dlz: allowing update of
signer=WILKIE\$\@AD.FVG.LNF.IT name=WILKIE.ad.fvg.lnf.it tcpaddr= type=A
key=1688-ms-7.2-42f8.28c7707f-c8ec-11eb-64ab-3464a91c1e4a/160/0
>   Jun  9 08:31:14 vdcsv1 named[664]: samba_dlz: allowing update of
signer=WILKIE\$\@AD.FVG.LNF.IT name=WILKIE.ad.fvg.lnf.it tcpaddr= type=A
key=1688-ms-7.2-42f8.28c7707f-c8ec-11eb-64ab-3464a91c1e4a/160/0
>   Jun  9 08:31:14 vdcsv1 named[664]: client 10.5.2.220#63100/key
WILKIE\$\@AD.FVG.LNF.IT: updating zone 'ad.fvg.lnf.it/NONE': deleting
rrset at 'WILKIE.ad.fvg.lnf.it' AAAA
>   Jun  9 08:31:14 vdcsv1 named[664]: client 10.5.2.220#63100/key
WILKIE\$\@AD.FVG.LNF.IT: updating zone 'ad.fvg.lnf.it/NONE': deleting
rrset at 'WILKIE.ad.fvg.lnf.it' A
>   Jun  9 08:31:14 vdcsv1 named[664]: samba_dlz: subtracted rdataset
WILKIE.ad.fvg.lnf.it
'WILKIE.ad.fvg.lnf.it.#0111200#011IN#011A#01110.5.2.220'
>   Jun  9 08:31:14 vdcsv1 named[664]: client 10.5.2.220#63100/key
WILKIE\$\@AD.FVG.LNF.IT: updating zone 'ad.fvg.lnf.it/NONE': adding an
RR at 'WILKIE.ad.fvg.lnf.it' A 10.5.2.220
>   Jun  9 08:31:14 vdcsv1 named[664]: samba_dlz: added rdataset
WILKIE.ad.fvg.lnf.it
'WILKIE.ad.fvg.lnf.it.#0111200#011IN#011A#01110.5.2.220'
>
>
> If now i query DNS in their site, i get correct result:
>
>   gaio at hermione:~$ dig a wilkie.ad.fvg.lnf.it @vdcsv1.ad.fvg.lnf.it |
grep ^wilkie
>   wilkie.ad.fvg.lnf.it.	1200	IN	A	10.5.2.220
>   gaio at hermione:~$ dig a wilkie.ad.fvg.lnf.it @vdcsv2.ad.fvg.lnf.it |
grep ^wilkie
>   wilkie.ad.fvg.lnf.it.	1200	IN	A	10.5.2.220
>
> but if i query DNS for other site DCs, i get incorrect result:
>
>   gaio at hermione:~$ dig a wilkie.ad.fvg.lnf.it @vdcpp1.ad.fvg.lnf.it |
grep ^wilkie
>   wilkie.ad.fvg.lnf.it.	1200	IN	A	10.5.2.57
>   gaio at hermione:~$ dig a wilkie.ad.fvg.lnf.it @vdcpp2.ad.fvg.lnf.it |
grep ^wilkie
>   wilkie.ad.fvg.lnf.it.	1200	IN	A	10.5.2.171
>   gaio at hermione:~$ dig a wilkie.ad.fvg.lnf.it @vdc3t1.ad.fvg.lnf.it |
grep ^wilkie
>   wilkie.ad.fvg.lnf.it.	1200	IN	A	10.5.2.57
>   gaio at hermione:~$ dig a wilkie.ad.fvg.lnf.it @vdctms1.ad.fvg.lnf.it |
grep ^wilkie
>   wilkie.ad.fvg.lnf.it.	1200	IN	A	10.5.2.57
>
>
> Note that basic things like 'samba-tool drs showrepl' and
> 'samba-tool ldapcmp ldap://vdcsv1 ldap://vdcpp2 -U Administrator'
show
> no replication differences or errors.
>
>
> What happens?! Thanks.
>
Why do you think I went to all the trouble to write this:

https://wiki.samba.org/index.php/Configure_DHCP_to_update_DNS_records_with_BIND9

You need to use the dns from your DC's , though you can get your main 
dns servers to forward requests for the AD domain to the AD DC's.

Putting it simply, your AD dns is broken.

Rowland

L.P.H. van Belle

2021-Jun-10 09:18 UTC

head link

[Samba] Strange DNS issue...

You really should do this differenly.. 

Because.. 

A working DNS domain should be established with forward and 
reverse mappings to at least the Kerberos KDC (Samba-DC's)
and application servers you intend to Kerberize.

If you use bind_DLZ as your doing and you want other zones sync to 
an other domain and you have bind running, as your have.. 

Why not use master/slave setup of bind9 todo that. 

So that keeps the question, why is "suddenly" differently. 
My "guess" is, latest change "security fix" of bind fixed
something,
Which now is your problem.

See Debian LTS: DLA-2647-1: bind9 


Greetz, 

Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Marco Gaiarin via samba
> Verzonden: woensdag 9 juni 2021 16:19
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] Strange DNS issue...
> 
> 
> Samba 4.9.18+dfsg-0.1stretch1, Louis package, i know i need 
> to upgrade.
> A domain, 6 DC.
> 
> I've still a separate DNS/DHCP setup, so client get DHCP and DNS
> addesses from another servers, in a different domain.
> Clearly, they have also a (forward) domain DNS name.
> 
> Suddenly, by some days, i've some strange DNS issue. An example:
> 
> Machine 'wilkie' boot and get addresses from primary DNS/DHCP
setup:
> 
>  Jun  9 08:31:10 vdmsv1 dhcpd[23742]: DHCPOFFER on 10.5.2.220 
> to 34:64:a9:1c:1e:4a (WILKIE) via eth0
>  Jun  9 08:31:10 vdmsv1 named[10040]: client 
> 127.0.0.1#31176/key sanvito: updating zone 
> 'dyn.sv.lnf.it/IN': adding an RR at 'WILKIE.dyn.sv.lnf.it'
A
> 10.5.2.220
>  Jun  9 08:31:10 vdmsv1 named[10040]: client 
> 127.0.0.1#31176/key sanvito: updating zone 
> 'dyn.sv.lnf.it/IN': adding an RR at 'WILKIE.dyn.sv.lnf.it' 
> TXT "318a9edb2b4f1eac9e8b7e1d6e41f75b84"
>  Jun  9 08:31:10 vdmsv1 dhcpd[23742]: DHCPREQUEST for 
> 10.5.2.220 (10.5.1.3) from 34:64:a9:1c:1e:4a (WILKIE) via eth0
>  Jun  9 08:31:10 vdmsv1 dhcpd[23742]: DHCPACK on 10.5.2.220 
> to 34:64:a9:1c:1e:4a (WILKIE) via eth0
>  Jun  9 08:31:10 vdmsv1 dhcpd[23742]: Added new forward map 
> from WILKIE.dyn.sv.lnf.it to 10.5.2.220
>  Jun  9 08:31:10 vdmsv1 named[10040]: client 
> 127.0.0.1#31176/key sanvito: updating zone 
> '2.5.10.in-addr.arpa/IN': adding an RR at 
> '220.2.5.10.in-addr.arpa' PTR WILKIE.dyn.sv.lnf.it.
>  Jun  9 08:31:11 vdmsv1 dhcpd[23742]: Added reverse map from 
> 220.2.5.10.in-addr.arpa. to WILKIE.dyn.sv.lnf.it
>  Jun  9 08:36:11 vdmsv1 dhcpd[23742]: DHCPREQUEST for 
> 10.5.2.220 from 34:64:a9:1c:1e:4a (WILKIE) via eth0
>  Jun  9 08:36:11 vdmsv1 dhcpd[23742]: DHCPACK on 10.5.2.220 
> to 34:64:a9:1c:1e:4a (WILKIE) via eth0
>  [...]
> 
> At the same time, client register itself in domain DNS, on site
'SV',
> indeed with correct IP:
> 
>  Jun  9 08:31:13 vdcsv1 named[664]: samba_dlz: allowing 
> update of signer=WILKIE\$\@AD.FVG.LNF.IT 
> name=WILKIE.ad.fvg.lnf.it tcpaddr= type=A 
> key=1688-ms-7.1-4114.28c7707f-c8ec-11eb-64ab-3464a91c1e4a/160/0
>  Jun  9 08:31:13 vdcsv1 named[664]: client 
> 10.5.2.220#52285/key WILKIE\$\@AD.FVG.LNF.IT: updating zone 
> 'ad.fvg.lnf.it/NONE': deleting an RR at WILKIE.ad.fvg.lnf.it A
>  Jun  9 08:31:13 vdcsv1 named[664]: samba_dlz: subtracted 
> rdataset WILKIE.ad.fvg.lnf.it 
> 'WILKIE.ad.fvg.lnf.it.#0111200#011IN#011A#01110.5.2.103'
>  Jun  9 08:31:14 vdcsv1 named[664]: samba_dlz: allowing 
> update of signer=WILKIE\$\@AD.FVG.LNF.IT 
> name=WILKIE.ad.fvg.lnf.it tcpaddr= type=AAAA 
> key=1688-ms-7.2-42f8.28c7707f-c8ec-11eb-64ab-3464a91c1e4a/160/0
>  Jun  9 08:31:14 vdcsv1 named[664]: samba_dlz: allowing 
> update of signer=WILKIE\$\@AD.FVG.LNF.IT 
> name=WILKIE.ad.fvg.lnf.it tcpaddr= type=A 
> key=1688-ms-7.2-42f8.28c7707f-c8ec-11eb-64ab-3464a91c1e4a/160/0
>  Jun  9 08:31:14 vdcsv1 named[664]: samba_dlz: allowing 
> update of signer=WILKIE\$\@AD.FVG.LNF.IT 
> name=WILKIE.ad.fvg.lnf.it tcpaddr= type=A 
> key=1688-ms-7.2-42f8.28c7707f-c8ec-11eb-64ab-3464a91c1e4a/160/0
>  Jun  9 08:31:14 vdcsv1 named[664]: client 
> 10.5.2.220#50264/key WILKIE\$\@AD.FVG.LNF.IT: updating zone 
> 'ad.fvg.lnf.it/NONE': deleting rrset at
'WILKIE.ad.fvg.lnf.it' AAAA
>  Jun  9 08:31:14 vdcsv1 named[664]: client 
> 10.5.2.220#50264/key WILKIE\$\@AD.FVG.LNF.IT: updating zone 
> 'ad.fvg.lnf.it/NONE': deleting rrset at
'WILKIE.ad.fvg.lnf.it' A
>  Jun  9 08:31:14 vdcsv1 named[664]: client 
> 10.5.2.220#50264/key WILKIE\$\@AD.FVG.LNF.IT: updating zone 
> 'ad.fvg.lnf.it/NONE': adding an RR at
'WILKIE.ad.fvg.lnf.it'
> A 10.5.2.220
>  Jun  9 08:31:14 vdcsv1 named[664]: samba_dlz: added rdataset 
> WILKIE.ad.fvg.lnf.it 
> 'WILKIE.ad.fvg.lnf.it.#0111200#011IN#011A#01110.5.2.220'
>  Jun  9 08:31:14 vdcsv1 named[664]: samba_dlz: allowing 
> update of signer=WILKIE\$\@AD.FVG.LNF.IT 
> name=WILKIE.ad.fvg.lnf.it tcpaddr= type=AAAA 
> key=1688-ms-7.2-42f8.28c7707f-c8ec-11eb-64ab-3464a91c1e4a/160/0
>  Jun  9 08:31:14 vdcsv1 named[664]: samba_dlz: allowing 
> update of signer=WILKIE\$\@AD.FVG.LNF.IT 
> name=WILKIE.ad.fvg.lnf.it tcpaddr= type=A 
> key=1688-ms-7.2-42f8.28c7707f-c8ec-11eb-64ab-3464a91c1e4a/160/0
>  Jun  9 08:31:14 vdcsv1 named[664]: samba_dlz: allowing 
> update of signer=WILKIE\$\@AD.FVG.LNF.IT 
> name=WILKIE.ad.fvg.lnf.it tcpaddr= type=A 
> key=1688-ms-7.2-42f8.28c7707f-c8ec-11eb-64ab-3464a91c1e4a/160/0
>  Jun  9 08:31:14 vdcsv1 named[664]: client 
> 10.5.2.220#53932/key WILKIE\$\@AD.FVG.LNF.IT: updating zone 
> 'ad.fvg.lnf.it/NONE': deleting rrset at
'WILKIE.ad.fvg.lnf.it' AAAA
>  Jun  9 08:31:14 vdcsv1 named[664]: client 
> 10.5.2.220#53932/key WILKIE\$\@AD.FVG.LNF.IT: updating zone 
> 'ad.fvg.lnf.it/NONE': deleting rrset at
'WILKIE.ad.fvg.lnf.it' A
>  Jun  9 08:31:14 vdcsv1 named[664]: samba_dlz: subtracted 
> rdataset WILKIE.ad.fvg.lnf.it 
> 'WILKIE.ad.fvg.lnf.it.#0111200#011IN#011A#01110.5.2.220'
>  Jun  9 08:31:14 vdcsv1 named[664]: client 
> 10.5.2.220#53932/key WILKIE\$\@AD.FVG.LNF.IT: updating zone 
> 'ad.fvg.lnf.it/NONE': adding an RR at
'WILKIE.ad.fvg.lnf.it'
> A 10.5.2.220
>  Jun  9 08:31:14 vdcsv1 named[664]: samba_dlz: added rdataset 
> WILKIE.ad.fvg.lnf.it 
> 'WILKIE.ad.fvg.lnf.it.#0111200#011IN#011A#01110.5.2.220'
>  Jun  9 08:31:14 vdcsv1 named[664]: samba_dlz: allowing 
> update of signer=WILKIE\$\@AD.FVG.LNF.IT 
> name=WILKIE.ad.fvg.lnf.it tcpaddr= type=AAAA 
> key=1688-ms-7.2-42f8.28c7707f-c8ec-11eb-64ab-3464a91c1e4a/160/0
>  Jun  9 08:31:14 vdcsv1 named[664]: samba_dlz: allowing 
> update of signer=WILKIE\$\@AD.FVG.LNF.IT 
> name=WILKIE.ad.fvg.lnf.it tcpaddr= type=A 
> key=1688-ms-7.2-42f8.28c7707f-c8ec-11eb-64ab-3464a91c1e4a/160/0
>  Jun  9 08:31:14 vdcsv1 named[664]: samba_dlz: allowing 
> update of signer=WILKIE\$\@AD.FVG.LNF.IT 
> name=WILKIE.ad.fvg.lnf.it tcpaddr= type=A 
> key=1688-ms-7.2-42f8.28c7707f-c8ec-11eb-64ab-3464a91c1e4a/160/0
>  Jun  9 08:31:14 vdcsv1 named[664]: client 
> 10.5.2.220#63100/key WILKIE\$\@AD.FVG.LNF.IT: updating zone 
> 'ad.fvg.lnf.it/NONE': deleting rrset at
'WILKIE.ad.fvg.lnf.it' AAAA
>  Jun  9 08:31:14 vdcsv1 named[664]: client 
> 10.5.2.220#63100/key WILKIE\$\@AD.FVG.LNF.IT: updating zone 
> 'ad.fvg.lnf.it/NONE': deleting rrset at
'WILKIE.ad.fvg.lnf.it' A
>  Jun  9 08:31:14 vdcsv1 named[664]: samba_dlz: subtracted 
> rdataset WILKIE.ad.fvg.lnf.it 
> 'WILKIE.ad.fvg.lnf.it.#0111200#011IN#011A#01110.5.2.220'
>  Jun  9 08:31:14 vdcsv1 named[664]: client 
> 10.5.2.220#63100/key WILKIE\$\@AD.FVG.LNF.IT: updating zone 
> 'ad.fvg.lnf.it/NONE': adding an RR at
'WILKIE.ad.fvg.lnf.it'
> A 10.5.2.220
>  Jun  9 08:31:14 vdcsv1 named[664]: samba_dlz: added rdataset 
> WILKIE.ad.fvg.lnf.it 
> 'WILKIE.ad.fvg.lnf.it.#0111200#011IN#011A#01110.5.2.220'
> 
> 
> If now i query DNS in their site, i get correct result:
> 
>  gaio at hermione:~$ dig a wilkie.ad.fvg.lnf.it 
> @vdcsv1.ad.fvg.lnf.it | grep ^wilkie
>  wilkie.ad.fvg.lnf.it.	1200	IN	A	10.5.2.220
>  gaio at hermione:~$ dig a wilkie.ad.fvg.lnf.it 
> @vdcsv2.ad.fvg.lnf.it | grep ^wilkie
>  wilkie.ad.fvg.lnf.it.	1200	IN	A	10.5.2.220
> 
> but if i query DNS for other site DCs, i get incorrect result:
> 
>  gaio at hermione:~$ dig a wilkie.ad.fvg.lnf.it 
> @vdcpp1.ad.fvg.lnf.it | grep ^wilkie
>  wilkie.ad.fvg.lnf.it.	1200	IN	A	10.5.2.57
>  gaio at hermione:~$ dig a wilkie.ad.fvg.lnf.it 
> @vdcpp2.ad.fvg.lnf.it | grep ^wilkie
>  wilkie.ad.fvg.lnf.it.	1200	IN	A	10.5.2.171
>  gaio at hermione:~$ dig a wilkie.ad.fvg.lnf.it 
> @vdc3t1.ad.fvg.lnf.it | grep ^wilkie
>  wilkie.ad.fvg.lnf.it.	1200	IN	A	10.5.2.57
>  gaio at hermione:~$ dig a wilkie.ad.fvg.lnf.it 
> @vdctms1.ad.fvg.lnf.it | grep ^wilkie
>  wilkie.ad.fvg.lnf.it.	1200	IN	A	10.5.2.57
> 
> 
> Note that basic things like 'samba-tool drs showrepl' and
> 'samba-tool ldapcmp ldap://vdcsv1 ldap://vdcpp2 -U Administrator'
show
> no replication differences or errors.
> 
> 
> What happens?! Thanks.
> 
> -- 
> dott. Marco Gaiarin				        GNUPG 
> Key ID: 240A3D66
>   Associazione ``La Nostra Famiglia''          
> http://www.lanostrafamiglia.it/
>   Polo FVG   -   Via della Bont?, 7 - 33078   -   San Vito al 
> Tagliamento (PN)
>   marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711   
> f +39-0434-842797
> 
> 		Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
>       http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
> 	(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
>

samba - Jun 2021 - Strange DNS issue...

[Samba] Strange DNS issue...

[Samba] Strange DNS issue...

[Samba] Strange DNS issue...