samba - Nov 2022 - accidentally upgraded DC to 4.17.3 ... didn't work

Am 22.11.22 um 09:33 schrieb Rowland Penny via samba:
> To try and sort this out, the lines above what you have posted are 
> required, you seem to have posted the lower portion of a python exception.
yes, ok. Browsing.

To me it seems that /etc/resolv.conf was overwritten by 
systemd-resolved. I now edited /etc/systemd/resolved.conf to set the 2 
DCs as DNSes etc

I have to check/fix that on ADC1 as well.

There were lots of resolver-related messages:

/usr/sbin/samba_dnsupdate: dns.resolver.NoResolverConfiguration: 
Resolver configuration could not be read

---

but I don't have it OK yet:

Nov 22 09:38:27 adc2 samba[297691]:   /usr/sbin/samba_dnsupdate: 
raise Exception("Timeout while waiting to contact a working DNS server 
while looking for %s as %s" % (d, normalised_name))
Nov 22 09:38:27 adc2 samba[297691]: [2022/11/22 09:38:27.768137,  0] 
../../lib/util/util_runcmd.c:355(samba_runcmd_io_handler)
Nov 22 09:38:27 adc2 samba[297691]:   /usr/sbin/samba_dnsupdate: 
Exception: Timeout while waiting to contact a working DNS server while 
looking for A adc2.mytld
192.168.101.230 as adc2.my.tld.
Nov 22 09:38:27 adc2 samba[297691]: [2022/11/22 09:38:27.796576,  0] 
../../source4/dsdb/dns/dns_update.c:85(dnsupdate_nameupdate_done)
Nov 22 09:38:27 adc2 samba[297691]:   dnsupdate_nameupdate_done: Failed 
DNS update with exit code 1
^C
root at adc2:~# dig adc2.my.tld
;; reply from unexpected source: 127.0.0.1#53, expected 127.0.0.53#53

root at adc2:~# cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by 
resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
# 127.0.0.53 is the systemd-resolved stub resolver.
# run "resolvectl status" to see details about the actual nameservers.

nameserver 127.0.0.53
search arbeitsgruppe.my.tld


root at adc2:~# cat /etc/systemd/resolved.conf

[Resolve]

DNS=10.0.0.230
FallbackDNS=10.0.0.231
Domains=my.tld

oh my

Am 22.11.22 um 09:43 schrieb Stefan G. Weichinger via samba:
> but I don't have it OK yet:
Update: seems OK now

I wonder if to stay at 4.16.2 on ADC2 and 4.16.6 on ADC1 for now.

Vacation starts on thursday ...

On 22/11/2022 08:43, Stefan G. Weichinger via samba
wrote:
> Am 22.11.22 um 09:33 schrieb Rowland Penny via samba:
> 
>> To try and sort this out, the lines above what you have posted are 
>> required, you seem to have posted the lower portion of a python 
>> exception.
> 
> yes, ok. Browsing.
> 
> To me it seems that /etc/resolv.conf was overwritten by 
> systemd-resolved. I now edited /etc/systemd/resolved.conf to set the 2 
> DCs as DNSes etc
The best fix for that is to turn off systemd-resolved on a Samba DC and 
then create /etc/resolv.conf as you require it, that way, it cannot get 
changed.
> 
> I have to check/fix that on ADC1 as well.
> 
> There were lots of resolver-related messages:
> 
> /usr/sbin/samba_dnsupdate: dns.resolver.NoResolverConfiguration: 
> Resolver configuration could not be read
> 
> ---
> 
> but I don't have it OK yet:
> 
> Nov 22 09:38:27 adc2 samba[297691]:?? /usr/sbin/samba_dnsupdate: raise 
> Exception("Timeout while waiting to contact a working DNS server while
> looking for %s as %s" % (d, normalised_name))
> Nov 22 09:38:27 adc2 samba[297691]: [2022/11/22 09:38:27.768137,? 0] 
> ../../lib/util/util_runcmd.c:355(samba_runcmd_io_handler)
> Nov 22 09:38:27 adc2 samba[297691]:?? /usr/sbin/samba_dnsupdate: 
> Exception: Timeout while waiting to contact a working DNS server while 
> looking for A adc2.mytld
> 192.168.101.230 as adc2.my.tld.
> Nov 22 09:38:27 adc2 samba[297691]: [2022/11/22 09:38:27.796576,? 0] 
> ../../source4/dsdb/dns/dns_update.c:85(dnsupdate_nameupdate_done)
> Nov 22 09:38:27 adc2 samba[297691]:?? dnsupdate_nameupdate_done: Failed 
> DNS update with exit code 1
Yes, that is a dns problem.
> ^C
> root at adc2:~# dig adc2.my.tld
> ;; reply from unexpected source: 127.0.0.1#53, expected 127.0.0.53#53
> 
> root at adc2:~# cat /etc/resolv.conf
> # Dynamic resolv.conf(5) file for glibc resolver(3) generated by 
> resolvconf(8)
> #???? DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
> # 127.0.0.53 is the systemd-resolved stub resolver.
> # run "resolvectl status" to see details about the actual
nameservers.
> 
> nameserver 127.0.0.53
> search arbeitsgruppe.my.tld
As I said, I suggest you turn off systemd-resolved, I also suggest that 
you check that netplan, network-manager, etc aren't getting in the way.
> 
> 
> root at adc2:~# cat /etc/systemd/resolved.conf
> 
> [Resolve]
> 
> DNS=10.0.0.230
> FallbackDNS=10.0.0.231
> Domains=my.tld
> 
> oh my
> 
See what I mean ;-)

Rowland

On 11/22/22 03:04, Rowland Penny via samba wrote:
> 
> The best fix for that is to turn off systemd-resolved on a Samba DC and 
> then create /etc/resolv.conf as you require it, that way, it cannot get 
> changed.
> 
Since I've been dealing with this on a daily basis recently ....

You don't have to turn off systemd-resolved.  Just delete the symlink it 
creates for resolv.conf in /etc, create your own static /etc/resolv.conf 
file and then restart systemd-resolved.  It's smart, and knows how to 
roll with this.

Turning off systemd services is rarely what you want to do, and as more 
and more services align themselves with the convenience of systemd, this 
will come back to bite you in the ass eventually. Or never upgrade; your 
choice. <:)