Thanks for the good explanation. The client is my Windows 10 computer.
I should perhaps mention that I use the RSAT tools to manage DNS.
What I don't understand is why the DC 01 doesn't have these problems. Is
it
maybe because it has all FSMO roles and is the PDC?
Am So., 23. Juni 2024 um 09:59 Uhr schrieb Rowland Penny via samba <
samba at lists.samba.org>:
> On Sun, 23 Jun 2024 09:34:46 +0200
> Ronny Preiss via samba <samba at lists.samba.org> wrote:
>
>
>
> > Now the 3rd DC has the same Problem as the 2nd one.
> > Only the 1st DC has no issues.
> >
> > /var/log/syslog
> > [...]
> > Jun 23 06:05:20 01-dc03 samba[87230]: [2024/06/23 06:05:20.132829, 0]
> > source4/rpc_server/dnsserver/dcerpc_dnsser
> >
> > ver.c:1076(dnsserver_query_zone)
> > Jun 23 06:05:20 01-dc03 samba[87230]: dnsserver: Invalid zone
> > operation IsSigned
> > Jun 23 06:05:21 01-dc03 samba[87230]: [2024/06/23 06:05:21.176086, 0]
> > source4/rpc_server/dnsserver/dcerpc_dnsser
> >
> > ver.c:1076(dnsserver_query_zone)
> > [...]
> >
>
> If you go to line 1076 in
> source4/rpc_server/dnsserver/dcerpc_dnsserver.c you will find this:
>
> DEBUG(0,("dnsserver: Invalid zone operation %s\n",
operation));
> return WERR_DNS_ERROR_INVALID_PROPERTY;
>
> In this instance 'IsSigned' is the 'operation' and if you
look in the
> extensive list of known 'operation' types above that,
'IsSigned' isn't
> there, so it falls into that 'DEBUG' and the message is printed.
>
> Now, where is 'IsSigned' coming from ?
> Well, 'IsSigned' means dnssec and so, something (probably a client)
is
> using dnssec to query the Samba dns server and Samba knows nothing
> about dnssec.
> If you want to fix this, you are looking at the wrong end, you need to
> find the client(s) that are using dnssec and stop its use.
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>