samba - Feb 2025 - Problems after DC upgrade

Well, it almost went okay.

Thumbnail: I had two DCs, running the latest in buster.  I created a new one
running bookworm and 4.21.3.  I joined the new machine as a DC.  I then
transferred the FSMO roles from one of the old ones and demoted that one.  My
plan is to create a fourth new one and demote the other old one.  But, two
problems:


  1.  The dns on the new DC is not responding.  It did when I got it started,
but in a reboot, it stopped responding.  Don't know why it's trying to
bind to 0.0.0.0.  The hosts is set up correctly.  Log:

Feb 09 18:11:11 minister2 samba[88]:   dnsupdate_nameupdate_done: Failed DNS
update with exit code 26
Feb 09 18:11:11 minister2 samba[88]: [2025/02/09 18:11:11.816359,  0]
source4/dsdb/dns/dns_update.c:85(dnsupdate_nameupdate_done)
Feb 09 18:01:10 minister2 samba[88]:   dnsupdate_nameupdate_done: Failed DNS
update with exit code 26
Feb 09 18:01:10 minister2 samba[88]: [2025/02/09 18:01:10.720661,  0]
source4/dsdb/dns/dns_update.c:85(dnsupdate_nameupdate_done)
Feb 09 18:01:07 minister2 winbindd[80]:   Copyright Andrew Tridgell and the
Samba Team 1992-2024
Feb 09 18:01:07 minister2 winbindd[80]:   winbindd version
4.21.3-Debian-4.21.3+dfsg-6~bpo12+1 started.
Feb 09 18:01:07 minister2 winbindd[80]: [2025/02/09 18:01:07.051147,  0]
source3/winbindd/winbindd.c:1447(main)
Feb 09 18:01:07 minister2 samba[90]:   Failed to bind to 0.0.0.0:53 TCP -
NT_STATUS_ADDRESS_ALREADY_ASSOCIATED
Feb 09 18:01:07 minister2 samba[90]: [2025/02/09 18:01:07.028013,  0]
source4/dns_server/dns_server.c:672(dns_add_socket)
Feb 09 18:01:07 minister2 samba[90]:   stream_setup_socket: Failed to listen on
0.0.0.0:53 - NT_STATUS_ADDRESS_ALREADY_ASSOCIATED
Feb 09 18:01:07 minister2 samba[90]: [2025/02/09 18:01:07.027890,  0]
source4/samba/service_stream.c:371(stream_setup_socket)
Feb 09 18:01:07 minister2 systemd[1]: Started samba-ad-dc.service - Samba AD
Daemon.
Feb 09 18:01:07 minister2 smbd[50]:   Copyright Andrew Tridgell and the Samba
Team 1992-2024
Feb 09 18:01:07 minister2 smbd[50]:   smbd version
4.21.3-Debian-4.21.3+dfsg-6~bpo12+1 started.
Feb 09 18:01:07 minister2 smbd[50]: [2025/02/09 18:01:07.006236,  0]
source3/smbd/server.c:1965(main)
Feb 09 18:01:06 minister2 samba[41]:   daemon 'samba' : Starting
process...
Feb 09 18:01:06 minister2 samba[41]: [2025/02/09 18:01:06.710689,  0]
lib/util/become_daemon.c:150(daemon_status)
Feb 09 18:01:06 minister2 samba[41]:   Copyright Andrew Tridgell and the Samba
Team 1992-2024
Feb 09 18:01:06 minister2 samba[41]:   samba version
4.21.3-Debian-4.21.3+dfsg-6~bpo12+1 started.
Feb 09 18:01:06 minister2 samba[41]: [2025/02/09 18:01:06.710513,  0]
source4/samba/server.c:633(binary_smbd_main)
Feb 09 18:01:06 minister2 systemd[1]: Starting samba-ad-dc.service - Samba AD
Daemon...


  1.  The _ldap._tcp.<domain> entry for the new dc is missing in both the
new dc's dns (which I queried before the problem above) and the
still-running old dc.  A query of the srv record turns up the old, still running
dc but not the new one.

Replication is working between the two servers.  The database check passes,
although it didn't at first (old entries) and I applied the fixes.

Any help would be greatly appreciated!

                Steve

On Mon, 10 Feb 2025 02:24:31 +0000
Stephen Brandli via samba <samba at lists.samba.org> wrote:
> Well, it almost went okay.
> 
> Thumbnail: I had two DCs, running the latest in buster.  I created a
> new one running bookworm and 4.21.3.  I joined the new machine as a
> DC.  I then transferred the FSMO roles from one of the old ones and
> demoted that one.  My plan is to create a fourth new one and demote
> the other old one.  But, two problems:
> 
> 
>   1.  The dns on the new DC is not responding.  It did when I got it
> started, but in a reboot, it stopped responding.  Don't know why
it's
> trying to bind to 0.0.0.0.  The hosts is set up correctly.  Log:
0.0.0.0 is another way of saying 'all IPv4 on this machine'
> 
> Feb 09 18:11:11 minister2 samba[88]:   dnsupdate_nameupdate_done:
> Failed DNS update with exit code 26 
That explains your missing dns records, samba_dnsupdate cannot add them.
> Feb 09 18:11:11 minister2
> samba[88]: [2025/02/09 18:11:11.816359,  0]
> source4/dsdb/dns/dns_update.c:85(dnsupdate_nameupdate_done) Feb 09
> 18:01:10 minister2 samba[88]:   dnsupdate_nameupdate_done: Failed DNS
> update with exit code 26 Feb 09 18:01:10 minister2 samba[88]:
> [2025/02/09 18:01:10.720661,  0]
> source4/dsdb/dns/dns_update.c:85(dnsupdate_nameupdate_done) Feb 09
> 18:01:07 minister2 winbindd[80]:   Copyright Andrew Tridgell and the
> Samba Team 1992-2024 Feb 09 18:01:07 minister2 winbindd[80]:
> winbindd version 4.21.3-Debian-4.21.3+dfsg-6~bpo12+1 started. Feb 09
> 18:01:07 minister2 winbindd[80]: [2025/02/09 18:01:07.051147,  0]
> source3/winbindd/winbindd.c:1447(main) Feb 09 18:01:07 minister2
> samba[90]:   Failed to bind to 0.0.0.0:53 TCP -
> NT_STATUS_ADDRESS_ALREADY_ASSOCIATED
Could it be that something like Bind9 is also running ?
If that is the case, when you joined the new DC, did you add
'--dns-backend=BIND9_DLZ' ?
If you didn't, you now have two choices, either turn off Bind9 or run
samba_upgradedns to change to Bind9 instead of the builtin dns server,
see here:

https://wiki.samba.org/index.php/Changing_the_DNS_Back_End_of_a_Samba_AD_DC

Rowland