HI Michael, On Wed, Feb 22, 2012 at 7:06 PM, Michael Wood <[email protected]> wrote: > Hi > > On 22 February 2012 01:46, <[email protected]> wrote: >>> The default DNS backend has changed to BIND9_DLZ. This means the DNS >>> records are stored in Samba4's AD tree instead of in a normal zone >>> file. > [...] >>> If you're just starting out, you might want to try the DLZ backend. >> >> Thank you for your help! I was able to get a new Bind version to somewhat >> work. I was able to join an XP machine to the domain but DNS seems to not be >> updating correctly. Below you will find the logs that I am seeing. > > I don't know what would cause that, but you could try increasing the > debug level (e.g. samba -d10 -i -M single) to see if it gives you more > details about the issue. Increasing bind9's debug level might help > too. > > Also, you might want to discuss this on samba-technical. I've copied > my reply there. Since Samba 4 is still in alpha, the HOWTO says to > discuss successes/failures on samba-technical. > >> /var/log/messages: >> >> >> Feb 21 16:39:39 davis named[1163]: validating @0x24c0d30: com SOA: no >> valid signature found >> Feb 21 16:39:39 davis named[1163]: validating @0x220f220: com SOA: no >> valid signature found >> Feb 21 16:39:39 davis named[1163]: validating @0x220f220: >> CK0POJMG874LJREF7EFN8430QVIT8BSM.com NSEC3: no valid signature found >> Feb 21 16:39:39 davis named[1163]: validating @0x24c0d30: >> CK0POJMG874LJREF7EFN8430QVIT8BSM.com NSEC3: no valid signature found >> Feb 21 16:39:39 davis named[1163]: validating @0x198b010: >> A2MEHD73GB2UACB908FCH30EPFLFHMH7.com NSEC3: no valid signature found >> Feb 21 16:39:39 davis named[1163]: validating @0x24c0d30: >> A2MEHD73GB2UACB908FCH30EPFLFHMH7.com NSEC3: no valid signature found >> Feb 21 16:39:40 davis named[1163]: validating @0x24c0d30: >> 3RL0HJSI26SCTO21AV9TVIGIPUVPJAI1.com NSEC3: no valid signature found >> Feb 21 16:39:40 davis named[1163]: validating @0x198b010: >> 3RL0HJSI26SCTO21AV9TVIGIPUVPJAI1.com NSEC3: no valid signature found
These messages are from DNSSEC and are not really from dlz_bind9 module. Can you check if you have any lines in the log with prefix samba_dlz? >> samba output in single mode: >> >> >> samba -i -M single >> samba version 4.0.0alpha18-GIT-89586ed started. >> Copyright Andrew Tridgell and the Samba Team 1992-2012 >> samba: using 'single' process model >> ../source4/dsdb/dns/dns_update.c:294: Failed DNS update - >> NT_STATUS_UNSUCCESSFUL >> >> >> Any ideas as to what that could me? Thank you for your time and have a great >> day! To check if dynamic dns is working, you can try to run samba_dnsupdate script manually. Make sure bind9 and samba are running and then # samba_dnsupdate --verbose This will try to dynamically update various names in the zone. And check the logs for messages from dlz_bind9 module. Just to make sure that the DNS migration has completed correctly, can you post the output of following commands: # ldbsearch -H /path/to/sam.ldb -b "DC=DomainDnsZones,DC...." "(name=@)" --show-binary # ldbsearch -H /path/to/sam.ldb -b "DC=ForestDnsZones,DC=...." "(name=@)" --show-binary There was an issue previously with migration that @ records were not populated correctly. Amitay. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
