I have Two RPi3 machines running CentOS 7 as ADDC. They also serve DHCP requests and do dynamic updates via the methods described in the wiki, using a dhcp-dyndns.sh script called by dhcpd. The default logrotate scripts for named (BIND 9.9.4-RedHat-9.9.4-51.el7_4.1 (Extended Support Version)) call "sysctl reload named.service" This sends a SIGHUP to named. Unfortunately the reload handling by bind causes samba_dlz to shut down. This is the log of this event (this can also be triggered using 'rndc reload' This causes a flurry of successful activity, the logs ending with: Jan 12 09:58:17 dc02.rvx.is named[8331]: zone _msdcs.rvx.is/NONE: (other) removed Jan 12 09:58:17 dc02.rvx.is named[8331]: reloading configuration succeeded Jan 12 09:58:17 dc02.rvx.is named[8331]: samba_dlz: shutting down Jan 12 09:58:17 dc02.rvx.is named[8331]: reloading zones succeeded Jan 12 09:58:17 dc02.rvx.is named[8331]: all zones loaded Jan 12 09:58:17 dc02.rvx.is named[8331]: running In this state, named will refuse dynamic dhcp updates. To fix it, named needs to be restarted with 'systemctl restart named.service' The end of the 'restart' log looks like: Jan 12 10:00:18 dc02.rvx.is named[27159]: samba_dlz: configured writeable zone '_msdcs.rvx.is' Jan 12 10:00:18 dc02.rvx.is named[27159]: set up managed keys zone for view _default, file '/var/named/dynamic/managed-keys.bind' Jan 12 10:00:18 dc02.rvx.is named[27159]: command channel listening on 127.0.0.1#953 Jan 12 10:00:18 dc02.rvx.is named[27159]: managed-keys-zone: journal file is out of date: removing journal file Jan 12 10:00:18 dc02.rvx.is named[27159]: managed-keys-zone: loaded serial 53 Jan 12 10:00:18 dc02.rvx.is named[27159]: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0 Jan 12 10:00:18 dc02.rvx.is named[27159]: zone 0.in-addr.arpa/IN: loaded serial 0 Jan 12 10:00:18 dc02.rvx.is named[27159]: zone localhost.localdomain/IN: loaded serial 0 Jan 12 10:00:18 dc02.rvx.is named[27159]: zone localhost/IN: loaded serial 0 Jan 12 10:00:18 dc02.rvx.is named[27159]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0 Jan 12 10:00:18 dc02.rvx.is named[27159]: all zones loaded Jan 12 10:00:18 dc02.rvx.is named[27159]: running A workaround on these systems is to change /etc/logrotate.d/named to do a "restart" rather than "reload". But ideally, samba_dlz should cope with reloading of named.
I've filed a bug with the BIND team, https://www.isc.org/community/report-bug/ it is referred to as '[ISC-Bugs #47014]'
(My investingation doesn't indicate that there is any special handling to be done by a dlz.so module on reload. It is therefore likely that the BIND daemon is erroneously shutting down the module without restarting it when it "reloads".
Note: doing "rndc reload" multiple times will each time add the line to the log: "samba_dlz: shutting down". Indeed, prior to each "shut down", there will be a "samba_dlz: starting configure" log. But nowhere is there any "samba_dlz: started for xxx" log. This is a bit confusing, and indicates that there might be either something weird in how bind is calling the .so, or that there is some strange internal error occurring that is improperly handled. I would look into this some more if I were a samba developer...
Found fix, see: https://github.com/samba-team/samba/pull/124
(In reply to Kristján Jónsson from comment #4) Adding link to bug where we improve the logging to try and track this down.
Created attachment 16596 [details] The patch on Github mentioned in the comments For the sake of posterity, I am attaching the patch Kristjan posted on github. The discussion there was auto-forwarded on the samba-technical list (for example https://lists.samba.org/archive/samba-technical/2018-December/131757.html). It is difficult to conclusively say whether the issue is fixed.