I had a problem with setting up samba dc as AD DC with BIND9 DNS Backend, with error: zone 10.16.172.in-addr.arpa/NONE: has 0 SOA records zone 10.16.172.in-addr.arpa/NONE: has no NS records samba_dlz: Failed to configure zone '10.16.172.in-addr.arpa.' loading configuration: bad zone exiting (due to fatal error) If take request, I see NS and SOA records: samba-tool dns query 172.16.10.1 10.16.172.in-addr.arpa. @ ALL -U administrator It had this problem with all zones. How to repeat the problem: Set up Windows server 2008R2. In the domain zone properties, clear the field "RP — Responsible Pearson" Set up Samba DC with BIND9 on (ubuntu 18.04 or 20.04) Join Samba DC in AD Domain Start BIND9. It took me a long time to find out what the problem is. Work without "RP — Responsible Pearson" is not a problem for AD DNS. OS Ubuntu 18.04 samba -V Version 4.7.6-Ubuntu named -V BIND 9.11.3-1ubuntu1.13-Ubuntu I also tried it on Ubuntu 20.04 with BIND 9.16 version
Can I get some more detail on what was seen here?
(In reply to Andrew Bartlett from comment #1) What would you like to see? There is no more detailed log, except what I already wrote above. In short: If the "RP - Responsible Pearson" field in AD is empty, the BIND will not start.
Any chance you can show me an entry as LDIF with that set? Do you know how to ldbsearch for the DNS entries? The entry as base64 and decoded with --show-binary would tell me a lot.
DNS NS records are in the "@" record, encoded in dnsRecord attributes. Please adapt for your installation, but this is the command I ran in testenv to find the NS records for the main DNS zone. Your zones might be in DomainDnsZones or ForestDnsZones, so adapt as required. bin/ldbsearch -H st/ad_dc/private/sam.ldb --cross-ncs -s base -b DC=@,DC=addom.samba.example.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=addom,DC=samba,DC=example,DC=com --show-binary bin/ldbsearch -H st/ad_dc/private/sam.ldb --cross-ncs -s base -b DC=@,DC=addom.samba.example.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=addom,DC=samba,DC=example,DC=com We want both the base64 and decoded text format. To find all the DNS zones, you can run: bin/ldbsearch -H st/ad_dc/private/sam.ldb --cross-ncs objectclass=dnszone dc # record 1 dn: DC=addom.samba.example.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=addom,DC=samba,DC=example,DC=com dc: addom.samba.example.com # record 2 dn: DC=RootDNSServers,CN=MicrosoftDNS,DC=DomainDnsZones,DC=addom,DC=samba,DC=example,DC=com dc: RootDNSServers # record 3 dn: DC=_msdcs.addom.samba.example.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=addom,DC=samba,DC=example,DC=com dc: _msdcs.addom.samba.example.com # record 4 dn: DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=addom,DC=samba,DC=example,DC=com dc: RootDNSServers # returned 4 records # 4 entries # 0 referrals Note that unlike in the base DN, the DC= is not split into children, it is a dotted name, when used in the dns partitions. Yay for consistency! now add DC=@, to the start of each DN you are searching for, eg: DC=@,DC=10.16.172.in-addr.arpa,CN=MicrosoftDNS,DC=ForestDnsZones,DC=addom,DC=samba,DC=example,DC=com Hopefully that helps you show me the troublesome record (with RP set from MMC) and I can set about trying to have the tools cope with it better.
Andrew, Thanks for help. I created a new zone "test.ru" and cleared the "RP - Responsible Pearson" field. Join SambaDC into the AD domain. When starting the bind, errors are displayed: 16-Feb-2021 10: 16: 02.960 zone test.ru/NONE: could not find NS and / or SOA records 16-Feb-2021 10: 16: 02.960 zone test.ru/NONE: loaded; checking validity 16-Feb-2021 10: 16: 02.961 zone test.ru/NONE: has 0 SOA records 16-Feb-2021 10: 16: 02.961 zone test.ru/NONE: has no NS records 16-Feb-2021 10: 16: 02.961 samba_dlz: Failed to configure zone 'test.ru' 16-Feb-2021 10: 16: 02.961 load_configuration: bad zone 16-Feb-2021 10: 16: 02.961 loading configuration: bad zone 16-Feb-2021 10: 16: 02.961 exiting (due to fatal error) root@astra:/home/user# samba-tool dns query dc01 test.ru @ ALL -U administrator Password for [VOLZANKATEST\administrator]: Name=, Records=2, Children=0 NS: dc01.volzankatest.ru. (flags=600000f0, serial=0, ttl=3600) SOA: serial=2, refresh=900, retry=600, expire=86400, minttl=3600, ns=dc01.volzankatest.ru., email= (flags=600000f0, serial=0, ttl=3600) Now, at your request: root@astra:/home/user# ldbsearch -H /var/lib/samba/private/sam.ldb --cross-ncs -s base -b DC=@,DC=test.ru,CN=MicrosoftDNS,DC=DomainDnsZones,DC=volzankatest,DC=ru --show-binary # record 1 dn: DC=@,DC=test.ru,CN=MicrosoftDNS,DC=DomainDnsZones,DC=volzankatest,DC=ru objectClass: top objectClass: dnsNode instanceType: 4 whenCreated: 20210216071132.0Z whenChanged: 20210216071149.0Z displayName: (same as parent object) uSNCreated: 4447 uSNChanged: 4447 showInAdvancedViewOnly: TRUE name: @ objectGUID: a59d2bd4-b0d0-482c-9953-be8ab1f5972e dnsRecord: NDR: struct dnsp_DnssrvRpcRecord wDataLength : 0x0018 (24) wType : DNS_TYPE_NS (2) version : 0x05 (5) rank : DNS_RANK_ZONE (240) flags : 0x0000 (0) dwSerial : 0x00000002 (2) dwTtlSeconds : 0x00000e10 (3600) dwReserved : 0x00000000 (0) dwTimeStamp : 0x00000000 (0) data : union dnsRecordData(case 2) ns : dc01.volzankatest.ru dnsRecord: NDR: struct dnsp_DnssrvRpcRecord wDataLength : 0x002f (47) wType : DNS_TYPE_SOA (6) version : 0x05 (5) rank : DNS_RANK_ZONE (240) flags : 0x0000 (0) dwSerial : 0x00000002 (2) dwTtlSeconds : 0x00000e10 (3600) dwReserved : 0x00000000 (0) dwTimeStamp : 0x00000000 (0) data : union dnsRecordData(case 6) soa: struct dnsp_soa serial : 0x00000001 (1) refresh : 0x00000384 (900) retry : 0x00000258 (600) expire : 0x00015180 (86400) minimum : 0x00000e10 (3600) mname : dc01.volzankatest.ru rname : objectCategory: CN=Dns-Node,CN=Schema,CN=Configuration,DC=volzankatest,DC=ru dNSProperty: NDR: struct dnsp_DnsProperty wDataLength : 0x00000008 (8) namelength : 0x00000000 (0) flag : 0x00000000 (0) version : 0x00000001 (1) id : DSPROPERTY_ZONE_SECURE_TIME (8) data : union dnsPropertyData(case 8) zone_secure_time : Thu Jan 1 03:00:00 1970 MSK name : 0x00007ff6 (32758) dNSTombstoned: FALSE dc: @ distinguishedName: DC=@,DC=test.ru,CN=MicrosoftDNS,DC=DomainDnsZones,DC=volzankatest,DC=ru # returned 1 records # 1 entries # 0 referrals ################################################################ ################################################################ root@astra:/home/user# ldbsearch -H /var/lib/samba/private/sam.ldb --cross-ncs -s base -b DC=@,DC=test.ru,CN=MicrosoftDNS,DC=DomainDnsZones,DC=volzankatest,DC=ru # record 1 dn: DC=@,DC=test.ru,CN=MicrosoftDNS,DC=DomainDnsZones,DC=volzankatest,DC=ru objectClass: top objectClass: dnsNode instanceType: 4 whenCreated: 20210216071132.0Z whenChanged: 20210216071149.0Z displayName: (same as parent object) uSNCreated: 4447 uSNChanged: 4447 showInAdvancedViewOnly: TRUE name: @ objectGUID: a59d2bd4-b0d0-482c-9953-be8ab1f5972e dnsRecord:: GAACAAXwAAACAAAAAAAOEAAAAAAAAAAAFgMEZGMwMQx2b2x6YW5rYXRlc3QCcnUA dnsRecord:: LwAGAAXwAAACAAAAAAAOEAAAAAAAAAAAAAAAAQAAA4QAAAJYAAFRgAAADhAWAwRkYz AxDHZvbHphbmthdGVzdAJydQABAAA= objectCategory: CN=Dns-Node,CN=Schema,CN=Configuration,DC=volzankatest,DC=ru dNSProperty:: CAAAAAAAAAAAAAAAAQAAAAgAAAAkATwWAwAAAPZ/AAA= dNSTombstoned: FALSE dc: @ distinguishedName: DC=@,DC=test.ru,CN=MicrosoftDNS,DC=DomainDnsZones,DC=volzan katest,DC=ru # returned 1 records # 1 entries # 0 referrals