Bug 15779 - NS record lost for domain + _msdsc zones after backup restore
Summary: NS record lost for domain + _msdsc zones after backup restore
Status: NEW
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: DNS plugin (BIND DLZ) (show other bugs)
Version: 4.21.1
Hardware: x86 Linux
: P5 normal (vote)
Target Milestone: ---
Assignee: Amitay Isaacs
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2025-01-08 19:02 UTC by Emil Sandnabba
Modified: 2025-01-16 10:09 UTC (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Emil Sandnabba 2025-01-08 19:02:56 UTC
Hello!

I think I've found a bug when trying to restore a backup done using `samba-tool domain backup offline`, where the NS records are not recreated for the AD domain + "_msdsc.{domain}" zones.

Steps to reproduce:

1. Provision domain using:
samba-tool domain provision --use-rfc2307 --adminpass={adminpassword} --domain=sub.domain.se --realm=realm --site=site --server-role=dc --dns-backend=BIND9_DLZ

2. Creating a backup:
samba-tool domain backup offline --targetdir=/

3. Clearing Samba server + restoring backup:
3.1. Stopping Samba
3.2. Removing /var/lib/samba
3.3. Restoring backup:
samba-tool domain backup restore --targetdir=/var/lib/samba --newservername={new-server-name} --site=site --backup-file=/samba-backup-2025-01-07T08-45-20.698960.tar.bz2

4. Starting Samba
4.1. Copy /var/lib/samba/etc/smb.conf to /etc/samba/smb.conf.
     The only line that's changed is `netbios name` that is now set to {new-server-name}.
4.2. Starting Samba daemon

5. Recreate the bind-dns dir for Bind:
samba_upgradedns --dns-backend=BIND9_DLZ

6. Starting named:
```
named -4 -g -f -u bind
...
...
7-Jan-2025 20:26:31.455 Loading 'AD DNS Zone' using driver dlopen
7-Jan-2025 20:26:31.795 samba_dlz: started for DN DC=sub,DC=domain,DC=se
7-Jan-2025 20:26:31.795 samba_dlz: starting configure
7-Jan-2025 20:26:31.799 zone domain.se/NONE: has no NS records
7-Jan-2025 20:26:31.799 samba_dlz: Failed to configure zone 'sub.domain.se'
7-Jan-2025 20:26:31.799 loading configuration: bad zone
7-Jan-2025 20:26:31.799 exiting (due to fatal error)
```

--------------------------

Here I would have expected bind to start.
I've followed the Samba wiki "Back up and Restoring a Samba AD DC", and the only mentioning about Bind DLZ is to run the `samba_upgradedns` command:
https://wiki.samba.org/index.php/Back_up_and_Restoring_a_Samba_AD_DC#The_bind-dns/_folder_is_empty._Why_are_no_DNS_Records_saved?

However, the workaround seems quite simple. Just add the missing NS record manually:
```
samba-tool dns add 127.0.0.1 sub.domain.se.se @ NS hostname.sub.domain.se.
samba-tool dns add 127.0.0.1 _msdcs.sub.domain.se @ NS hostname.sub.domain.se.
```

Not sure if anything more is missing, but now I can at least start bind.

Best regards

Emil Sandnabba
Comment 1 Rowland Penny 2025-01-16 10:09:15 UTC
(In reply to Emil Sandnabba from comment #0)

While it might not have relevance to your problem (but it may do), I have a couple of questions:

You are provisioning with '--domain=sub.domain.se', are you aware that the 'domain' in question is the NetBIOS domain and you cannot have dots in a NetBIOS domain name, I think you meant to use '--domain=SUB'.

These lines were in your log fragment:

7-Jan-2025 20:26:31.799 zone domain.se/NONE: has no NS records
7-Jan-2025 20:26:31.799 samba_dlz: Failed to configure zone 'sub.domain.se'

Your DNS domain appears to be 'sub.domain.se' so where is 'domain.se' coming from, is Bind9 setup correctly ?