Hello! I think I've found a bug when trying to restore a backup done using `samba-tool domain backup offline`, where the NS records are not recreated for the AD domain + "_msdsc.{domain}" zones. Steps to reproduce: 1. Provision domain using: samba-tool domain provision --use-rfc2307 --adminpass={adminpassword} --domain=sub.domain.se --realm=realm --site=site --server-role=dc --dns-backend=BIND9_DLZ 2. Creating a backup: samba-tool domain backup offline --targetdir=/ 3. Clearing Samba server + restoring backup: 3.1. Stopping Samba 3.2. Removing /var/lib/samba 3.3. Restoring backup: samba-tool domain backup restore --targetdir=/var/lib/samba --newservername={new-server-name} --site=site --backup-file=/samba-backup-2025-01-07T08-45-20.698960.tar.bz2 4. Starting Samba 4.1. Copy /var/lib/samba/etc/smb.conf to /etc/samba/smb.conf. The only line that's changed is `netbios name` that is now set to {new-server-name}. 4.2. Starting Samba daemon 5. Recreate the bind-dns dir for Bind: samba_upgradedns --dns-backend=BIND9_DLZ 6. Starting named: ``` named -4 -g -f -u bind ... ... 7-Jan-2025 20:26:31.455 Loading 'AD DNS Zone' using driver dlopen 7-Jan-2025 20:26:31.795 samba_dlz: started for DN DC=sub,DC=domain,DC=se 7-Jan-2025 20:26:31.795 samba_dlz: starting configure 7-Jan-2025 20:26:31.799 zone domain.se/NONE: has no NS records 7-Jan-2025 20:26:31.799 samba_dlz: Failed to configure zone 'sub.domain.se' 7-Jan-2025 20:26:31.799 loading configuration: bad zone 7-Jan-2025 20:26:31.799 exiting (due to fatal error) ``` -------------------------- Here I would have expected bind to start. I've followed the Samba wiki "Back up and Restoring a Samba AD DC", and the only mentioning about Bind DLZ is to run the `samba_upgradedns` command: https://wiki.samba.org/index.php/Back_up_and_Restoring_a_Samba_AD_DC#The_bind-dns/_folder_is_empty._Why_are_no_DNS_Records_saved? However, the workaround seems quite simple. Just add the missing NS record manually: ``` samba-tool dns add 127.0.0.1 sub.domain.se.se @ NS hostname.sub.domain.se. samba-tool dns add 127.0.0.1 _msdcs.sub.domain.se @ NS hostname.sub.domain.se. ``` Not sure if anything more is missing, but now I can at least start bind. Best regards Emil Sandnabba
(In reply to Emil Sandnabba from comment #0) While it might not have relevance to your problem (but it may do), I have a couple of questions: You are provisioning with '--domain=sub.domain.se', are you aware that the 'domain' in question is the NetBIOS domain and you cannot have dots in a NetBIOS domain name, I think you meant to use '--domain=SUB'. These lines were in your log fragment: 7-Jan-2025 20:26:31.799 zone domain.se/NONE: has no NS records 7-Jan-2025 20:26:31.799 samba_dlz: Failed to configure zone 'sub.domain.se' Your DNS domain appears to be 'sub.domain.se' so where is 'domain.se' coming from, is Bind9 setup correctly ?