If a user deletes an important AD DNS record, it would be good, if samba_dnsupdate could re-add it again. For example I had deleted "_ldap._tcp.samdom.example.com". Then I run samba_dnsupdate. The command says it didn't find the entry (right). Later in the output it tries to update the not existing record what fails: Looking for DNS entry SRV _ldap._tcp.samdom.example.com dc1.samdom.example.com 389 as _ldap._tcp.samdom.example.com. Failed to find DNS entry SRV _ldap._tcp.samdom.example.com dc1.samdom.example.com 389 ... ... Calling nsupdate for SRV _ldap._tcp.samdom.example.com dc1.samdom.example.com 389 Failed nsupdate: SRV _ldap._tcp.samdom.example.com dc1.samdom.example.com 389 : [Errno 2] No such file or directory Failed update of 1 entries It would be good, if the records from /usr/local/samba/private/dns_update_list would be re-added, if they don't exist any more. Or are there any concern?
The script samba_dnsupdate is designed to add any missing entries back. I tried deleting _ldap._tcp entry from DNS and when samba_dnsupdate runs, the entry is added back. So I'm not sure I understand what problem you are seeing. This looks like nsupdate or DNS server issue rather than the problem with samba_dnsupdate script. Are you running with Internal DNS server or BIND?
Created attachment 9003 [details] Samba level 10 debug while running samba_dnsupdate Hello Amitay, here, after I e. g. deleted the _ldap._tcp entry, it wasn't recreated by samba_dnsupdate and the command printed the error I wrote in comment #1. I'm using BIND 9.8.5-P1. But I switched temporary my two test DC to internal DNS, but the error is the same when I run samba_dnsupdate and the entry it isn't re-added. Find attached a Samba level 10 debug log, that was captured, while I run samba_dnsupdate (this time with the internal DNS). Anything else I can provide for debugging?
Actually more useful would be DNS server logs. Can you re-run this with BIND and paste BIND DLZ log? You can run BIND in the foreground as /usr/sbin/named -u named -f -g. If you are on debian based systems replace -u named with -u bind. Also, how are you deleting the DNS entry _ldap._tcp? Are you using samba-tool dns to delete it?
Created attachment 9004 [details] Bind debug level 10 log (In reply to comment #3) > You can run BIND in the foreground as /usr/sbin/named -u named -f -g. If you > are on debian based systems replace -u named with -u bind. > > Also, how are you deleting the DNS entry _ldap._tcp? Are you using samba-tool > dns to delete it? I added "-d 10" to the DLZ module and start named manually. The attached named logfile contains the following: - Deleting _ldap._tcp. via Windows 7 DNS MMC - Run "samba_dnsupdate --verbose". ("Failed update of 1 entries") - Delete _kerberos._tcp via # samba-tool dns delete localhost samdom.example.com _kerberos._tcp.samdom.example.com SRV "dc1.samdom.example.com. 88 0 100" - Run "samba_dnsupdate --verbose". ("Failed update of 2 entries")