If a user deletes an important AD DNS record, it would be good, if samba_dnsupdate could re-add it again.
For example I had deleted "_ldap._tcp.samdom.example.com". Then I run samba_dnsupdate. The command says it didn't find the entry (right). Later in the output it tries to update the not existing record what fails:
Looking for DNS entry SRV _ldap._tcp.samdom.example.com dc1.samdom.example.com 389 as _ldap._tcp.samdom.example.com.
Failed to find DNS entry SRV _ldap._tcp.samdom.example.com dc1.samdom.example.com 389
Calling nsupdate for SRV _ldap._tcp.samdom.example.com dc1.samdom.example.com 389
Failed nsupdate: SRV _ldap._tcp.samdom.example.com dc1.samdom.example.com 389 : [Errno 2] No such file or directory
Failed update of 1 entries
It would be good, if the records from /usr/local/samba/private/dns_update_list would be re-added, if they don't exist any more. Or are there any concern?
The script samba_dnsupdate is designed to add any missing entries back.
I tried deleting _ldap._tcp entry from DNS and when samba_dnsupdate runs, the entry is added back. So I'm not sure I understand what problem you are seeing.
This looks like nsupdate or DNS server issue rather than the problem with samba_dnsupdate script.
Are you running with Internal DNS server or BIND?
Created attachment 9003 [details]
Samba level 10 debug while running samba_dnsupdate
here, after I e. g. deleted the _ldap._tcp entry, it wasn't recreated by samba_dnsupdate and the command printed the error I wrote in comment #1.
I'm using BIND 9.8.5-P1. But I switched temporary my two test DC to internal DNS, but the error is the same when I run samba_dnsupdate and the entry it isn't re-added.
Find attached a Samba level 10 debug log, that was captured, while I run samba_dnsupdate (this time with the internal DNS).
Anything else I can provide for debugging?
Actually more useful would be DNS server logs. Can you re-run this with BIND and paste BIND DLZ log?
You can run BIND in the foreground as /usr/sbin/named -u named -f -g. If you are on debian based systems replace -u named with -u bind.
Also, how are you deleting the DNS entry _ldap._tcp? Are you using samba-tool dns to delete it?
Created attachment 9004 [details]
Bind debug level 10 log
(In reply to comment #3)
> You can run BIND in the foreground as /usr/sbin/named -u named -f -g. If you
> are on debian based systems replace -u named with -u bind.
> Also, how are you deleting the DNS entry _ldap._tcp? Are you using samba-tool
> dns to delete it?
I added "-d 10" to the DLZ module and start named manually.
The attached named logfile contains the following:
- Deleting _ldap._tcp. via Windows 7 DNS MMC
- Run "samba_dnsupdate --verbose". ("Failed update of 1 entries")
- Delete _kerberos._tcp via
# samba-tool dns delete localhost samdom.example.com _kerberos._tcp.samdom.example.com SRV "dc1.samdom.example.com. 88 0 100"
- Run "samba_dnsupdate --verbose". ("Failed update of 2 entries")