after upgrading UCS from 4.1-4 (errata410) to 4.2 on two different installations the samba dns checks fails
root@CKCUCS1:~# /usr/share/univention-samba4/scripts/check_essential_samba4_dns_records.sh
Host gc._msdcs not found: 3(NXDOMAIN)
Host _gc._tcp not found: 3(NXDOMAIN)
Host _ldap._tcp.gc._msdcs not found: 3(NXDOMAIN)
Host _ldap._tcp not found: 3(NXDOMAIN)
Host _ldap._tcp.dc._msdcs not found: 3(NXDOMAIN)
Host _ldap._tcp.pdc._msdcs not found: 3(NXDOMAIN)
Host _ldap._tcp.31aeb93a-0b70-4591-a197-4c1b2ca087d4.domains._msdcs not found: 3(NXDOMAIN)
Host _kerberos._tcp.dc._msdcs not found: 3(NXDOMAIN)
Host _kerberos._tcp not found: 3(NXDOMAIN)
Host _kerberos._udp not found: 3(NXDOMAIN)
Host _kpasswd._tcp not found: 3(NXDOMAIN)
Host _kpasswd._udp not found: 3(NXDOMAIN)
Located DC 'CKCUCS1' in site 'Default-First-Site-Name'
Located DC 'CKCUCS2' in site 'Default-First-Site-Name'
Host f41a48a2-21b1-464f-bf84-3c64144a3547._msdcs not found: 3(NXDOMAIN)
Host c8c04722-4c28-4bad-abb3-6b24be933df8._msdcs not found: 3(NXDOMAIN)
## Records for site Default-First-Site-Name:
Host _ldap._tcp.Default-First-Site-Name._sites not found: 3(NXDOMAIN)
Host _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs not found: 3(NXDOMAIN)
Host _kerberos._tcp.Default-First-Site-Name._sites not found: 3(NXDOMAIN)
Host _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs not found: 3(NXDOMAIN)
## Optional GC Records for site Default-First-Site-Name:
Host _gc._tcp.Default-First-Site-Name._sites not found: 3(NXDOMAIN)
Host _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs not found: 3(NXDOMAIN)
No _kerberos TXT record (ok)
in ldap dns all records are there also if i check with rsat dns tool there are all records shown
Here is an example from my 4.2 testing environment:
Essential DNS Check
root@master-42-10:~# /usr/share/univention-samba4/scripts/check_essential_samba4_dns_records.sh
Host gc._msdcs not found: 3(NXDOMAIN)
Host _gc._tcp not found: 3(NXDOMAIN)
Host _ldap._tcp.gc._msdcs not found: 3(NXDOMAIN)
Host _ldap._tcp not found: 3(NXDOMAIN)
Host _ldap._tcp.dc._msdcs not found: 3(NXDOMAIN)
Host _ldap._tcp.pdc._msdcs not found: 3(NXDOMAIN)
Host _ldap._tcp.2fb30aa2-73d6-423f-a57b-d6bf9e53b1a1.domains._msdcs not found: 3(NXDOMAIN)
Host _kerberos._tcp.dc._msdcs not found: 3(NXDOMAIN)
Host _kerberos._tcp not found: 3(NXDOMAIN)
Host _kerberos._udp not found: 3(NXDOMAIN)
Host _kpasswd._tcp not found: 3(NXDOMAIN)
Host _kpasswd._udp not found: 3(NXDOMAIN)
Located DC 'master-42-10' in site 'Default-First-Site-Name'
Located DC 'slave-42-11' in site 'Default-First-Site-Name'
Located DC 'backup-42-12' in site 'Default-First-Site-Name'
Located DC 'slave-42-16' in site 'Default-First-Site-Name'
Located DC 'backup-42-18' in site 'Default-First-Site-Name'
Host d6bb148b-5610-4076-883f-a2fbce309286._msdcs not found: 3(NXDOMAIN)
Host 789dd1dc-c51d-43d1-8499-ccc72c443f45._msdcs not found: 3(NXDOMAIN)
Host fb6b4b9d-64b6-4b5e-a671-7cf3d1fa9a45._msdcs not found: 3(NXDOMAIN)
Host efd884d7-ada9-4d1c-9038-11aca74d6c9a._msdcs not found: 3(NXDOMAIN)
Host 1e811606-b55e-4bf8-b1e6-b00e7556c3ec._msdcs not found: 3(NXDOMAIN)
## Records for site Default-First-Site-Name:
Host _ldap._tcp.Default-First-Site-Name._sites not found: 3(NXDOMAIN)
Host _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs not found: 3(NXDOMAIN)
Host _kerberos._tcp.Default-First-Site-Name._sites not found: 3(NXDOMAIN)
Host _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs not found: 3(NXDOMAIN)
## Optional GC Records for site Default-First-Site-Name:
Host _gc._tcp.Default-First-Site-Name._sites not found: 3(NXDOMAIN)
Host _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs not found: 3(NXDOMAIN)
_kerberos.nvsx.local descriptive text "NVSX.LOCAL"
root@master-42-10:~# ucr set dns/backend='ldap'
Setting dns/backend
root@master-42-10:~# /usr/share/univention-samba4/scripts/check_essential_samba4_dns_records.sh
Host gc._msdcs not found: 3(NXDOMAIN)
Host _gc._tcp not found: 3(NXDOMAIN)
Host _ldap._tcp.gc._msdcs not found: 3(NXDOMAIN)
Host _ldap._tcp not found: 3(NXDOMAIN)
Host _ldap._tcp.dc._msdcs not found: 3(NXDOMAIN)
Host _ldap._tcp.pdc._msdcs not found: 3(NXDOMAIN)
Host _ldap._tcp.2fb30aa2-73d6-423f-a57b-d6bf9e53b1a1.domains._msdcs not found: 3(NXDOMAIN)
Host _kerberos._tcp.dc._msdcs not found: 3(NXDOMAIN)
Host _kerberos._tcp not found: 3(NXDOMAIN)
Host _kerberos._udp not found: 3(NXDOMAIN)
Host _kpasswd._tcp not found: 3(NXDOMAIN)
Host _kpasswd._udp not found: 3(NXDOMAIN)
Located DC 'master-42-10' in site 'Default-First-Site-Name'
Located DC 'slave-42-11' in site 'Default-First-Site-Name'
Located DC 'backup-42-12' in site 'Default-First-Site-Name'
Located DC 'slave-42-16' in site 'Default-First-Site-Name'
Located DC 'backup-42-18' in site 'Default-First-Site-Name'
Host d6bb148b-5610-4076-883f-a2fbce309286._msdcs not found: 3(NXDOMAIN)
Host 789dd1dc-c51d-43d1-8499-ccc72c443f45._msdcs not found: 3(NXDOMAIN)
Host fb6b4b9d-64b6-4b5e-a671-7cf3d1fa9a45._msdcs not found: 3(NXDOMAIN)
Host efd884d7-ada9-4d1c-9038-11aca74d6c9a._msdcs not found: 3(NXDOMAIN)
Host 1e811606-b55e-4bf8-b1e6-b00e7556c3ec._msdcs not found: 3(NXDOMAIN)
## Records for site Default-First-Site-Name:
Host _ldap._tcp.Default-First-Site-Name._sites not found: 3(NXDOMAIN)
Host _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs not found: 3(NXDOMAIN)
Host _kerberos._tcp.Default-First-Site-Name._sites not found: 3(NXDOMAIN)
Host _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs not found: 3(NXDOMAIN)
## Optional GC Records for site Default-First-Site-Name:
Host _gc._tcp.Default-First-Site-Name._sites not found: 3(NXDOMAIN)
Host _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs not found: 3(NXDOMAIN)
_kerberos.nvsx.local descriptive text "NVSX.LOCAL"
But it should look like this: (its a 4.1-4 errate 410 installation)
root@fischer11:~# /usr/share/univention-samba4/scripts/check_essential_samba4_dns_records.sh
gc._msdcs.fischer.local has address 192.168.1.7
gc._msdcs.fischer.local has address 192.168.1.6
gc._msdcs.fischer.local has address 192.168.1.1
_gc._tcp.fischer.local has SRV record 0 0 3268 fischer12.fischer.local.
_gc._tcp.fischer.local has SRV record 0 100 3268 fischer11.fischer.local.
_ldap._tcp.gc._msdcs.fischer.local has SRV record 0 100 3268 fischer11.fischer.local.
_ldap._tcp.gc._msdcs.fischer.local has SRV record 0 0 3268 fischer12.fischer.local.
_ldap._tcp.fischer.local has SRV record 0 0 389 fischer12.fischer.local.
_ldap._tcp.fischer.local has SRV record 0 100 389 fischer11.fischer.local.
_ldap._tcp.dc._msdcs.fischer.local has SRV record 0 100 389 fischer11.fischer.local.
_ldap._tcp.dc._msdcs.fischer.local has SRV record 0 0 389 fischer12.fischer.local.
_ldap._tcp.pdc._msdcs.fischer.local has SRV record 0 100 389 fischer11.fischer.local.
_ldap._tcp.69e79d94-7945-4f05-ae32-5f01e3fd8326.domains._msdcs.fischer.local has SRV record 0 0 389 fischer12.fischer.local.
_ldap._tcp.69e79d94-7945-4f05-ae32-5f01e3fd8326.domains._msdcs.fischer.local has SRV record 0 100 389 fischer11.fischer.local.
_kerberos._tcp.dc._msdcs.fischer.local has SRV record 0 100 88 fischer11.fischer.local.
_kerberos._tcp.dc._msdcs.fischer.local has SRV record 0 0 88 fischer12.fischer.local.
_kerberos._tcp.fischer.local has SRV record 0 0 88 fischer12.fischer.local.
_kerberos._tcp.fischer.local has SRV record 0 100 88 fischer11.fischer.local.
_kerberos._udp.fischer.local has SRV record 0 100 88 fischer11.fischer.local.
_kerberos._udp.fischer.local has SRV record 0 0 88 fischer12.fischer.local.
_kpasswd._tcp.fischer.local has SRV record 0 0 464 fischer12.fischer.local.
_kpasswd._tcp.fischer.local has SRV record 0 100 464 fischer11.fischer.local.
_kpasswd._udp.fischer.local has SRV record 0 0 464 fischer12.fischer.local.
_kpasswd._udp.fischer.local has SRV record 0 100 464 fischer11.fischer.local.
Located DC 'fischer11' in site 'Default-First-Site-Name'
Located DC 'fischer12' in site 'Default-First-Site-Name'
7cc7ea43-96e6-4a6e-b089-ff12b09d9b03._msdcs.fischer.local is an alias for fischer11.fischer.local.
d2ab1adf-f224-472c-bc04-2beec4defc75._msdcs.fischer.local is an alias for fischer12.fischer.local.
## Records for site Default-First-Site-Name:
_ldap._tcp.Default-First-Site-Name._sites.fischer.local has SRV record 0 0 389 fischer12.fischer.local.
_ldap._tcp.Default-First-Site-Name._sites.fischer.local has SRV record 0 100 389 fischer11.fischer.local.
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.fischer.local has SRV record 0 0 389 fischer12.fischer.local.
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.fischer.local has SRV record 0 100 389 fischer11.fischer.local.
_kerberos._tcp.Default-First-Site-Name._sites.fischer.local has SRV record 0 0 88 fischer12.fischer.local.
_kerberos._tcp.Default-First-Site-Name._sites.fischer.local has SRV record 0 100 88 fischer11.fischer.local.
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.fischer.local has SRV record 0 100 88 fischer11.fischer.local.
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.fischer.local has SRV record 0 0 88 fischer12.fischer.local.
## Optional GC Records for site Default-First-Site-Name:
_gc._tcp.Default-First-Site-Name._sites.fischer.local has SRV record 0 100 3268 fischer11.fischer.local.
_gc._tcp.Default-First-Site-Name._sites.fischer.local has SRV record 0 0 3268 fischer12.fischer.local.
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.fischer.local has SRV record 0 0 3268 fischer12.fischer.local.
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.fischer.local has SRV record 0 100 3268 fischer11.fischer.local.
_kerberos.fischer.local descriptive text "FISCHER.LOCAL"
I can confirm @externa1’s statement. On an UCS 4.1-4 Backup in the same testing environment it’s all fine:
Essential DNS Check 4.1-4
root@backup-42-18:~# /usr/share/univention-samba4/scripts/check_essential_samba4_dns_records.sh
gc._msdcs.nvsx.local has address 10.200.42.10
gc._msdcs.nvsx.local has address 10.200.42.11
gc._msdcs.nvsx.local has address 10.200.43.12
gc._msdcs.nvsx.local has address 10.200.42.12
gc._msdcs.nvsx.local has address 10.200.42.16
gc._msdcs.nvsx.local has address 10.200.42.18
_gc._tcp.nvsx.local has SRV record 0 100 3268 slave-42-16.nvsx.local.
_gc._tcp.nvsx.local has SRV record 0 100 3268 backup-42-12.nvsx.local.
_gc._tcp.nvsx.local has SRV record 0 100 3268 backup-42-18.nvsx.local.
_gc._tcp.nvsx.local has SRV record 0 100 3268 master-42-10.nvsx.local.
_gc._tcp.nvsx.local has SRV record 0 100 3268 slave-42-11.nvsx.local.
_ldap._tcp.gc._msdcs.nvsx.local has SRV record 0 100 3268 backup-42-12.nvsx.local.
_ldap._tcp.gc._msdcs.nvsx.local has SRV record 0 100 3268 backup-42-18.nvsx.local.
_ldap._tcp.gc._msdcs.nvsx.local has SRV record 0 100 3268 master-42-10.nvsx.local.
_ldap._tcp.gc._msdcs.nvsx.local has SRV record 0 100 3268 slave-42-11.nvsx.local.
_ldap._tcp.gc._msdcs.nvsx.local has SRV record 0 100 3268 slave-42-16.nvsx.local.
_ldap._tcp.nvsx.local has SRV record 0 100 389 backup-42-12.nvsx.local.
_ldap._tcp.nvsx.local has SRV record 0 100 389 slave-42-11.nvsx.local.
_ldap._tcp.nvsx.local has SRV record 0 100 389 slave-42-16.nvsx.local.
_ldap._tcp.nvsx.local has SRV record 0 100 389 backup-42-18.nvsx.local.
_ldap._tcp.nvsx.local has SRV record 0 100 389 master-42-10.nvsx.local.
_ldap._tcp.dc._msdcs.nvsx.local has SRV record 0 100 389 master-42-10.nvsx.local.
_ldap._tcp.dc._msdcs.nvsx.local has SRV record 0 100 389 backup-42-12.nvsx.local.
_ldap._tcp.dc._msdcs.nvsx.local has SRV record 0 100 389 slave-42-11.nvsx.local.
_ldap._tcp.dc._msdcs.nvsx.local has SRV record 0 100 389 slave-42-16.nvsx.local.
_ldap._tcp.dc._msdcs.nvsx.local has SRV record 0 100 389 backup-42-18.nvsx.local.
_ldap._tcp.pdc._msdcs.nvsx.local has SRV record 0 100 389 master-42-10.nvsx.local.
_ldap._tcp.2fb30aa2-73d6-423f-a57b-d6bf9e53b1a1.domains._msdcs.nvsx.local has SRV record 0 100 389 backup-42-18.nvsx.local.
_ldap._tcp.2fb30aa2-73d6-423f-a57b-d6bf9e53b1a1.domains._msdcs.nvsx.local has SRV record 0 100 389 master-42-10.nvsx.local.
_ldap._tcp.2fb30aa2-73d6-423f-a57b-d6bf9e53b1a1.domains._msdcs.nvsx.local has SRV record 0 100 389 backup-42-12.nvsx.local.
_ldap._tcp.2fb30aa2-73d6-423f-a57b-d6bf9e53b1a1.domains._msdcs.nvsx.local has SRV record 0 100 389 slave-42-11.nvsx.local.
_ldap._tcp.2fb30aa2-73d6-423f-a57b-d6bf9e53b1a1.domains._msdcs.nvsx.local has SRV record 0 100 389 slave-42-16.nvsx.local.
_kerberos._tcp.dc._msdcs.nvsx.local has SRV record 0 100 88 master-42-10.nvsx.local.
_kerberos._tcp.dc._msdcs.nvsx.local has SRV record 0 100 88 backup-42-12.nvsx.local.
_kerberos._tcp.dc._msdcs.nvsx.local has SRV record 0 100 88 slave-42-11.nvsx.local.
_kerberos._tcp.dc._msdcs.nvsx.local has SRV record 0 100 88 slave-42-16.nvsx.local.
_kerberos._tcp.dc._msdcs.nvsx.local has SRV record 0 100 88 backup-42-18.nvsx.local.
_kerberos._tcp.nvsx.local has SRV record 0 100 88 master-42-10.nvsx.local.
_kerberos._tcp.nvsx.local has SRV record 0 100 88 backup-42-12.nvsx.local.
_kerberos._tcp.nvsx.local has SRV record 0 100 88 slave-42-11.nvsx.local.
_kerberos._tcp.nvsx.local has SRV record 0 100 88 slave-42-16.nvsx.local.
_kerberos._tcp.nvsx.local has SRV record 0 100 88 backup-42-18.nvsx.local.
_kerberos._udp.nvsx.local has SRV record 0 100 88 slave-42-16.nvsx.local.
_kerberos._udp.nvsx.local has SRV record 0 100 88 backup-42-18.nvsx.local.
_kerberos._udp.nvsx.local has SRV record 0 100 88 master-42-10.nvsx.local.
_kerberos._udp.nvsx.local has SRV record 0 100 88 backup-42-12.nvsx.local.
_kerberos._udp.nvsx.local has SRV record 0 100 88 slave-42-11.nvsx.local.
_kpasswd._tcp.nvsx.local has SRV record 0 100 464 backup-42-18.nvsx.local.
_kpasswd._tcp.nvsx.local has SRV record 0 100 464 master-42-10.nvsx.local.
_kpasswd._tcp.nvsx.local has SRV record 0 100 464 backup-42-12.nvsx.local.
_kpasswd._tcp.nvsx.local has SRV record 0 100 464 slave-42-11.nvsx.local.
_kpasswd._tcp.nvsx.local has SRV record 0 100 464 slave-42-16.nvsx.local.
_kpasswd._udp.nvsx.local has SRV record 0 100 464 backup-42-12.nvsx.local.
_kpasswd._udp.nvsx.local has SRV record 0 100 464 slave-42-11.nvsx.local.
_kpasswd._udp.nvsx.local has SRV record 0 100 464 slave-42-16.nvsx.local.
_kpasswd._udp.nvsx.local has SRV record 0 100 464 backup-42-18.nvsx.local.
_kpasswd._udp.nvsx.local has SRV record 0 100 464 master-42-10.nvsx.local.
_kerberos.nvsx.local descriptive text "NVSX.LOCAL"
I think there is something wrong on DNS Server query it looks like the UCS4.2 requests the entries from external DNS server instead of local
If i remove the external dns server entries i get following output:
root@CKCUCS1:~# /usr/share/univention-samba4/scripts/check_essential_samba4_dns_records.sh
Host gc._msdcs not found: 2(SERVFAIL)
Host _gc._tcp not found: 2(SERVFAIL)
Host _ldap._tcp.gc._msdcs not found: 2(SERVFAIL)
Host _ldap._tcp not found: 2(SERVFAIL)
Host _ldap._tcp.dc._msdcs not found: 2(SERVFAIL)
Host _ldap._tcp.pdc._msdcs not found: 2(SERVFAIL)
Host _ldap._tcp.31aeb93a-0b70-4591-a197-4c1b2ca087d4.domains._msdcs not found: 2(SERVFAIL)
Host _kerberos._tcp.dc._msdcs not found: 2(SERVFAIL)
Host _kerberos._tcp not found: 2(SERVFAIL)
Host _kerberos._udp not found: 2(SERVFAIL)
Host _kpasswd._tcp not found: 2(SERVFAIL)
Host _kpasswd._udp not found: 2(SERVFAIL)
Located DC ‘CKCUCS1’ in site ‘Default-First-Site-Name’
Located DC ‘CKCUCS2’ in site ‘Default-First-Site-Name’
Host f41a48a2-21b1-464f-bf84-3c64144a3547._msdcs not found: 2(SERVFAIL)
Host c8c04722-4c28-4bad-abb3-6b24be933df8._msdcs not found: 2(SERVFAIL)
Records for site Default-First-Site-Name:
Host _ldap._tcp.Default-First-Site-Name._sites not found: 2(SERVFAIL)
Host _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs not found: 2(SERVFAIL)
Host _kerberos._tcp.Default-First-Site-Name._sites not found: 2(SERVFAIL)
Host _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs not found: 2(SERVFAIL)
Optional GC Records for site Default-First-Site-Name:
Host _gc._tcp.Default-First-Site-Name._sites not found: 2(SERVFAIL)
Host _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs not found: 2(SERVFAIL)
No _kerberos TXT record (ok)
If i do this from workstation (win10 domain joined) it works
C:\Users\ck.CKC>ping gc._msdcs.ckc.local
Ping wird ausgeführt für gc._msdcs.ckc.local [192.168.2.101] mit 32 Bytes Daten:
Antwort von 192.168.2.101: Bytes=32 Zeit<1ms TTL=64
Antwort von 192.168.2.101: Bytes=32 Zeit<1ms TTL=64
Antwort von 192.168.2.101: Bytes=32 Zeit<1ms TTL=64
Antwort von 192.168.2.101: Bytes=32 Zeit<1ms TTL=64
Ping-Statistik für 192.168.2.101:
Pakete: Gesendet = 4, Empfangen = 4, Verloren = 0
(0% Verlust),
Ca. Zeitangaben in Millisek.:
Minimum = 0ms, Maximum = 0ms, Mittelwert = 0ms
where the successfull reply on the workstation comes from 192.168.2.101 which is CKCUCS2 (DC-Backup with samba4) so it seems that on UCS4.2 console the local DNS server is ignored or so
In the DNS System everything is fine! The DNS-Records are in the Directory (OpenLDAP as well as SambaAD).
The Problem is that DNS Requests must be FQDN - we surely will fix this in the Script and publish a fix by an upcoming Erratum.
I am facing a similar problem, I downloaded iso 4.4 (the newest on the site) and put a Univention as Backup, it was working perfectly in a subsidiary, but after updating the security packages from 4.4-4, the DNS entries _ldap._tcp .dc._msdcs have stopped working.
None, really something complicated. This Univention is in this old version until today because of this problem, I haven’t updated it yet.
Today I started the process of updating some Univentions and I am afraid of giving this problem back, so much so that in all of them I am generating a backup and snapshot of the VM to restore the previous version in case of problems.