Bind funktioniert nicht korrekt

DBGTMaster · September 25, 2013, 6:53am

Hallo,

ich habe eine Umgebung mit 5 Samba4- Servern, auf diese läuft Samba4- DNS auch problemlos.

Auf den Servern, auf welche kein Samba4 installiert ist, und somit OpenLDAP als DNS Backend verwendet wird, gibt es Probleme beim auflösen des DNS von internen Einträge.

[code]root@test02:/var/cache/bind# nslookup test01
;; Got SERVFAIL reply from 192.168.0.2, trying next server
Server: 192.168.0.1
Address: 192.168.0.1#53

Name: test01.domain.local
Address: 192.168.0.1[/code]
192.168.0.2 -> OpenLDAP DNS
192.168.0.1 -> Samba4 DNS.

bind Ausgabe beim Start:

Sep 25 08:52:20 test02 named[2516]: starting BIND 9.8.0-P4 -c /etc/bind/named.conf -p 7777 -u bind -f -d 0 Sep 25 08:52:20 test02 named[2516]: built with '--prefix=/usr' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' '--with-dlz-postgres=no' '--with-dlz-mysql=no' '--with-dlz-bdb=yes' '--with-dlz-filesystem=yes' '--with-dlz-ldap=yes' '--with-dlz-stub=yes' '--with-dlz-dlopen' '--with-geoip=/usr' '--enable-ipv6' 'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2' 'LDFLAGS=' 'CPPFLAGS=' Sep 25 08:52:20 test02 named[2516]: adjusted limit on open files from 4096 to 1048576 Sep 25 08:52:20 test02 named[2516]: found 8 CPUs, using 8 worker threads Sep 25 08:52:20 test02 named[2516]: using up to 4096 sockets Sep 25 08:52:20 test02 named[2516]: loading configuration from '/etc/bind/named.conf' Sep 25 08:52:20 test02 named[2516]: reading built-in trusted keys from file '/etc/bind/bind.keys' Sep 25 08:52:20 test02 named[2516]: using default UDP/IPv4 port range: [1024, 65535] Sep 25 08:52:20 test02 named[2516]: using default UDP/IPv6 port range: [1024, 65535] Sep 25 08:52:20 test02 named[2516]: listening on IPv6 interfaces, port 7777 Sep 25 08:52:20 test02 named[2516]: listening on IPv4 interface lo, 127.0.0.1#7777 Sep 25 08:52:20 test02 named[2516]: listening on IPv4 interface eth1, 192.168.1.2#7777 Sep 25 08:52:20 test02 named[2516]: listening on IPv4 interface eth0, 192.168.0.2#7777 Sep 25 08:52:20 test02 named[2516]: generating session key for dynamic DNS Sep 25 08:52:20 test02 named[2516]: set up managed keys zone for view _default, file 'managed-keys.bind' Sep 25 08:52:20 test02 named[2516]: automatic empty zone: 0.IN-ADDR.ARPA Sep 25 08:52:20 test02 named[2516]: automatic empty zone: 127.IN-ADDR.ARPA Sep 25 08:52:20 test02 named[2516]: automatic empty zone: 254.169.IN-ADDR.ARPA Sep 25 08:52:20 test02 named[2516]: automatic empty zone: 2.0.192.IN-ADDR.ARPA Sep 25 08:52:20 test02 named[2516]: automatic empty zone: 100.51.198.IN-ADDR.ARPA Sep 25 08:52:20 test02 named[2516]: automatic empty zone: 113.0.203.IN-ADDR.ARPA Sep 25 08:52:20 test02 named[2516]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA Sep 25 08:52:20 test02 named[2516]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA Sep 25 08:52:20 test02 named[2516]: automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA Sep 25 08:52:20 test02 named[2516]: automatic empty zone: D.F.IP6.ARPA Sep 25 08:52:20 test02 named[2516]: automatic empty zone: 8.E.F.IP6.ARPA Sep 25 08:52:20 test02 named[2516]: automatic empty zone: 9.E.F.IP6.ARPA Sep 25 08:52:20 test02 named[2516]: automatic empty zone: A.E.F.IP6.ARPA Sep 25 08:52:20 test02 named[2516]: automatic empty zone: B.E.F.IP6.ARPA Sep 25 08:52:20 test02 named[2516]: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA Sep 25 08:52:20 test02 named[2516]: command channel listening on 127.0.0.1#55555 Sep 25 08:52:20 test02 named[2516]: managed-keys-zone ./IN: loading from master file managed-keys.bind failed: file not found Sep 25 08:52:20 test02 named[2516]: managed-keys-zone ./IN: loaded serial 0 Sep 25 08:52:20 test02 named[2516]: running Sep 25 08:52:25 test02 named[2544]: starting BIND 9.8.0-P4 -c /etc/bind/named.conf.proxy -u bind -f -d 0 Sep 25 08:52:25 test02 named[2544]: built with '--prefix=/usr' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' '--with-dlz-postgres=no' '--with-dlz-mysql=no' '--with-dlz-bdb=yes' '--with-dlz-filesystem=yes' '--with-dlz-ldap=yes' '--with-dlz-stub=yes' '--with-dlz-dlopen' '--with-geoip=/usr' '--enable-ipv6' 'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2' 'LDFLAGS=' 'CPPFLAGS=' Sep 25 08:52:25 test02 named[2544]: adjusted limit on open files from 4096 to 1048576 Sep 25 08:52:25 test02 named[2544]: found 8 CPUs, using 8 worker threads Sep 25 08:52:25 test02 named[2544]: using up to 4096 sockets Sep 25 08:52:25 test02 named[2544]: loading configuration from '/etc/bind/named.conf.proxy' Sep 25 08:52:25 test02 named[2544]: reading built-in trusted keys from file '/etc/bind/bind.keys' Sep 25 08:52:25 test02 named[2544]: using default UDP/IPv4 port range: [1024, 65535] Sep 25 08:52:25 test02 named[2544]: using default UDP/IPv6 port range: [1024, 65535] Sep 25 08:52:25 test02 named[2544]: listening on IPv6 interfaces, port 53 Sep 25 08:52:25 test02 named[2544]: listening on IPv4 interface lo, 127.0.0.1#53 Sep 25 08:52:25 test02 named[2544]: listening on IPv4 interface eth1, 192.168.1.2#53 Sep 25 08:52:25 test02 named[2544]: listening on IPv4 interface eth0, 192.168.0.2#53 Sep 25 08:52:25 test02 named[2544]: generating session key for dynamic DNS Sep 25 08:52:25 test02 named[2544]: set up managed keys zone for view _default, file 'managed-keys.bind' Sep 25 08:52:25 test02 named[2544]: automatic empty zone: 254.169.IN-ADDR.ARPA Sep 25 08:52:25 test02 named[2544]: automatic empty zone: 2.0.192.IN-ADDR.ARPA Sep 25 08:52:25 test02 named[2544]: automatic empty zone: 100.51.198.IN-ADDR.ARPA Sep 25 08:52:25 test02 named[2544]: automatic empty zone: 113.0.203.IN-ADDR.ARPA Sep 25 08:52:25 test02 named[2544]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA Sep 25 08:52:25 test02 named[2544]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA Sep 25 08:52:25 test02 named[2544]: automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA Sep 25 08:52:25 test02 named[2544]: automatic empty zone: D.F.IP6.ARPA Sep 25 08:52:25 test02 named[2544]: automatic empty zone: 8.E.F.IP6.ARPA Sep 25 08:52:25 test02 named[2544]: automatic empty zone: 9.E.F.IP6.ARPA Sep 25 08:52:25 test02 named[2544]: automatic empty zone: A.E.F.IP6.ARPA Sep 25 08:52:25 test02 named[2544]: automatic empty zone: B.E.F.IP6.ARPA Sep 25 08:52:25 test02 named[2544]: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA Sep 25 08:52:25 test02 named[2544]: command channel listening on 127.0.0.1#953 Sep 25 08:52:25 test02 named[2544]: zone 0.in-addr.arpa/IN: loaded serial 1 Sep 25 08:52:25 test02 named[2544]: zone 127.in-addr.arpa/IN: loaded serial 1 Sep 25 08:52:25 test02 named[2544]: zone 0.168.192.in-addr.arpa/IN: loaded serial 60 Sep 25 08:52:25 test02 named[2544]: zone 10.168.192.in-addr.arpa/IN: loaded serial 8 Sep 25 08:52:25 test02 named[2544]: zone 11.168.192.in-addr.arpa/IN: loaded serial 8 Sep 25 08:52:25 test02 named[2544]: zone 12.168.192.in-addr.arpa/IN: loaded serial 3 Sep 25 08:52:25 test02 named[2544]: zone 2.168.192.in-addr.arpa/IN: loaded serial 15 Sep 25 08:52:25 test02 named[2544]: zone 32.168.192.in-addr.arpa/IN: loaded serial 7 Sep 25 08:52:25 test02 named[2544]: zone 255.in-addr.arpa/IN: loaded serial 1 Sep 25 08:52:25 test02 named[2544]: domain.local.zone:85: gc._msdcs.domain.local: bad owner name (check-names) Sep 25 08:52:25 test02 named[2544]: domain.local.zone:86: gc._msdcs.domain.local: bad owner name (check-names) Sep 25 08:52:25 test02 named[2544]: domain.local.zone:87: gc._msdcs.domain.local: bad owner name (check-names) Sep 25 08:52:25 test02 named[2544]: domain.local.zone:88: gc._msdcs.domain.local: bad owner name (check-names) Sep 25 08:52:25 test02 named[2544]: domain.local.zone:89: gc._msdcs.domain.local: bad owner name (check-names) Sep 25 08:52:25 test02 named[2544]: domain.local.zone:90: gc._msdcs.domain.local: bad owner name (check-names) Sep 25 08:52:25 test02 named[2544]: domain.local.zone:91: gc._msdcs.domain.local: bad owner name (check-names) Sep 25 08:52:25 test02 named[2544]: domain.local.zone:92: gc._msdcs.domain.local: bad owner name (check-names) Sep 25 08:52:25 test02 named[2544]: domain.local.zone:93: gc._msdcs.domain.local: bad owner name (check-names) Sep 25 08:52:25 test02 named[2544]: domain.local.zone:94: gc._msdcs.domain.local: bad owner name (check-names) Sep 25 08:52:25 test02 named[2544]: domain.local.zone:95: gc._msdcs.domain.local: bad owner name (check-names) Sep 25 08:52:25 test02 named[2544]: domain.local.zone:96: gc._msdcs.domain.local: bad owner name (check-names) Sep 25 08:52:25 test02 named[2544]: zone domain.local/IN: loaded serial 496 Sep 25 08:52:25 test02 named[2544]: zone localhost/IN: loaded serial 2 Sep 25 08:52:25 test02 named[2544]: managed-keys-zone ./IN: loading from master file managed-keys.bind failed: file not found Sep 25 08:52:25 test02 named[2544]: managed-keys-zone ./IN: loaded serial 0 Sep 25 08:52:25 test02 named[2544]: running Sep 25 08:52:25 test02 named[2544]: zone 10.168.192.in-addr.arpa/IN: sending notifies (serial 8) Sep 25 08:52:25 test02 named[2544]: zone 11.168.192.in-addr.arpa/IN: sending notifies (serial 8) Sep 25 08:52:25 test02 named[2544]: zone 2.168.192.in-addr.arpa/IN: sending notifies (serial 15) Sep 25 08:52:25 test02 named[2544]: zone domain.local/IN: expired Sep 25 08:52:25 test02 named[2544]: zone 0.168.192.in-addr.arpa/IN: sending notifies (serial 60)

Was kann ich tun?

greif · October 1, 2013, 10:30am

Hallo,

Das Problem ist in [bug]30705[/bug] bereits erfaßt. Im Bug findet man auch einen Workaround.

Gruß
Frank Greif.

DBGTMaster · October 15, 2013, 11:51am

Hilft leider nichts, desweitere erhalte ich im Log- File:

Oct 15 13:48:44 server named[21848]: transfer of 'domain.local/IN' from 127.0.0.1#7777: connected using 127.0.0.1#58956 Oct 15 13:48:44 server named[21848]: transfer of 'domain.local/IN' from 127.0.0.1#7777: failed while receiving responses: SERVFAIL Oct 15 13:48:44 server named[21848]: transfer of 'domain.local/IN' from 127.0.0.1#7777: Transfer completed: 0 messages, 0 records, 0 bytes, 0.142 secs (0 bytes/sec) Oct 15 13:48:54 server named[21848]: client 127.0.0.1#21104: received notify for zone 'domain.local' Oct 15 13:48:54 server named[21848]: zone domain.local/IN: Transfer started. Oct 15 13:48:54 server named[21848]: transfer of 'domain.local/IN' from 127.0.0.1#7777: connected using 127.0.0.1#60692 Oct 15 13:48:54 server named[21848]: transfer of 'domain.local/IN' from 127.0.0.1#7777: failed while receiving responses: SERVFAIL Oct 15 13:48:54 server named[21848]: transfer of 'domain.local/IN' from 127.0.0.1#7777: Transfer completed: 0 messages, 0 records, 0 bytes, 0.137 secs (0 bytes/sec)

ahrnke · October 17, 2013, 11:40am

Hallo,
gemäß

Oct 15 13:48:44 server named[21848]: transfer of 'domain.local/IN' from 127.0.0.1#7777: failed while receiving responses: SERVFAIL

funktioniert schon der lokale DNS-Master für die Zone nicht.
Verifizierbar ist das mit

dig @127.0.0.1 -p 7777 domain.local axfr

Man könnte jetzt entweder den Loglevel erhöhen (ucr set dns/debug/level=99) oder gleich nachsehen, ob die Konfiguration in /etc/bind/univention.conf.d/domain.local sinnvoll ist (LDAP erreichbar, User und Passwort korrekt).

Viele Grüße,
Dirk Ahrnke