DNS Problem Block internet acess to users

dns

#1

Hello
I have a standalone ucs server only with
image
image

Problem with DNS service is blocking internet access to users
This is the DNS server set for all the users in the network
Here is the output of “service bind9 status”

● bind9.service - BIND Domain Name Server with samba4 backend
   Loaded: loaded (/lib/systemd/system/bind9.service; enabled; vendor preset: enabled)
  Drop-In: /etc/systemd/system/bind9.service.d
           └─10-configure-backend.conf
   Active: active (running) since Fri 2018-07-13 08:20:30 EEST; 3 days ago
     Docs: man:named(8)
  Process: 26110 ExecStop=/usr/lib/univention-bind/samba4 stop (code=exited, status=1/FAILURE)
  Process: 26119 ExecStartPost=/usr/lib/univention-bind/samba4 wait-for-startup (code=exited, status=0/SUCCESS)
  Process: 26116 ExecStartPre=/bin/systemctl stop univention-bind-ldap.service (code=exited, status=0/SUCCESS)
 Main PID: 26118 (named)
    Tasks: 5 (limit: 4915)
   Memory: 52.3M
      CPU: 2min 18.344s
   CGroup: /system.slice/bind9.service
           └─26118 /usr/sbin/named -c /etc/bind/named.conf.samba4 -f -d 4

Jul 16 08:24:07 AD named[26118]: socket: file descriptor exceeds limit (4440/4096)
Jul 16 08:24:07 AD named[26118]: socket: file descriptor exceeds limit (4440/4096)
Jul 16 08:24:07 AD named[26118]: socket: file descriptor exceeds limit (4440/4096)
Jul 16 08:24:07 AD named[26118]: socket: file descriptor exceeds limit (4440/4096)
Jul 16 08:24:08 AD named[26118]: socket: file descriptor exceeds limit (4440/4096)
Jul 16 08:24:08 AD named[26118]: socket: file descriptor exceeds limit (4440/4096)
Jul 16 08:24:08 AD named[26118]: socket: file descriptor exceeds limit (4440/4096)
Jul 16 08:24:08 AD named[26118]: socket: file descriptor exceeds limit (4440/4096)
Jul 16 08:24:08 AD named[26118]: socket: file descriptor exceeds limit (4440/4096)
Jul 16 08:24:08 AD named[26118]: socket: file descriptor exceeds limit (4440/4096)

Restart the service is working fine (but only for 24 hours)
Have a nice day


#2

Hi,

This points to some high load or only half-started queries from clients. How many clients do you have? Is there a firewall between the clients and the UCS?

What DNS-Servers are your clients configured to use? Just this one or some additional ones?

/KNEBB


#3

20 clients
On clients is instaled bitdefender total security 2018 but the firewall is set to alow all tcp and udp conections from DNS
The clients are set to use only this DNS server. no aditional ones


#4

Hey,

when this happens again, run the following command:

lsof -c named -nP

It’ll list the open file descriptors for the named binary. Look for anything unusual, especially if there are a lot of established TCP connections and where they’re established to. On a normal system (in your network with ~50 machines that use this DNS server) I usually see ~200 regular files (type REG) such as libraries etc, and pretty much no established TCP connections (as they should only be established while a query is being resolved).

Kind regards
mosu


#5

this is the output of comand “lsof -c named -nP”

COMMAND  PID USER   FD      TYPE             DEVICE SIZE/OFF    NODE NAME
named   4686 root  cwd       DIR              254,0     4096       2 /
named   4686 root  rtd       DIR              254,0     4096       2 /
named   4686 root  txt       REG              254,0   649560  288881 /usr/sbin/named
named   4686 root  mem       REG              254,0  4247552  292537 /var/lib/samba/private/sam.ldb.d/DC=FORESTDNSZONES,DC=AD,DC=LOCAL.ldb
named   4686 root  mem       REG              254,0 10383360  292535 /var/lib/samba/private/sam.ldb.d/CN=SCHEMA,CN=CONFIGURATION,DC=AD,DC=LOCAL.ldb
named   4686 root  mem       REG              254,0 10383360  292534 /var/lib/samba/private/sam.ldb.d/CN=CONFIGURATION,DC=AD,DC=LOCAL.ldb
named   4686 root  mem       REG              254,0  4247552  815725 /var/lib/samba/private/sam.ldb
named   4686 root  mem       REG              254,0  4247552  292533 /var/lib/samba/private/sam.ldb.d/DC=AD,DC=LOCAL.ldb
named   4686 root  mem       REG              254,0  4247552  292536 /var/lib/samba/private/sam.ldb.d/DC=DOMAINDNSZONES,DC=AD,DC=LOCAL.ldb
named   4686 root  mem       REG              254,0   831488  292532 /var/lib/samba/private/sam.ldb.d/metadata.tdb
named   4686 root  mem       REG              254,0    59304  270883 /usr/lib/x86_64-linux-gnu/ldb/modules/ldb/tdb.so
named   4686 root  mem       REG              254,0    10152  270882 /usr/lib/x86_64-linux-gnu/ldb/modules/ldb/skel.so
named   4686 root  mem       REG              254,0    14248  270881 /usr/lib/x86_64-linux-gnu/ldb/modules/ldb/server_sort.so
named   4686 root  mem       REG              254,0    10240  270880 /usr/lib/x86_64-linux-gnu/ldb/modules/ldb/sample.so
named   4686 root  mem       REG              254,0    10152  277759 /usr/lib/x86_64-linux-gnu/samba/ldb/wins_ldb.so
named   4686 root  mem       REG              254,0    18344  277758 /usr/lib/x86_64-linux-gnu/samba/ldb/vlv.so
named   4686 root  mem       REG              254,0    18344  277757 /usr/lib/x86_64-linux-gnu/samba/ldb/update_keytab.so
named   4686 root  mem       REG              254,0    14248  277756 /usr/lib/x86_64-linux-gnu/samba/ldb/tombstone_reanimate.so
named   4686 root  mem       REG              254,0    10152  277755 /usr/lib/x86_64-linux-gnu/samba/ldb/subtree_rename.so
named   4686 root  mem       REG              254,0    10152  277754 /usr/lib/x86_64-linux-gnu/samba/ldb/subtree_delete.so
named   4686 root  mem       REG              254,0    30656  277753 /usr/lib/x86_64-linux-gnu/samba/ldb/simple_ldap_map.so
named   4686 root  mem       REG              254,0    10152  277752 /usr/lib/x86_64-linux-gnu/samba/ldb/simple_dn.so
named   4686 root  mem       REG              254,0    10152  277751 /usr/lib/x86_64-linux-gnu/samba/ldb/show_deleted.so
named   4686 root  mem       REG              254,0    22448  272944 /usr/lib/x86_64-linux-gnu/samba/libsmb-transport.so.0
named   4686 root  mem       REG              254,0    10232  272959 /usr/lib/x86_64-linux-gnu/samba/libutil-reg.so.0
named   4686 root  mem       REG              254,0   186360  272868 /usr/lib/x86_64-linux-gnu/samba/libcli-smb-common.so.0
named   4686 root  mem       REG              254,0    10160  272848 /usr/lib/x86_64-linux-gnu/samba/libCHARSET3.so.0
named   4686 root  mem       REG              254,0     5992  272949 /usr/lib/x86_64-linux-gnu/samba/libsmbd-shim.so.0
named   4686 root  mem       REG              254,0    42928  272936 /usr/lib/x86_64-linux-gnu/samba/libsamba3-util.so.0
named   4686 root  mem       REG              254,0   617712  272833 /usr/lib/x86_64-linux-gnu/libsmbconf.so.0
named   4686 root  mem       REG              254,0    96176  272938 /usr/lib/x86_64-linux-gnu/samba/libsecrets3.so.0
named   4686 root  mem       REG              254,0    18344  277750 /usr/lib/x86_64-linux-gnu/samba/ldb/secrets_tdb_sync.so
named   4686 root  mem       REG              254,0    22880  277749 /usr/lib/x86_64-linux-gnu/samba/ldb/schema_load.so
named   4686 root  mem       REG              254,0    18344  277748 /usr/lib/x86_64-linux-gnu/samba/ldb/schema_data.so
named   4686 root  mem       REG              254,0    63400  277747 /usr/lib/x86_64-linux-gnu/samba/ldb/samldb.so
named   4686 root  mem       REG              254,0    10152  277746 /usr/lib/x86_64-linux-gnu/samba/ldb/samba_secrets.so
named   4686 root  mem       REG              254,0    23040  277745 /usr/lib/x86_64-linux-gnu/samba/ldb/samba_dsdb.so
named   4686 root  mem       REG              254,0    10152  277744 /usr/lib/x86_64-linux-gnu/samba/ldb/samba3sid.so
named   4686 root  mem       REG              254,0    10160  272951 /usr/lib/x86_64-linux-gnu/samba/libsmbpasswdparser.so.0
named   4686 root  mem       REG              254,0    34728  277743 /usr/lib/x86_64-linux-gnu/samba/ldb/samba3sam.so
named   4686 root  mem       REG              254,0    30712  272864 /usr/lib/x86_64-linux-gnu/samba/libcli-cldap.so.0
named   4686 root  mem       REG              254,0    71592  276937 /usr/lib/x86_64-linux-gnu/samba/ldb/rootdse.so
named   4686 root  mem       REG              254,0    14248  276936 /usr/lib/x86_64-linux-gnu/samba/ldb/resolve_oids.so
named   4686 root  mem       REG              254,0   120960  276935 /usr/lib/x86_64-linux-gnu/samba/ldb/repl_meta_data.so
named   4686 root  mem       REG              254,0    10152  276934 /usr/lib/x86_64-linux-gnu/samba/ldb/ranged_results.so
named   4686 root  mem       REG              254,0    75928  267645 /usr/lib/x86_64-linux-gnu/libassuan.so.0.7.3
named   4686 root  mem       REG              254,0   281672  291381 /usr/lib/x86_64-linux-gnu/libgpgme.so.11.17.0
named   4686 root  mem       REG              254,0    39256  524485 /lib/x86_64-linux-gnu/libcrypt-2.24.so
named   4686 root  mem       REG              254,0    63400  276933 /usr/lib/x86_64-linux-gnu/samba/ldb/password_hash.so
named   4686 root  mem       REG              254,0    55208  276932 /usr/lib/x86_64-linux-gnu/samba/ldb/partition.so
named   4686 root  mem       REG              254,0    30720  276931 /usr/lib/x86_64-linux-gnu/samba/ldb/operational.so
named   4686 root  mem       REG              254,0    10152  276930 /usr/lib/x86_64-linux-gnu/samba/ldb/objectguid.so
named   4686 root  mem       REG              254,0    18400  276929 /usr/lib/x86_64-linux-gnu/samba/ldb/objectclass_attrs.so
named   4686 root  mem       REG              254,0    30632  276928 /usr/lib/x86_64-linux-gnu/samba/ldb/objectclass.so
named   4686 root  mem       REG              254,0    10152  276927 /usr/lib/x86_64-linux-gnu/samba/ldb/new_partition.so
named   4686 root  mem       REG              254,0    22440  276926 /usr/lib/x86_64-linux-gnu/samba/ldb/local_password.so
named   4686 root  mem       REG              254,0    26536  276925 /usr/lib/x86_64-linux-gnu/samba/ldb/linked_attributes.so
named   4686 root  mem       REG              254,0     6064  272872 /usr/lib/x86_64-linux-gnu/samba/libcmdline-credentials.so.0
named   4686 root  mem       REG              254,0    20216  276924 /usr/lib/x86_64-linux-gnu/samba/ldb/ldbsamba_extensions.so
named   4686 root  mem       REG              254,0    10152  276923 /usr/lib/x86_64-linux-gnu/samba/ldb/lazy_commit.so
named   4686 root  mem       REG              254,0    10152  276922 /usr/lib/x86_64-linux-gnu/samba/ldb/instancetype.so
named   4686 root  mem       REG              254,0    38832  272867 /usr/lib/x86_64-linux-gnu/samba/libcli-nbt.so.0
named   4686 root  mem       REG              254,0    43000  272853 /usr/lib/x86_64-linux-gnu/samba/libaddns.so.0
named   4686 root  mem       REG              254,0    75792  272866 /usr/lib/x86_64-linux-gnu/samba/libcli-ldap.so.0
named   4686 root  mem       REG              254,0    18344  276920 /usr/lib/x86_64-linux-gnu/samba/ldb/ildap.so
named   4686 root  mem       REG              254,0    14280  276917 /usr/lib/x86_64-linux-gnu/samba/ldb/extended_dn_store.so
named   4686 root  mem       REG              254,0    22504  276916 /usr/lib/x86_64-linux-gnu/samba/ldb/extended_dn_out.so
named   4686 root  mem       REG              254,0    18376  276915 /usr/lib/x86_64-linux-gnu/samba/ldb/extended_dn_in.so
named   4686 root  mem       REG              254,0    10152  276914 /usr/lib/x86_64-linux-gnu/samba/ldb/dsdb_notification.so
named   4686 root  mem       REG              254,0    51112  276913 /usr/lib/x86_64-linux-gnu/samba/ldb/dns_notify.so
named   4686 root  mem       REG              254,0    26536  276912 /usr/lib/x86_64-linux-gnu/samba/ldb/dirsync.so
named   4686 root  mem       REG              254,0    30632  276911 /usr/lib/x86_64-linux-gnu/samba/ldb/descriptor.so
named   4686 root  mem       REG              254,0    14248  276910 /usr/lib/x86_64-linux-gnu/samba/ldb/anr.so
named   4686 root  mem       REG              254,0    18368  276909 /usr/lib/x86_64-linux-gnu/samba/ldb/aclread.so
named   4686 root  mem       REG              254,0   129016  272807 /usr/lib/x86_64-linux-gnu/libdcerpc-binding.so.0.0.1
named   4686 root  mem       REG              254,0    10160  272954 /usr/lib/x86_64-linux-gnu/samba/libtalloc-report.so.0
named   4686 root  mem       REG              254,0  1554432  272914 /usr/lib/x86_64-linux-gnu/samba/libndr-samba4.so.0
named   4686 root  mem       REG              254,0    22448  272919 /usr/lib/x86_64-linux-gnu/samba/libnetif.so.0
named   4686 root  mem       REG              254,0    26616  272852 /usr/lib/x86_64-linux-gnu/samba/libMESSAGING.so.0
named   4686 root  mem       REG              254,0    75840  272883 /usr/lib/x86_64-linux-gnu/samba/libdsdb-module.so.0
named   4686 root  mem       REG              254,0    39072  276908 /usr/lib/x86_64-linux-gnu/samba/ldb/acl.so
named   4686 root  mem       REG              254,0    14248  270879 /usr/lib/x86_64-linux-gnu/ldb/modules/ldb/rdn_name.so
named   4686 root  mem       REG              254,0    14272  270878 /usr/lib/x86_64-linux-gnu/ldb/modules/ldb/paged_searches.so
named   4686 root  mem       REG              254,0    14248  270877 /usr/lib/x86_64-linux-gnu/ldb/modules/ldb/paged_results.so
named   4686 root  mem       REG              254,0    18344  270876 /usr/lib/x86_64-linux-gnu/ldb/modules/ldb/ldap.so
named   4686 root  mem       REG              254,0    10152  270875 /usr/lib/x86_64-linux-gnu/ldb/modules/ldb/asq.so
named   4686 root  mem       REG              254,0    30664  272847 /usr/lib/x86_64-linux-gnu/samba/gensec/krb5.so
named   4686 root  mem       REG              254,0    10088  272909 /usr/lib/x86_64-linux-gnu/samba/libmsghdr.so.0
named   4686 root  mem       REG              254,0    35296  268279 /usr/lib/x86_64-linux-gnu/libffi.so.6.0.4
named   4686 root  mem       REG              254,0    79936  518197 /lib/x86_64-linux-gnu/libgpg-error.so.0.21.0
named   4686 root  mem       REG              254,0   468920  518217 /lib/x86_64-linux-gnu/libpcre.so.3.13.3
named   4686 root  mem       REG              254,0     5992  272960 /usr/lib/x86_64-linux-gnu/samba/libutil-setid.so.0
named   4686 root  mem       REG              254,0    14256  272940 /usr/lib/x86_64-linux-gnu/samba/libserver-id-db.so.0
named   4686 root  mem       REG              254,0    42928  272907 /usr/lib/x86_64-linux-gnu/samba/libmessages-dgm.so.0
named   4686 root  mem       REG              254,0     5992  272908 /usr/lib/x86_64-linux-gnu/samba/libmessages-util.so.0
named   4686 root  mem       REG              254,0    10160  272955 /usr/lib/x86_64-linux-gnu/samba/libtdb-wrap.so.0
named   4686 root  mem       REG              254,0   537448  265819 /usr/lib/x86_64-linux-gnu/libgmp.so.10.3.2
named   4686 root  mem       REG              254,0   216776  270083 /usr/lib/x86_64-linux-gnu/libhogweed.so.4.3
named   4686 root  mem       REG              254,0   224504  270035 /usr/lib/x86_64-linux-gnu/libnettle.so.6.3
named   4686 root  mem       REG              254,0    75776  270074 /usr/lib/x86_64-linux-gnu/libtasn1.so.6.5.3
named   4686 root  mem       REG              254,0   210968  518326 /lib/x86_64-linux-gnu/libidn.so.11.6.16
named   4686 root  mem       REG              254,0   411688  270066 /usr/lib/x86_64-linux-gnu/libp11-kit.so.0.2.0
named   4686 root  mem       REG              254,0   161904  272962 /usr/lib/x86_64-linux-gnu/samba/libwind-samba4.so.0.0.0
named   4686 root  mem       REG              254,0   289464  272895 /usr/lib/x86_64-linux-gnu/samba/libhx509-samba4.so.5.0.0
named   4686 root  mem       REG              254,0  1112184  518258 /lib/x86_64-linux-gnu/libgcrypt.so.20.1.6
named   4686 root  mem       REG              254,0    72024  260658 /usr/lib/x86_64-linux-gnu/liblz4.so.1.7.1
named   4686 root  mem       REG              254,0   155400  518219 /lib/x86_64-linux-gnu/libselinux.so.1
named   4686 root  mem       REG              254,0    51872  270895 /usr/lib/x86_64-linux-gnu/libjansson.so.4.9.0
named   4686 root  mem       REG              254,0    10160  272850 /usr/lib/x86_64-linux-gnu/samba/libMESSAGING-SEND.so.0
named   4686 root  mem       REG              254,0    88072  270862 /usr/lib/x86_64-linux-gnu/libtdb.so.1.3.15
named   4686 root  mem       REG              254,0    14856  272892 /usr/lib/x86_64-linux-gnu/samba/libheimbase-samba4.so.1.0.0
named   4686 root  mem       REG              254,0   207480  272891 /usr/lib/x86_64-linux-gnu/samba/libhcrypto-samba4.so.5.0.1
named   4686 root  mem       REG              254,0   527984  272857 /usr/lib/x86_64-linux-gnu/samba/libasn1-samba4.so.8.0.0
named   4686 root  mem       REG              254,0    51592  272928 /usr/lib/x86_64-linux-gnu/samba/libroken-samba4.so.19.0.1
named   4686 root  mem       REG              254,0    14264  272667 /usr/lib/x86_64-linux-gnu/samba/libwinbind-client.so.0
named   4686 root  mem       REG              254,0    89064  524491 /lib/x86_64-linux-gnu/libnsl-2.24.so
named   4686 root  mem       REG              254,0    10160  272896 /usr/lib/x86_64-linux-gnu/samba/libinterfaces.so.0
named   4686 root  mem       REG              254,0     6064  272897 /usr/lib/x86_64-linux-gnu/samba/libiov-buf.so.0
named   4686 root  mem       REG              254,0    88056  272817 /usr/lib/x86_64-linux-gnu/libndr-nbt.so.0.0.1
named   4686 root  mem       REG              254,0    14256  272961 /usr/lib/x86_64-linux-gnu/samba/libutil-tdb.so.0
named   4686 root  mem       REG              254,0    42928  272877 /usr/lib/x86_64-linux-gnu/samba/libdbwrap.so.0
named   4686 root  mem       REG              254,0   182736  272901 /usr/lib/x86_64-linux-gnu/samba/libldbsamba.so.0
named   4686 root  mem       REG              254,0  1670752  268284 /usr/lib/x86_64-linux-gnu/libgnutls.so.30.13.1
named   4686 root  mem       REG              254,0   448904  272898 /usr/lib/x86_64-linux-gnu/samba/libkrb5-samba4.so.26.0.0
named   4686 root  mem       REG              254,0    55288  272815 /usr/lib/x86_64-linux-gnu/libndr-krb5pac.so.0.0.1
named   4686 root  mem       REG              254,0   557552  518242 /lib/x86_64-linux-gnu/libsystemd.so.0.17.0
named   4686 root  mem       REG              254,0    31744  524504 /lib/x86_64-linux-gnu/librt-2.24.so
named   4686 root  mem       REG              254,0    10088  272953 /usr/lib/x86_64-linux-gnu/samba/libsys-rw.so.0
named   4686 root  mem       REG              254,0     5992  272659 /usr/lib/x86_64-linux-gnu/samba/libreplace.so.0
named   4686 root  mem       REG              254,0    84200  518698 /lib/x86_64-linux-gnu/libbsd.so.0.8.3
named   4686 root  mem       REG              254,0    30640  272876 /usr/lib/x86_64-linux-gnu/samba/libcommon-auth.so.0
named   4686 root  mem       REG              254,0    47024  272899 /usr/lib/x86_64-linux-gnu/samba/libkrb5samba.so.0
named   4686 root  mem       REG              254,0     6064  272886 /usr/lib/x86_64-linux-gnu/samba/libgenrand.so.0
named   4686 root  mem       REG              254,0     6064  272956 /usr/lib/x86_64-linux-gnu/samba/libtime-basic.so.0
named   4686 root  mem       REG              254,0    79792  272870 /usr/lib/x86_64-linux-gnu/samba/libcliauth.so.0
named   4686 root  mem       REG              254,0    22448  272858 /usr/lib/x86_64-linux-gnu/samba/libasn1util.so.0
named   4686 root  mem       REG              254,0   203504  272890 /usr/lib/x86_64-linux-gnu/samba/libgssapi-samba4.so.2.0.0
named   4686 root  mem       REG              254,0    10160  272931 /usr/lib/x86_64-linux-gnu/samba/libsamba-modules.so.0
named   4686 root  mem       REG              254,0    10168  272874 /usr/lib/x86_64-linux-gnu/samba/libcom_err-samba4.so.0.25
named   4686 root  mem       REG              254,0    55216  272647 /usr/lib/x86_64-linux-gnu/libwbclient.so.0.14
named   4686 root  mem       REG              254,0     6136  272941 /usr/lib/x86_64-linux-gnu/samba/libserver-role.so.0
named   4686 root  mem       REG              254,0  3295224  272818 /usr/lib/x86_64-linux-gnu/libndr-standard.so.0.0.1
named   4686 root  mem       REG              254,0    64464  270867 /usr/lib/x86_64-linux-gnu/libtevent.so.0.9.35
named   4686 root  mem       REG              254,0    10160  272836 /usr/lib/x86_64-linux-gnu/libtevent-util.so.0.0.1
named   4686 root  mem       REG              254,0     5992  272952 /usr/lib/x86_64-linux-gnu/samba/libsocket-blocking.so.0
named   4686 root  mem       REG              254,0   120920  272934 /usr/lib/x86_64-linux-gnu/samba/libsamba-security.so.0
named   4686 root  mem       REG              254,0    92152  272819 /usr/lib/x86_64-linux-gnu/libndr.so.0.1.0
named   4686 root  mem       REG              254,0    96248  272935 /usr/lib/x86_64-linux-gnu/samba/libsamba-sockets.so.0
named   4686 root  mem       REG              254,0  1271800  272913 /usr/lib/x86_64-linux-gnu/samba/libndr-samba.so.0
named   4686 root  mem       REG              254,0    30640  272865 /usr/lib/x86_64-linux-gnu/samba/libcli-ldap-common.so.0
named   4686 root  mem       REG              254,0     6064  272885 /usr/lib/x86_64-linux-gnu/samba/libflag-mapping.so.0
named   4686 root  mem       REG              254,0    52432  518728 /lib/x86_64-linux-gnu/libpopt.so.0.0.0
named   4686 root  mem       REG              254,0    79792  270857 /usr/lib/x86_64-linux-gnu/libtalloc.so.2.1.11
named   4686 root  mem       REG              254,0   194616  270884 /usr/lib/x86_64-linux-gnu/libldb.so.1.2.3
named   4686 root  mem       REG              254,0     6064  272884 /usr/lib/x86_64-linux-gnu/samba/libevents.so.0
named   4686 root  mem       REG              254,0    75696  272822 /usr/lib/x86_64-linux-gnu/libsamba-credentials.so.0.0.1
named   4686 root  mem       REG              254,0    22832  272930 /usr/lib/x86_64-linux-gnu/samba/libsamba-debug.so.0
named   4686 root  mem       REG              254,0    96856  272832 /usr/lib/x86_64-linux-gnu/libsamdb.so.0.0.1
named   4686 root  mem       REG              254,0   104480  272863 /usr/lib/x86_64-linux-gnu/samba/libauthkrb5.so.0
named   4686 root  mem       REG              254,0  1349624  272823 /usr/lib/x86_64-linux-gnu/libsamba-errors.so.1
named   4686 root  mem       REG              254,0   481472  272831 /usr/lib/x86_64-linux-gnu/libsamba-util.so.0.0.1
named   4686 root  mem       REG              254,0   170056  272887 /usr/lib/x86_64-linux-gnu/samba/libgensec.so.0
named   4686 root  mem       REG              254,0   176064  272825 /usr/lib/x86_64-linux-gnu/libsamba-hostconfig.so.0.0.1
named   4686 root  mem       REG              254,0    26616  272881 /usr/lib/x86_64-linux-gnu/samba/libdnsserver-common.so.0
named   4686 root  mem       REG              254,0   178216  272937 /usr/lib/x86_64-linux-gnu/samba/libsamdb-common.so.0
named   4686 root  mem       REG              254,0    43000  272844 /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_10.so
named   4686 root  mem       REG              254,0    92584  518151 /lib/x86_64-linux-gnu/libgcc_s.so.1
named   4686 root  mem       REG              254,0  1566168  269212 /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.22
named   4686 root  mem       REG              254,0   154376  518215 /lib/x86_64-linux-gnu/liblzma.so.5.2.2
named   4686 root  mem       REG              254,0   105088  518254 /lib/x86_64-linux-gnu/libz.so.1.2.8
named   4686 root  mem       REG              254,0 25675624  276805 /usr/lib/x86_64-linux-gnu/libicudata.so.57.1
named   4686 root  mem       REG              254,0  1727216  276812 /usr/lib/x86_64-linux-gnu/libicuuc.so.57.1
named   4686 root  mem       REG              254,0  2591816  276806 /usr/lib/x86_64-linux-gnu/libicui18n.so.57.1
named   4686 root  mem       REG              254,0  2686672  271560 /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
named   4686 root  mem       REG              254,0   442920  271561 /usr/lib/x86_64-linux-gnu/libssl.so.1.1
named   4686 root  mem       REG              254,0   109296  270102 /usr/lib/x86_64-linux-gnu/libsasl2.so.2.0.25
named   4686 root  mem       REG              254,0    14256  518718 /lib/x86_64-linux-gnu/libkeyutils.so.1.5
named   4686 root  mem       REG              254,0    48152  269835 /usr/lib/x86_64-linux-gnu/libkrb5support.so.0.1
named   4686 root  mem       REG              254,0  1689360  524481 /lib/x86_64-linux-gnu/libc-2.24.so
named   4686 root  mem       REG              254,0  1809656  271024 /usr/lib/x86_64-linux-gnu/libxml2.so.2.9.4
named   4686 root  mem       REG              254,0   202936  266985 /usr/lib/x86_64-linux-gnu/libGeoIP.so.1.6.9
named   4686 root  mem       REG              254,0  1063328  524487 /lib/x86_64-linux-gnu/libm-2.24.so
named   4686 root  mem       REG              254,0   135440  524502 /lib/x86_64-linux-gnu/libpthread-2.24.so
named   4686 root  mem       REG              254,0    22768  518309 /lib/x86_64-linux-gnu/libcap.so.2.25
named   4686 root  mem       REG              254,0    14640  524486 /lib/x86_64-linux-gnu/libdl-2.24.so
named   4686 root  mem       REG              254,0    84848  524503 /lib/x86_64-linux-gnu/libresolv-2.24.so
named   4686 root  mem       REG              254,0    59576  270118 /usr/lib/x86_64-linux-gnu/liblber-2.4.so.2.10.8
named   4686 root  mem       REG              254,0   327088  270119 /usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2.10.8
named   4686 root  mem       REG              254,0   475192  269881 /usr/lib/x86_64-linux-gnu/libisc.so.160.0.0
named   4686 root  mem       REG              254,0    39136  269909 /usr/lib/x86_64-linux-gnu/libisccc.so.140.0.4
named   4686 root  mem       REG              254,0   159128  269915 /usr/lib/x86_64-linux-gnu/libisccfg.so.140.3.0
named   4686 root  mem       REG              254,0    59304  267039 /usr/lib/x86_64-linux-gnu/libbind9.so.140.0.10
named   4686 root  mem       REG              254,0  2492224  271212 /usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.2
named   4686 root  mem       REG              254,0    14248  518201 /lib/x86_64-linux-gnu/libcom_err.so.2.1
named   4686 root  mem       REG              254,0   203656  269841 /usr/lib/x86_64-linux-gnu/libk5crypto.so.3.1
named   4686 root  mem       REG              254,0   892616  269850 /usr/lib/x86_64-linux-gnu/libkrb5.so.3.3
named   4686 root  mem       REG              254,0   305688  267009 /usr/lib/x86_64-linux-gnu/libgssapi_krb5.so.2.2
named   4686 root  mem       REG              254,0  2065344  267025 /usr/lib/x86_64-linux-gnu/libdns.so.162.1.3
named   4686 root  mem       REG              254,0    75712  269921 /usr/lib/x86_64-linux-gnu/liblwres.so.141.0.3
named   4686 root  mem       REG              254,0   153288  524473 /lib/x86_64-linux-gnu/ld-2.24.so
named   4686 root    0r      CHR                1,3      0t0    1034 /dev/null
named   4686 root    1u     unix 0xffff97309afec800      0t0 5961251 type=STREAM
named   4686 root    2u     unix 0xffff97309afec800      0t0 5961251 type=STREAM
named   4686 root    3u     unix 0xffff973038113000      0t0 5962223 type=DGRAM
named   4686 root    4u      CHR                1,3      0t0    1034 /dev/null
named   4686 root    5u      REG              254,0      520  795664 /var/tmp/DNS_0
named   4686 root    6r     FIFO               0,10      0t0 5962224 pipe
named   4686 root    7w     FIFO               0,10      0t0 5962224 pipe
named   4686 root    8u  a_inode               0,11        0    7637 [eventpoll]
named   4686 root    9u  a_inode               0,11        0    7637 [eventpoll]
named   4686 root   10u      REG              254,0  4247552  815725 /var/lib/samba/private/sam.ldb
named   4686 root   11u      REG              254,0  4247552  292533 /var/lib/samba/private/sam.ldb.d/DC=AD,DC=LOCAL.ldb
named   4686 root   12u      REG              254,0 10383360  292534 /var/lib/samba/private/sam.ldb.d/CN=CONFIGURATION,DC=AD,DC=LOCAL.ldb
named   4686 root   13u      REG              254,0 10383360  292535 /var/lib/samba/private/sam.ldb.d/CN=SCHEMA,CN=CONFIGURATION,DC=AD,DC=LOCAL.ldb
named   4686 root   14u      REG              254,0  4247552  292536 /var/lib/samba/private/sam.ldb.d/DC=DOMAINDNSZONES,DC=AD,DC=LOCAL.ldb
named   4686 root   15u      REG              254,0  4247552  292537 /var/lib/samba/private/sam.ldb.d/DC=FORESTDNSZONES,DC=AD,DC=LOCAL.ldb
named   4686 root   16u      REG              254,0   831488  292532 /var/lib/samba/private/sam.ldb.d/metadata.tdb
named   4686 root   17r      CHR                1,9      0t0    1039 /dev/urandom
named   4686 root   19u      REG              254,0      520  795664 /var/tmp/DNS_0
named   4686 root   20u  netlink                         0t0 5961283 ROUTE
named   4686 root   21u     IPv4            5962236      0t0     TCP 127.0.0.1:53 (LISTEN)
named   4686 root   22u     IPv4            5962238      0t0     TCP 10.4.10.201:53 (LISTEN)
named   4686 root   23u     IPv4            5962240      0t0     TCP 172.17.42.1:53 (LISTEN)
named   4686 root   24u     IPv4            5961287      0t0     TCP 127.0.0.1:953 (LISTEN)
named   4686 root   25rR     REG              254,0      812  815848 /var/lib/samba/private/dns.keytab
named   4686 root   26rR     REG              254,0      812  815848 /var/lib/samba/private/dns.keytab
named   4686 root   27rR     REG              254,0      812  815848 /var/lib/samba/private/dns.keytab
named   4686 root   28rR     REG              254,0      812  815848 /var/lib/samba/private/dns.keytab
named   4686 root   29rR     REG              254,0      812  815848 /var/lib/samba/private/dns.keytab
.
.
.
named   4686 root  508rR     REG              254,0      812  815848 /var/lib/samba/private/dns.keytab
named   4686 root  509rR     REG              254,0      812  815848 /var/lib/samba/private/dns.keytab
named   4686 root  510rR     REG              254,0      812  815848 /var/lib/samba/private/dns.keytab
named   4686 root  511rR     REG              254,0      812  815848 /var/lib/samba/private/dns.keytab
named   4686 root  512u     IPv4            5962235      0t0     UDP 127.0.0.1:53
named   4686 root  513u     IPv4            5962235      0t0     UDP 127.0.0.1:53
named   4686 root  514u     IPv4            5962237      0t0     UDP 10.4.10.201:53
named   4686 root  515u     IPv4            5962237      0t0     UDP 10.4.10.201:53
named   4686 root  516u     IPv4            5962239      0t0     UDP 172.17.42.1:53
named   4686 root  517u     IPv4            5962239      0t0     UDP 172.17.42.1:53
named   4686 root  518rR     REG              254,0      812  815848 /var/lib/samba/private/dns.keytab
named   4686 root  519rR     REG              254,0      812  815848 /var/lib/samba/private/dns.keytab
named   4686 root  520rR     REG              254,0      812  815848 /var/lib/samba/private/dns.keytab
named   4686 root  521rR     REG              254,0      812  815848 /var/lib/samba/private/dns.keytab
.
.
.
.
named   4686 root 1757rR     REG              254,0      812  815848 /var/lib/samba/private/dns.keytab
named   4686 root 1758rR     REG              254,0      812  815848 /var/lib/samba/private/dns.keytab
named   4686 root 1759rR     REG              254,0      812  815848 /var/lib/samba/private/dns.keytab
named   4686 root 1760rR     REG              254,0      812  815848 /var/lib/samba/private/dns.keytab
named   4686 root 1761rR     REG              254,0      812  815848 /var/lib/samba/private/dns.keytab
named   4686 root 1762rR     REG              254,0      812  815848 /var/lib/samba/private/dns.keytab
named   4686 root 1763rR     REG              254,0      812  815848 /var/lib/samba/private/dns.keytab
named   4686 root 1764rR     REG              254,0      812  815848 /var/lib/samba/private/dns.keytab
named   4686 root 1765rR     REG              254,0      812  815848 /var/lib/samba/private/dns.keytab

#6

it crased
run the command and the same problem as last post
is flooding with named dns.keytab
3494 root 4972rR REG 254,0 812 815848 /var/lib/samba/private/dns.keytab
dns.keytab is the DB for AD ?


#7

Possibly some issue with Kerberos as it opens the dns.keytab so often.

What’s the output of
kinit -t /var/lib/samba/private/dns.keytab dns-$(hostname)?

If you see a “Password incorrect” reset it by
samba-tool user setpassword --newpassword="$(ldbsearch -H /var/lib/samba/private/secrets.ldb samAccountName=dns-$(hostname) secret | sed -ne 's/^secret: //p')" --filter=samaccountname=dns-$(hostname)

Just if it does not help you might want to re-create the dns.keytab completely:

root@dcs1:~# keytab=/var/lib/samba/private/dns.keytab
root@dcs1:~# mv $keytab $keytab.$(date '+%Y%m%d%H%M%S')
root@dcs1:~# samba-tool domain exportkeytab $keytab --principal DNS/$(hostname).$(ucr get domainname)
root@dcs1:~# samba-tool domain exportkeytab $keytab "--principal=dns-$(hostname)@$(ucr get kerberos/realm)"
root@dcs1:~# kinit -t /var/lib/samba/private/dns.keytab dns-$(hostname)

Greetings

/KNEBB


#8

output

kinit: krb5_init_creds_set_keytab: Failed to find dns-AD?@AD.LOCAL in keytab FILE:/var/lib/samba/private/dns.keytab (unknown enctype)

#9

Hi,
as written before:

/KNÉBB


#10

Hi,
I just realized your are using “ad.local” as domain name? Did you just install your server from scratch? If so and there is not yet too much configured I would recommend to re-install the server and use a domain name NOT ending with “.local”!
The .local domain has a different meaning in mDNS/ Bonjour part and can cause issues in DNS-Domains.

Use whatever you like- but do NOT let it end with “.local”!

/KNEBB


#11

Hey,

That quotation mark looks fishy. Does your hostname contain non-ASCII characters? Can you please post the output of the following command:

hostname|od -t x1

Thanks.


#12
root@AD:~# hostname|od -t x1
0000000 41 44 0a
0000003

#13

OK, then your hostname is really just ad. That’s fine.


#14

I have reinstaled the server with the domain name “server.domain.lan” and is working fine, after a week no problems

Thanks