Bug 52811 - Samba dlz_bind9 fails to load zone with DNS_TYPE_WINS data
Samba dlz_bind9 fails to load zone with DNS_TYPE_WINS data
Status: NEW
Product: UCS
Classification: Unclassified
Component: Samba4
UCS 4.4
Other Linux
: P5 normal (vote)
: ---
Assigned To: Samba maintainers
Samba maintainers
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2021-02-19 11:45 CET by Arvid Requate
Modified: 2021-02-19 11:49 CET (History)
1 user (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 5: Major Usability: Impairs usability in key scenarios
Who will be affected by this bug?: 1: Will affect a very few installed domains
How will those affected feel about the bug?: 5: Blocking further progress on the daily work
User Pain: 0.143
Enterprise Customer affected?: Yes
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number: 2021021821000223
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Arvid Requate univentionstaff 2021-02-19 11:45:31 CET
In a support case the bind9 nameserver failed to load the '_msdcs' zone from DC=ForestDnsZones:
=============================================================
Feb 18 07:44:51 dc named[8180]: samba_dlz: trying partition 'CN=MicrosoftDNS,DC=ForestDnsZones,DC=foo,DC=bar'
Feb 18 07:44:51 dc named[8180]: samba_dlz b9_format: unhandled record type 65281
Feb 18 07:44:51 dc named[8180]: zone _msdcs.foo.bar/NONE: could not find NS and/or SOA records
Feb 18 07:44:51 dc named[8180]: zone _msdcs.foo.bar/NONE: has 0 SOA records
Feb 18 07:44:51 dc named[8180]: zone _msdcs.foo.bar/NONE: has no NS records
Feb 18 07:44:51 dc named[8180]: samba_dlz: Failed to configure zone '_msdcs.foo.bar'
Feb 18 07:44:51 dc named[8180]: loading configuration: bad zone
Feb 18 07:44:51 dc named[8180]: exiting (due to fatal error)
Feb 18 07:44:51 dc systemd[1]: bind9.service: Main process exited, code=exited, status=1/FAILURE
=============================================================

The Samba/AD LDAP object storing the SOA record data had the required DNS_TYPE_SOA data though:
=============================================================
dc: @
dnsRecord:     NDR: struct dnsp_DnssrvRpcRecord
        wDataLength              : 0x0023 (35)
        wType                    : DNS_TYPE_NS (2)
        version                  : 0x05 (5)
        rank                     : DNS_RANK_ZONE (240)
        flags                    : 0x0000 (0)
        dwSerial                 : 0x0000001d (29)
        dwTtlSeconds             : 0x00000e10 (3600)
        dwReserved               : 0x00000000 (0)
        dwTimeStamp              : 0x00000000 (0)
        data                     : union dnsRecordData(case 2)
        ns                       : server.foo.bar

dnsRecord:     NDR: struct dnsp_DnssrvRpcRecord
        wDataLength              : 0x005e (94)
        wType                    : DNS_TYPE_SOA (6)
        version                  : 0x05 (5)
        rank                     : DNS_RANK_ZONE (240)
        flags                    : 0x0000 (0)
        dwSerial                 : 0x0000001d (29)
        dwTtlSeconds             : 0x00000e10 (3600)
        dwReserved               : 0x00000000 (0)
        dwTimeStamp              : 0x00000000 (0)
        data                     : union dnsRecordData(case 6)
        soa: struct dnsp_soa
            serial                   : 0x00000022 (34)
            refresh                  : 0x00000384 (900)
            retry                    : 0x00000258 (600)
            expire                   : 0x00015180 (86400)
            minimum                  : 0x00000e10 (3600)
            mname                    : server.foo.bar
            rname                    : hostmaster.foo.bar
dnsRecord:     NDR: struct dnsp_DnssrvRpcRecord
        wDataLength              : 0x0014 (20)
        wType                    : DNS_TYPE_WINS (65281)
        version                  : 0x05 (5)
        rank                     : DNS_RANK_ZONE (240)
        flags                    : 0x0000 (0)
        dwSerial                 : 0x0000001d (29)
        dwTtlSeconds             : 0x00000000 (0)
        dwReserved               : 0x00000000 (0)
        dwTimeStamp              : 0x00000000 (0)
        data                     : union dnsRecordData(case 65281)
        data                     : DATA_BLOB length=20
[0000] 00 00 00 00 02 00 00 00   10 0E 00 00 01 00 00 00   ........ ........
[0010] C0 A8 12 01                                        ....

whenChanged: 20190330112357.0Z
uSNChanged: 4888
=============================================================

Looks like the dlz_bind9.c module is disturbed by the DNS_TYPE_WINS record. Removing that dnsRecord data with ldbedit/modify made bind9 accept the zone again. 
A quick look into the module shows that there's a switch statement in b9_format which doesn't handle DNS_TYPE_WINS (also not yet in Samba 4.13.4).
Comment 1 Christina Scheinig univentionstaff 2021-02-19 11:49:35 CET
https://wiki.samba.org/index.php/BIND9_DLZ_DNS_Back_End 

says to this:
Starting Bind9 DNS Server fails with "unhandled record type 65281" (Windows AD + Samba AD)

If when starting Bind9 DNS Server you see something like:

samba_dlz: starting configure
samba_dlz b9_format: unhandled record type 65281
zone example.local/NONE: could not find NS and/or SOA records
zone example.local/NONE: has 0 SOA records
zone example.local/NONE: has no NS records
samba_dlz: Failed to configure zone 'example.local'


This is likely caused because you have a Windows Server Active Directory that has WINS entries and you are joining it. To fix it, you have to disable WINS resolving in DNS of Windows Server DC direct search zones, restart Samba AD service, reload DNS config samba_upgradedns --dns-backend=BIND9_DLZ, and then, restart Bind9 service."


So in this case afaik the server was taken over from an SBS Server.