Univention Bugzilla – Bug 52811
Samba dlz_bind9 fails to load zone with DNS_TYPE_WINS data
Last modified: 2021-02-19 11:49:35 CET
In a support case the bind9 nameserver failed to load the '_msdcs' zone from DC=ForestDnsZones: ============================================================= Feb 18 07:44:51 dc named[8180]: samba_dlz: trying partition 'CN=MicrosoftDNS,DC=ForestDnsZones,DC=foo,DC=bar' Feb 18 07:44:51 dc named[8180]: samba_dlz b9_format: unhandled record type 65281 Feb 18 07:44:51 dc named[8180]: zone _msdcs.foo.bar/NONE: could not find NS and/or SOA records Feb 18 07:44:51 dc named[8180]: zone _msdcs.foo.bar/NONE: has 0 SOA records Feb 18 07:44:51 dc named[8180]: zone _msdcs.foo.bar/NONE: has no NS records Feb 18 07:44:51 dc named[8180]: samba_dlz: Failed to configure zone '_msdcs.foo.bar' Feb 18 07:44:51 dc named[8180]: loading configuration: bad zone Feb 18 07:44:51 dc named[8180]: exiting (due to fatal error) Feb 18 07:44:51 dc systemd[1]: bind9.service: Main process exited, code=exited, status=1/FAILURE ============================================================= The Samba/AD LDAP object storing the SOA record data had the required DNS_TYPE_SOA data though: ============================================================= dc: @ dnsRecord: NDR: struct dnsp_DnssrvRpcRecord wDataLength : 0x0023 (35) wType : DNS_TYPE_NS (2) version : 0x05 (5) rank : DNS_RANK_ZONE (240) flags : 0x0000 (0) dwSerial : 0x0000001d (29) dwTtlSeconds : 0x00000e10 (3600) dwReserved : 0x00000000 (0) dwTimeStamp : 0x00000000 (0) data : union dnsRecordData(case 2) ns : server.foo.bar dnsRecord: NDR: struct dnsp_DnssrvRpcRecord wDataLength : 0x005e (94) wType : DNS_TYPE_SOA (6) version : 0x05 (5) rank : DNS_RANK_ZONE (240) flags : 0x0000 (0) dwSerial : 0x0000001d (29) dwTtlSeconds : 0x00000e10 (3600) dwReserved : 0x00000000 (0) dwTimeStamp : 0x00000000 (0) data : union dnsRecordData(case 6) soa: struct dnsp_soa serial : 0x00000022 (34) refresh : 0x00000384 (900) retry : 0x00000258 (600) expire : 0x00015180 (86400) minimum : 0x00000e10 (3600) mname : server.foo.bar rname : hostmaster.foo.bar dnsRecord: NDR: struct dnsp_DnssrvRpcRecord wDataLength : 0x0014 (20) wType : DNS_TYPE_WINS (65281) version : 0x05 (5) rank : DNS_RANK_ZONE (240) flags : 0x0000 (0) dwSerial : 0x0000001d (29) dwTtlSeconds : 0x00000000 (0) dwReserved : 0x00000000 (0) dwTimeStamp : 0x00000000 (0) data : union dnsRecordData(case 65281) data : DATA_BLOB length=20 [0000] 00 00 00 00 02 00 00 00 10 0E 00 00 01 00 00 00 ........ ........ [0010] C0 A8 12 01 .... whenChanged: 20190330112357.0Z uSNChanged: 4888 ============================================================= Looks like the dlz_bind9.c module is disturbed by the DNS_TYPE_WINS record. Removing that dnsRecord data with ldbedit/modify made bind9 accept the zone again. A quick look into the module shows that there's a switch statement in b9_format which doesn't handle DNS_TYPE_WINS (also not yet in Samba 4.13.4).
https://wiki.samba.org/index.php/BIND9_DLZ_DNS_Back_End says to this: Starting Bind9 DNS Server fails with "unhandled record type 65281" (Windows AD + Samba AD) If when starting Bind9 DNS Server you see something like: samba_dlz: starting configure samba_dlz b9_format: unhandled record type 65281 zone example.local/NONE: could not find NS and/or SOA records zone example.local/NONE: has 0 SOA records zone example.local/NONE: has no NS records samba_dlz: Failed to configure zone 'example.local' This is likely caused because you have a Windows Server Active Directory that has WINS entries and you are joining it. To fix it, you have to disable WINS resolving in DNS of Windows Server DC direct search zones, restart Samba AD service, reload DNS config samba_upgradedns --dns-backend=BIND9_DLZ, and then, restart Bind9 service." So in this case afaik the server was taken over from an SBS Server.