Bug 40494
| Summary: | bind9 doesn't show *._msdcs DNS records after univention-ad-takeover | ||
|---|---|---|---|
| Product: | UCS | Reporter: | Arvid Requate <requate> |
| Component: | AD Takeover | Assignee: | Samba maintainers <samba-maintainers> |
| Status: | RESOLVED DUPLICATE | QA Contact: | |
| Severity: | normal | ||
| Priority: | P5 | CC: | birkefeld, botner, gohmann, grandjean, petersen, requate, thorp-hansen |
| Version: | UCS 4.1 | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Linux | ||
| What kind of report is it?: | Bug Report | What type of bug is this?: | 3: Simply Wrong: The implementation doesn't match the docu |
| Who will be affected by this bug?: | 2: Will only affect a few installed domains | How will those affected feel about the bug?: | 2: A Pain – users won’t like this once they notice it |
| User Pain: | 0.069 | Enterprise Customer affected?: | Yes |
| School Customer affected?: | ISV affected?: | ||
| Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
| Ticket number: | 2016121921000285 | Bug group (optional): | Troubleshooting |
| Max CVSS v3 score: | |||
| Bug Depends on: | 34184 | ||
| Bug Blocks: | |||
| Attachments: | move_cn_system_dns_zones.sh | ||
Bug #43692 contains an updated version of this script. *** This bug has been marked as a duplicate of bug 43692 *** |
Created attachment 7429 [details] move_cn_system_dns_zones.sh There have been two reported cases where DNS records in the _msdcs zone were not resolvable after an AD takeover (e.g. Ticket#: 2015121721000414). In this situation /var/log/syslog shows the following messages: ============================================================ Jan 18 20:00:48 master named[7097]: samba_dlz: trying partition 'CN=MicrosoftDNS,CN=System,DC=foo,DC=local' Jan 18 20:00:48 master named[7097]: samba_dlz: configured writeable zone '1.168.192.in-addr.arpa' Jan 18 20:00:48 master named[7097]: samba_dlz: pre-W2k3 zone found ============================================================ The message "pre-W2k3 zone found" shows, that the dlz_bind9 module found a DNS zone in Samba/AD below the DN 'CN=MicrosoftDNS,CN=System,DC=foo,DC=local'. In cases like these the C code ignores _msdcs zones located below other partitions, like DC=ForestDnsZones: ============================================================ Jan 18 20:00:48 master named[7097]: samba_dlz: Ignoring dnsZone _msdcs.foo.local ============================================================ As a first step the attached script may be used to fix this issue manually. It searches for '(&(objectClass=dnsZone)(!(dc=RootDNSServers)))' below CN=System.