[opensuse] bind errors managed-keys-zone 12.1
Can anyone explain these errors? They have appeared in named after I installed Samba 4. I think it may be something to do with the chroot as I had to move some other stuff from where it was into /var/lib/named to get it recognised from /etc/named.conf. Nov 29 20:49:23 hh3 named[5000]: managed-keys-zone ./IN: loading from master file managed-keys.bind failed: file not found Nov 29 20:49:23 hh3 named[5000]: managed-keys-zone ./IN: loaded serial 0 Nov 29 20:49:23 hh3 named[4952]: Starting name server BIND ..done Nov 29 20:49:23 hh3 named[5000]: running As I'm doing my bit testing an alpha, I need to know whether this is going to interfere with the tests. As it stands, so far everything seems to work but the errors with named remain. /etc/named.conf: options { directory "/var/lib/named"; dump-file "/var/log/named_dump.db"; statistics-file "/var/log/named.stats"; listen-on-v6 { any; }; notify no; disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA"; include "/etc/named.d/forwarders.conf"; }; zone "." in { type hint; file "root.hint"; }; zone "localhost" in { type master; file "localhost.zone"; }; zone "0.0.127.in-addr.arpa" in { type master; file "127.0.0.zone"; }; zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" in { type master; file "127.0.0.zone"; }; and here is /etc/named.conf.samba4 zone "hh3.site." IN { type master; file "/var/lib/named/master/hh3.site.zone"; /* * the list of principals and what they can change is created * dynamically by Samba, based on the membership of the domain controllers * group. The provision just creates this file as an empty file. */ /* we need to use check-names ignore so _msdcs A records can be created */ check-names ignore; }; Finally: grep -v ';' /var/lib/named/master/hh3.site.zone $ORIGIN hh3.site. $TTL 1W @ IN SOA hh3 hostmaster ( IN NS hh3 IN A 192.168.1.3 hh3 IN A 192.168.1.3 gc._msdcs IN A 192.168.1.3 d5c2683c-ef5a-4b73-85f7-fc40c942b103._msdcs IN CNAME hh3 _gc._tcp IN SRV 0 100 3268 hh3 _gc._tcp.Default-First-Site-Name._sites IN SRV 0 100 3268 hh3 _ldap._tcp.gc._msdcs IN SRV 0 100 3268 hh3 _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs IN SRV 0 100 3268 hh3 _ldap._tcp IN SRV 0 100 389 hh3 _ldap._tcp.dc._msdcs IN SRV 0 100 389 hh3 _ldap._tcp.pdc._msdcs IN SRV 0 100 389 hh3 _ldap._tcp.b6c05992-f842-4934-8374-153bf4475482.domains._msdcs IN SRV 0 100 389 hh3 _ldap._tcp.Default-First-Site-Name._sites IN SRV 0 100 389 hh3 _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs IN SRV 0 100 389 hh3 _kerberos._tcp IN SRV 0 100 88 hh3 _kerberos._tcp.dc._msdcs IN SRV 0 100 88 hh3 _kerberos._tcp.Default-First-Site-Name._sites IN SRV 0 100 88 hh3 _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs IN SRV 0 100 88 hh3 _kerberos._udp IN SRV 0 100 88 hh3 _kerberos-master._tcp IN SRV 0 100 88 hh3 _kerberos-master._udp IN SRV 0 100 88 hh3 _kpasswd._tcp IN SRV 0 100 464 hh3 _kpasswd._udp IN SRV 0 100 464 hh3 _kerberos IN TXT HH3.SITE Thanks L x -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 30/11/11 08:42, lynn wrote:
Can anyone explain these errors? They have appeared in named after I installed Samba 4. I think it may be something to do with the chroot as I had to move some other stuff from where it was into /var/lib/named to get it recognised from /etc/named.conf.
Nov 29 20:49:23 hh3 named[5000]: managed-keys-zone ./IN: loading from master file managed-keys.bind failed: file not found Nov 29 20:49:23 hh3 named[5000]: managed-keys-zone ./IN: loaded serial 0 Nov 29 20:49:23 hh3 named[4952]: Starting name server BIND ..done Nov 29 20:49:23 hh3 named[5000]: running
As I'm doing my bit testing an alpha, I need to know whether this is going to interfere with the tests. As it stands, so far everything seems to work but the errors with named remain.
/etc/named.conf:
options { directory "/var/lib/named"; dump-file "/var/log/named_dump.db"; statistics-file "/var/log/named.stats"; listen-on-v6 { any; }; notify no; disable-empty-zone
"1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA"; include "/etc/named.d/forwarders.conf"; }; zone "." in { type hint; file "root.hint"; }; zone "localhost" in { type master; file "localhost.zone"; }; zone "0.0.127.in-addr.arpa" in { type master; file "127.0.0.zone"; }; zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" in { type master; file "127.0.0.zone"; }; <CORRECTED HERE> include "/etc/named.conf.samba4";
and here is /etc/named.conf.samba4
zone "hh3.site." IN { type master; file "/var/lib/named/master/hh3.site.zone";
/* * the list of principals and what they can change is created * dynamically by Samba, based on the membership of the domain controllers * group. The provision just creates this file as an empty file. */
/* we need to use check-names ignore so _msdcs A records can be created */ check-names ignore; };
Finally: grep -v ';' /var/lib/named/master/hh3.site.zone
$ORIGIN hh3.site. $TTL 1W @ IN SOA hh3 hostmaster ( IN NS hh3
IN A 192.168.1.3
hh3 IN A 192.168.1.3 gc._msdcs IN A 192.168.1.3
d5c2683c-ef5a-4b73-85f7-fc40c942b103._msdcs IN CNAME hh3 _gc._tcp IN SRV 0 100 3268 hh3 _gc._tcp.Default-First-Site-Name._sites IN SRV 0 100 3268 hh3 _ldap._tcp.gc._msdcs IN SRV 0 100 3268 hh3 _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs IN SRV 0 100 3268 hh3 _ldap._tcp IN SRV 0 100 389 hh3 _ldap._tcp.dc._msdcs IN SRV 0 100 389 hh3 _ldap._tcp.pdc._msdcs IN SRV 0 100 389 hh3 _ldap._tcp.b6c05992-f842-4934-8374-153bf4475482.domains._msdcs IN SRV 0 100 389 hh3 _ldap._tcp.Default-First-Site-Name._sites IN SRV 0 100 389 hh3 _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs IN SRV 0 100 389 hh3 _kerberos._tcp IN SRV 0 100 88 hh3 _kerberos._tcp.dc._msdcs IN SRV 0 100 88 hh3 _kerberos._tcp.Default-First-Site-Name._sites IN SRV 0 100 88 hh3 _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs IN SRV 0 100 88 hh3 _kerberos._udp IN SRV 0 100 88 hh3 _kerberos-master._tcp IN SRV 0 100 88 hh3 _kerberos-master._udp IN SRV 0 100 88 hh3 _kpasswd._tcp IN SRV 0 100 464 hh3 _kpasswd._udp IN SRV 0 100 464 hh3 _kerberos IN TXT HH3.SITE
Thanks L x
Sorry. /etc/named.conf has: include "/etc/named.conf.samba4"; as its last line. Thanks L x -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 11/30/2011 02:08 AM, lynn wrote:
Nov 29 20:49:23 hh3 named[5000]: managed-keys-zone ./IN: loading from master file managed-keys.bind failed: file not found Nov 29 20:49:23 hh3 named[5000]: managed-keys-zone ./IN: loaded serial 0 Nov 29 20:49:23 hh3 named[4952]: Starting name server BIND ..done Nov 29 20:49:23 hh3 named[5000]: running
Lynn, The first thing that jumps out is "master file managed-keys.bind failed: file not found" The key file setup is really a "roll your own" type setup. You will get examples from many many sites that maintain a managed-keys.bind file that does not exist by default. The only key file contained in the bind source is /etc/bind.keys. It is up to you to define/create your key setup (one per zone, etc..) with dnssec-keygen (or the opensuse genDDNSkey provided by bind-utils) Above, it simply looks like named is trying to include a keyfile that does not exist.... I haven't tried 12.1 or Samba4, so this is just a generic guestimate based on the log snippet... -- David C. Rankin, J.D.,P.E. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 30/11/11 13:54, David C. Rankin wrote:
On 11/30/2011 02:08 AM, lynn wrote:
Nov 29 20:49:23 hh3 named[5000]: managed-keys-zone ./IN: loading from master file managed-keys.bind failed: file not found Nov 29 20:49:23 hh3 named[5000]: managed-keys-zone ./IN: loaded serial 0 Nov 29 20:49:23 hh3 named[4952]: Starting name server BIND ..done Nov 29 20:49:23 hh3 named[5000]: running
Lynn,
The first thing that jumps out is "master file managed-keys.bind failed: file not found"
The key file setup is really a "roll your own" type setup. You will get examples from many many sites that maintain a managed-keys.bind file that does not exist by default. The only key file contained in the bind source is /etc/bind.keys.
It is up to you to define/create your key setup (one per zone, etc..) with dnssec-keygen (or the opensuse genDDNSkey provided by bind-utils)
Above, it simply looks like named is trying to include a keyfile that does not exist....
I haven't tried 12.1 or Samba4, so this is just a generic guestimate based on the log snippet...
OK. Thanks. As everything seems to be working I'll ignore it. It's that when testing alpha stuff you have to be 100% certain the underlying system is working as it should. Maybe I should be testing Samba 4 on a fully end of line and updated 11.3. . . L x -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (2)
-
David C. Rankin
-
lynn