Zentyal 6.2-7.0 bind9 error after restart

[epachirkov]

Describe the bug
After restart Zentyal 6.2 AD Controller and additional Zentyal 7.0 AD controller cannot start, freeze on EBox::DNS::appArmorProfiles - Setting DNS apparmor profile.
In systemctl status bind9 see this message:
окт 13 14:27:25 zentyal named[31555]: samba_dlz: Failed to configure zone '_msdcs.EP.LOC'
окт 13 14:27:25 zentyal named[31555]: loading configuration: already exists
окт 13 14:27:25 zentyal named[31555]: exiting (due to fatal error)
If i add new additional controller - get same error after join domain.

To Reproduce
Steps to reproduce the behavior:

1. Restart Zentyal server
2. See error

Expected behavior
Run server

Zentyal OS (please complete the following information):

• Version: 6.2 or 7.0
• Version of the module: zentyal-dns-6.2.0
• Modules installed: DC, DNS, DHCP, Firewall, Network Configuration, NTP, Software Management

Additional context

/var/lib/bind/db.0.168.192:

$ORIGIN .
$TTL 259200	; 3 days
0.168.192.in-addr.arpa	IN SOA	zentyal.ep.loc. hostmaster.ep.loc. (
				2021080519 ; serial
				28800      ; refresh (8 hours)
				7200       ; retry (2 hours)
				2419200    ; expire (4 weeks)
				86400      ; minimum (1 day)
				)
			NS	zentyal.ep.loc.
$ORIGIN 0.168.192.in-addr.arpa.
11			PTR	pc1.ep.loc.
110			PTR	pc2.ep.loc.

[epachirkov]

Find how to fix bug, but i dont now right now how fix it automatically:
Run command when start dns freeze:

chgrp bind /var/lib/samba/private/
chmod 750 /var/lib/samba/private/
chgrp bind /var/lib/samba/private/dns.keytab
chmod 640 /var/lib/samba/private/dns.keytab

This problem refer to any fresh install additional DC with version 6.2 or 7.0. Need run this commands after every reboot or zs dns restart!
P.S. Not fixed all. In zentyal.log:
DEBUG> Ldap.pm:219 EBox::Ldap::safeConnect - FATAL: Could not connect to samba LDAP server: connect: Permission denied at FATAL: Could not connect to samba LDAP server: connect: Permission denied at /usr/share/perl5/EBox/Ldap.pm line 219

[Neustradamus]

@djoven89: Any news?

[epachirkov]

Fixed in a very strange way. I have a VM snapshot with memory where zentyal was working fine (unless restarting the DNS service).
First run chmod and chgrp:

chgrp bind /var/lib/samba/private/
chmod 750 /var/lib/samba/private/
chgrp bind /var/lib/samba/private/dns.keytab
chmod 640 /var/lib/samba/private/dns.keytab

Then I transfer all FSMO roles to the Windows server and reboot zentyal. After that everything works fine and transfer FSMO back to zentyal and remove Windows controller. What is causing this error I don't understand, but maybe my comment help somebody.

[brunolorente]

Hi @epachirkov we are back! this is in our roadmap right now, as soon as we have a fix, we'll publish it :)

[dkyrgia]

I had the same problem which solved after I assigned static IP instead of DHCP on the server and locked at the router. Strange but it worked

[Neustradamus]

@epachirkov, @dkyrgia: Any news on this ticket?