[Samba] how to allow ISC dhcpd to add/update entries to bind9 with bind_dlz (samba4)
Amitay Isaacs
amitay at gmail.com
Sun Mar 18 18:31:22 MDT 2012
Hi Andreas,
On Sun, Mar 18, 2012 at 7:06 AM, Matthieu Patou <mat at samba.org> wrote:
> On 03/17/2012 10:00 AM, Andreas Oster wrote:
>>
>> Hello all,
>>
>> I have set up a samba4 server with bind9 and the bind_dlz module.
>> Everything is working as it should but now I need to allow the dhcp
>> server to add entries to the forwarding zone. Has anybody implemented
>> such a configuration ? Can this be done with the kerberos DNS dynamic
>> update configuration.
>
> I had it working with flat file backend.
> I think that the way dhcp and bind do their DDNS is different form the way
> windows do it's DDNS, as far as I know dlz_plugin only support the later one
> so far.
>
>> I want to achieve the following:
>>
>> 1) allow non-Windows machines (printers, ILO ...) to be added by dhcpd
You need to configure secure updates from dhcpd as dlz_bind9 plugin
only supports secure dynamic updates. Following link might help to set
up secure dynamic updates from dhcpd.
http://blog.michael.kuron-germany.de/2011/02/isc-dhcpd-dynamic-dns-updates-against-secure-microsoft-dns/
>> 2) allow Windows machines (joined to AD) to update their own entries
>>
>> 2 - already works with the configuration from samba wiki
This should work automatically with the current master. But remember
that if you update a DNS entry for windows machine through DHCP, then
the windows machine itself may not be able to update its own entry
because of the ACLs.
Amitay.
More information about the samba
mailing list