[Samba] ddns update fails for reverse zone
steve
steve at steve-ss.com
Fri Jan 10 07:27:53 MST 2014
On Fri, 2014-01-10 at 13:57 +0000, Rowland Penny wrote:
> On 10/01/14 12:05, steve wrote:
> > Hi everyone.
> > I have a Linux nsupdate client sending dns update requests via sssd.
> > Just gone from 4.1.2 to 4.1.3. I've done this:
> > http://linuxcostablanca.blogspot.com.es/2013/09/samba4-bind9dlz-stale-dns-records-with.html
> > After which the forward zone update is working fine:
> >
> > 2014-01-10T12:32:35.376142+01:00 hh16 named[4963]: samba_dlz: starting
> > transaction on zone hh3.site
> > 2014-01-10T12:32:35.382352+01:00 hh16 named[4963]: samba_dlz: allowing
> > update of signer=CATRAL\$\@HH3.SITE name=catral.hh3.site
> > tcpaddr=192.168.1.22 type=A key=4172394391.sig-hh16.hh3.site/160/0
> > 2014-01-10T12:32:35.382917+01:00 hh16 named[4963]: client
> > 192.168.1.22#48586/key CATRAL\$\@HH3.SITE: updating zone
> > 'hh3.site/NONE': deleting rrset at 'catral.hh3.site' A
> > 2014-01-10T12:32:35.390788+01:00 hh16 named[4963]: samba_dlz: subtracted
> > rdataset catral.hh3.site
> > 'catral.hh3.site.#0113600#011IN#011A#011192.168.1.22'
> > 2014-01-10T12:32:35.394326+01:00 hh16 named[4963]: samba_dlz: subtracted
> > rdataset hh3.site 'hh3.site.#0113600#011IN#011SOA#011hh16.hh3.site.
> > hostmaster.hh3.site. 635 900 600 86400 0'
> > 2014-01-10T12:32:35.396199+01:00 hh16 named[4963]: samba_dlz: added
> > rdataset hh3.site 'hh3.site.#0113600#011IN#011SOA#011hh16.hh3.site.
> > hostmaster.hh3.site. 636 900 600 86400 0'
> > 2014-01-10T12:32:35.698255+01:00 hh16 named[4963]: samba_dlz: committed
> > transaction on zone hh3.site
> > 2014-01-10T12:32:35.749459+01:00 hh16 named[4963]: samba_dlz: starting
> > transaction on zone hh3.site
> > 2014-01-10T12:32:35.753506+01:00 hh16 named[4963]: samba_dlz: allowing
> > update of signer=CATRAL\$\@HH3.SITE name=catral.hh3.site
> > tcpaddr=192.168.1.22 type=AAAA key=3660185835.sig-hh16.hh3.site/160/0
> > 2014-01-10T12:32:35.754206+01:00 hh16 named[4963]: client
> > 192.168.1.22#48262/key CATRAL\$\@HH3.SITE: updating zone
> > 'hh3.site/NONE': deleting rrset at 'catral.hh3.site' AAAA
> > 2014-01-10T12:32:35.754706+01:00 hh16 named[4963]: samba_dlz: committed
> > transaction on zone hh3.site
> > 2014-01-10T12:32:35.805458+01:00 hh16 named[4963]: samba_dlz: starting
> > transaction on zone hh3.site
> > 2014-01-10T12:32:35.806991+01:00 hh16 named[4963]: samba_dlz: allowing
> > update of signer=CATRAL\$\@HH3.SITE name=catral.hh3.site
> > tcpaddr=192.168.1.22 type=A key=3866959392.sig-hh16.hh3.site/160/0
> > 2014-01-10T12:32:35.807875+01:00 hh16 named[4963]: client
> > 192.168.1.22#40235/key CATRAL\$\@HH3.SITE: updating zone
> > 'hh3.site/NONE': adding an RR at 'catral.hh3.site' A
> > 2014-01-10T12:32:35.810897+01:00 hh16 named[4963]: samba_dlz: added
> > rdataset catral.hh3.site
> > 'catral.hh3.site.#0113600#011IN#011A#011192.168.1.22'
> > 2014-01-10T12:32:35.814287+01:00 hh16 named[4963]: samba_dlz: subtracted
> > rdataset hh3.site 'hh3.site.#0113600#011IN#011SOA#011hh16.hh3.site.
> > hostmaster.hh3.site. 636 900 600 86400 0'
> > 2014-01-10T12:32:35.831279+01:00 hh16 named[4963]: samba_dlz: added
> > rdataset hh3.site 'hh3.site.#0113600#011IN#011SOA#011hh16.hh3.site.
> > hostmaster.hh3.site. 637 900 600 86400 0'
> > 2014-01-10T12:32:36.744347+01:00 hh16 named[4963]: samba_dlz: committed
> > transaction on zone hh3.site
> >
> > But the reverse zone doesn't go:
> >
> > 2014-01-10T12:32:37.037639+01:00 hh16 named[4963]: samba_dlz: starting
> > transaction on zone 1.168.192.in-addr.arpa
> > 2014-01-10T12:32:37.041533+01:00 hh16 named[4963]: samba_dlz:
> > disallowing update of signer=CATRAL\$\@HH3.SITE
> > name=22.1.168.192.in-addr.arpa type=PTR error=insufficient access rights
> > 2014-01-10T12:32:37.042160+01:00 hh16 named[4963]: client
> > 192.168.1.22#50967/key CATRAL\$\@HH3.SITE: updating zone
> > '1.168.192.in-addr.arpa/NONE': update failed: rejected by secure update
> > (REFUSED)
> > 2014-01-10T12:32:37.042579+01:00 hh16 named[4963]: samba_dlz: cancelling
> > transaction on zone 1.168.192.in-addr.arpa
> > 2014-01-10T12:32:37.514441+01:00 hh16 named[4963]: samba_dlz: starting
> > transaction on zone 1.168.192.in-addr.arpa
> > 2014-01-10T12:32:37.516754+01:00 hh16 named[4963]: samba_dlz:
> > disallowing update of signer=CATRAL\$\@HH3.SITE
> > name=22.1.168.192.in-addr.arpa type=PTR error=insufficient access rights
> > 2014-01-10T12:32:37.517581+01:00 hh16 named[4963]: client
> > 192.168.1.22#53190/key CATRAL\$\@HH3.SITE: updating zone
> > '1.168.192.in-addr.arpa/NONE': update failed: rejected by secure update
> > (REFUSED)
> > 2014-01-10T12:32:37.518280+01:00 hh16 named[4963]: samba_dlz: cancelling
> > transaction on zone 1.168.192.in-addr.arpa
> >
> > Question: We're up. Am I going to break anything if I delete and
> > recreate the reverse zone?
> >
> > Any other stuff to try?
> >
> > Cheers and belated happy new year,
> > Steve
> >
> >
> Hi Steve, I have updated to 4.1.4 and am not having this problem, but I
> did run 'samba-tool dbcheck --cross-ncs --fix' before I restarted samba 4.
> You could try deleting just the reverse record for the machine in
> question, this may help and I am sure it will not do any harm.
>
> Rowland
>
Hi Rowland
The cross-ncs stuff gave no errors, but deleting the reverse entry and
restarting sssd on the client both recreated it and continued to try to
do so on new start-ups. Thanks for giving me the confidence to delete
it. Sorry I can't offer any explanation. Just one box. All the others
were fine.
Steve
Oh and it wasn't the stable upgrade. Some bright spark had done the git.
It says: 4.2.0pre1-GIT-a7f1f5d Thank gad it's OK.
More information about the samba
mailing list