Mixing DDNS from DHCP and Windows

Matthieu Patou mat+Informatique.Samba at matws.net
Fri May 14 09:17:15 MDT 2010


It's a tip for those who wants to mix both because they have either 
linux client or printers.

So basicaly you need to have your dhcp.mydomain.org granted for update.
Most of howto on internet tells to add
  allow-update { key "dhcp-key"; }; to the mydomain.org zone definition 
and also to the reverse(s) zone(s).

But allow-update is incompatible with the grant notation used for the MS 
DNS update.
The idea is to translate  allow-update { key "dhcp-key"; }; to
grant dhcp.mydomain.org  wildcard *.mydomain.org TXT A AAAA;

0) test that ddns in interim mode is working (using the allow-update)
1) put the dhcp interim key in a file called /etc/bind/dhcp.key and the 
key name MUST be the same as the one you give in the grant (I suggest 
key "dhcp.mydomain.org" {
   algorithm hmac-md5;
   secret "superPouperPassword";
2) at the top of /etc/bind/named.conf add: include "/etc/bind/dhcp.key";
3) mydomain.org should have line like this: include 
4) in the reverse(s) zone(s) add a line like this:  grant 
dhcp.mydomain.org wildcard *.90.16.172.in-addr.arpa. PTR;
5) create the file /usr/local/samba/private/named.conf.update.static 
with the following line:
         grant dhcp.mydomain.org  wildcard *.mydomain.org TXT A AAAA;
6) wait for samba to regenerate the file 
7) check that the new /usr/local/samba/private/named.conf.update 
contains the grant for dhcp.
8) edit your /etc/dhcp/dhcpd.conf
And add this:
class "foo" {
   match if substring (option vendor-class-identifier, 0, 4) = "MSFT";
   ddns-updates    off;
   allow client-updates;
This is to prevent MS workstation/server to use the DDNS from DHCP.


More information about the samba-technical mailing list