Mixing DDNS from DHCP and Windows

Sassy Natan sassyn at gmail.com
Fri May 14 09:51:45 MDT 2010

Yes, It is working.
I used the same method since samba4 alpha 8.
DDNS is cool, and we have dns kerberos update when adding adding new domain

What we are still miss is having the DNS database, saved in the AD.

tridge and me was starting at sambaXP to see how we going to implement it,
and I know simo was planing to do the same for freeipa.

I do have bind working with openldap already, but this is not Microsoft
compatible way.

See this link for bind with ldap: http://github.com/mnagy/bind-dyndb-ldap

and also this for an old implementation http://bind9-ldap.bayour.com/


On Fri, May 14, 2010 at 6:17 PM, Matthieu Patou <
mat+Informatique.Samba at matws.net <mat%2BInformatique.Samba at matws.net>>wrote:

> Hello,
> It's a tip for those who wants to mix both because they have either linux
> client or printers.
> So basicaly you need to have your dhcp.mydomain.org granted for update.
> Most of howto on internet tells to add
>  allow-update { key "dhcp-key"; }; to the mydomain.org zone definition and
> also to the reverse(s) zone(s).
> But allow-update is incompatible with the grant notation used for the MS
> DNS update.
> The idea is to translate  allow-update { key "dhcp-key"; }; to
> grant dhcp.mydomain.org  wildcard *.mydomain.org TXT A AAAA;
> Steps:
> 0) test that ddns in interim mode is working (using the allow-update)
> 1) put the dhcp interim key in a file called /etc/bind/dhcp.key and the key
> name MUST be the same as the one you give in the grant (I suggest
> dhcp.mydomain.org)
> ie.
> key "dhcp.mydomain.org" {
>  algorithm hmac-md5;
>  secret "superPouperPassword";
> };
> 2) at the top of /etc/bind/named.conf add: include "/etc/bind/dhcp.key";
> 3) mydomain.org should have line like this: include
> "/usr/local/samba/private/named.conf.update";
> 4) in the reverse(s) zone(s) add a line like this:  grant
> dhcp.mydomain.org wildcard *.90.16.172.in-addr.arpa. PTR;
> 5) create the file /usr/local/samba/private/named.conf.update.static with
> the following line:
>        grant dhcp.mydomain.org  wildcard *.mydomain.org TXT A AAAA;
> 6) wait for samba to regenerate the file
> /usr/local/samba/private/named.conf.update
> 7) check that the new /usr/local/samba/private/named.conf.update contains
> the grant for dhcp.
> 8) edit your /etc/dhcp/dhcpd.conf
> And add this:
> class "foo" {
>  match if substring (option vendor-class-identifier, 0, 4) = "MSFT";
>  ddns-updates    off;
>  allow client-updates;
> }
> This is to prevent MS workstation/server to use the DDNS from DHCP.
> Matthieu.

More information about the samba-technical mailing list