Mixing DDNS from DHCP and Windows

mat+Informatique.Samba@matws.net mat at matws.net
Fri May 14 12:22:17 MDT 2010

ЛHello sassy,
But storing dns record directly in the ad won't solve the need for non windows client to have ddns.
Maybe by making dhcpd use samba as a backend for lease database but it 's not trivial and you need samba or dhcpd to do some trick upon response on dhcp request to add a record.
This is not trivial so dhcp interim is there to stay a bit...

"Sassy Natan" <sassyn at gmail.com> wrote:

>Yes, It is working.
>I used the same method since samba4 alpha 8.
>DDNS is cool, and we have dns kerberos update when adding adding new domain
>What we are still miss is having the DNS database, saved in the AD.
>tridge and me was starting at sambaXP to see how we going to implement it,
>and I know simo was planing to do the same for freeipa.
>I do have bind working with openldap already, but this is not Microsoft
>compatible way.
>See this link for bind with ldap: http://github.com/mnagy/bind-dyndb-ldap
>and also this for an old implementation http://bind9-ldap.bayour.com/
>On Fri, May 14, 2010 at 6:17 PM, Matthieu Patou <
>mat+Informatique.Samba at matws.net <mat%2BInformatique.Samba at matws.net>>wrote:
>> Hello,
>> It's a tip for those who wants to mix both because they have either linux
>> client or printers.
>> So basicaly you need to have your dhcp.mydomain.org granted for update.
>> Most of howto on internet tells to add
>>  allow-update { key "dhcp-key"; }; to the mydomain.org zone definition and
>> also to the reverse(s) zone(s).
>> But allow-update is incompatible with the grant notation used for the MS
>> DNS update.
>> The idea is to translate  allow-update { key "dhcp-key"; }; to
>> grant dhcp.mydomain.org  wildcard *.mydomain.org TXT A AAAA;
>> Steps:
>> 0) test that ddns in interim mode is working (using the allow-update)
>> 1) put the dhcp interim key in a file called /etc/bind/dhcp.key and the key
>> name MUST be the same as the one you give in the grant (I suggest
>> dhcp.mydomain.org)
>> ie.
>> key "dhcp.mydomain.org" {
>>  algorithm hmac-md5;
>>  secret "superPouperPassword";
>> };
>> 2) at the top of /etc/bind/named.conf add: include "/etc/bind/dhcp.key";
>> 3) mydomain.org should have line like this: include
>> "/usr/local/samba/private/named.conf.update";
>> 4) in the reverse(s) zone(s) add a line like this:  grant
>> dhcp.mydomain.org wildcard *.90.16.172.in-addr.arpa. PTR;
>> 5) create the file /usr/local/samba/private/named.conf.update.static with
>> the following line:
>>        grant dhcp.mydomain.org  wildcard *.mydomain.org TXT A AAAA;
>> 6) wait for samba to regenerate the file
>> /usr/local/samba/private/named.conf.update
>> 7) check that the new /usr/local/samba/private/named.conf.update contains
>> the grant for dhcp.
>> 8) edit your /etc/dhcp/dhcpd.conf
>> And add this:
>> class "foo" {
>>  match if substring (option vendor-class-identifier, 0, 4) = "MSFT";
>>  ddns-updates    off;
>>  allow client-updates;
>> }
>> This is to prevent MS workstation/server to use the DDNS from DHCP.
>> Matthieu.

Matthieu Patou

More information about the samba-technical mailing list