Mixing DDNS from DHCP and Windows

Matthieu Patou mat+Informatique.Samba at matws.net
Fri May 14 10:58:38 MDT 2010 

Hello john,

It's planed but writting wiki pages take me a huge amount of time... that's why i postponed this and just throw away some notes as someone was requesting it on irc.

"John H Terpstra" <jht at samba.org> wrote:

>On 05/14/2010 10:17 AM, Matthieu Patou wrote:
>> Hello,
>> 
>> It's a tip for those who wants to mix both because they have either
>> linux client or printers.
>> 
>> So basicaly you need to have your dhcp.mydomain.org granted for update.
>> Most of howto on internet tells to add
>>  allow-update { key "dhcp-key"; }; to the mydomain.org zone definition
>> and also to the reverse(s) zone(s).
>> 
>> But allow-update is incompatible with the grant notation used for the MS
>> DNS update.
>> The idea is to translate  allow-update { key "dhcp-key"; }; to
>> grant dhcp.mydomain.org  wildcard *.mydomain.org TXT A AAAA;
>> 
>> Steps:
>> 0) test that ddns in interim mode is working (using the allow-update)
>> 1) put the dhcp interim key in a file called /etc/bind/dhcp.key and the
>> key name MUST be the same as the one you give in the grant (I suggest
>> dhcp.mydomain.org)
>> ie.
>> key "dhcp.mydomain.org" {
>>   algorithm hmac-md5;
>>   secret "superPouperPassword";
>> };
>> 2) at the top of /etc/bind/named.conf add: include "/etc/bind/dhcp.key";
>> 3) mydomain.org should have line like this: include
>> "/usr/local/samba/private/named.conf.update";
>> 4) in the reverse(s) zone(s) add a line like this:  grant
>> dhcp.mydomain.org wildcard *.90.16.172.in-addr.arpa. PTR;
>> 5) create the file /usr/local/samba/private/named.conf.update.static
>> with the following line:
>>         grant dhcp.mydomain.org  wildcard *.mydomain.org TXT A AAAA;
>> 6) wait for samba to regenerate the file
>> /usr/local/samba/private/named.conf.update
>> 7) check that the new /usr/local/samba/private/named.conf.update
>> contains the grant for dhcp.
>> 8) edit your /etc/dhcp/dhcpd.conf
>> And add this:
>> class "foo" {
>>   match if substring (option vendor-class-identifier, 0, 4) = "MSFT";
>>   ddns-updates    off;
>>   allow client-updates;
>> }
>> This is to prevent MS workstation/server to use the DDNS from DHCP.
>> 
>> 
>> 
>> Matthieu.
>
>
>Matthieu,
>
>Perhaps you could add this to the wiki?  Seems to me this may be usful
>info to others wishing to deploy samba4 with DDNS.
>
>Cheers,
>John T.

More information about the samba-technical mailing list