Samba 4 @ BIND 9.8.1. ' update denied '

Rafa Toucedo debian.vigo at gmail.com
Tue Nov 15 04:28:17 MST 2011 

Hello again, I'm going to "auto-response"

I managed to avoid the "deny" as follows:

(I put my configuration files) using named 9.8.1 at centos 5.7

/etc/named.conf

options {
         directory "/etc/named";
         pid-file "/var/run/named/pid";
         dump-file "/var/dump/named_dump.db";
         statistics-file "/var/stats/named.stats";
         listen-on {172.20.0.0/16;};
         # check-names master ignore;
         TKey-gssapi-keytab "/usr/local/samba/private/dns.keytab";
};

zone "." {
         type hint;
         file "named.root";
};

zone "0.0.127.IN-ADDR.ARPA" {
         type master;
         file "localhost.rev";
};

include "/usr/local/samba/private/named.conf";

  now  open /usr/local/samba/private/named.conf

zone "infralabs.loc." IN {
         type master;
         file "/ usr / local / samba / private / dns / infralabs.loc.zone";
*I added the following line (the allow-update ...)*
         allow-update {any;}

I "comment out" the next 'INCLUDE'

*# Include "/usr/local/samba/private/named.conf.update";*

the file which references the include contains the following:


update-policy {
         ms-self INFRALABS.LOC grant * A AAAA;
         Administrator at INFRALABS.LOC grant wildcard * A AAAA CNAME SRV;
         S4 $ @ infralabs.loc grant wildcard * A AAAA CNAME SRV;
};

if you do not comment that "include" I do not start the named

a greeting



2011/11/15 Rafa Toucedo <debian.vigo at gmail.com>

> Hello, first of all greet you.
>
> I have installed the version-7846bc6 4.0.0alpha18-GIT, 9.8.1 BIND DNS
> server created with '- with-openssl = yes'' - with-gssapi = / usr '' -
> disable-openssl-version-check ', on CentOS 5.7, I have a problem (at DNS) which
> reads as follows:
>
> 15-Nov-2011 09:08:02.174 client 172.20.35.216 # 1089: update '
> infralabs.loc / IN' denied
>
> Where the client ip belongs to a Windows XP properly configured and "stuck"
> in the domain that I created (infralabs.loc).
>
> I understand that the problem is that DNS does not "access" to machines other
> than their own 'localhost' and I think that access is defined in
>
> ..../samba/private/named.conf.update <- created by '. /provision'
>
> / * This is auto-generated file - do not edit * /
> update-policy {
>          ms-self INFRALABS.LOC grant * A AAAA;
>          Administrator at INFRALABS.LOC grant wildcard * A AAAA CNAME SRV;
>          S4 $ @ infralabs.loc grant wildcard * A AAAA CNAME SRV;
> };
>
> Not to do when Windows XP to a domain does (at Windows) without problem, after
> restarting I get an error usrenv in 'Event Viewer' and tells me not find the
> domain. The record in the domain zone is created with no problem.
>
> thank you very much for this great work.

More information about the samba-technical mailing list