Samba4 Bind 9.8.1 update errors

[Kaney, Ian]

I've spoken to a few people regarding this issue and just wanted something in writing because it's still bugging me...

Basically I've followed the Wiki pages for setting up Samba4, installed, provisioned a domain and joined an XP virtual machine and Windows 7 virtual machine. I was using the latest version of Samba4 (from git) and I've got Bind 9.8.1 running. All the steps run smoothly and I can setup the admin tools and view the domain, users and computers on the Windows clients.

The problem appears in the server logs and it's related to the update of DNS from the Windows clients. Basically the record seems to get updated but I get a denied messages in the logs for named.

Sep 11 22:26:16 schumacher named[29051]: client 1.2.3.4#1121: view samba4: update 'samdom.example.com/IN' denied
Sep 11 22:26:16 schumacher named[29051]: client 1.2.3.4#1123: view samba4: updating zone 'samdom.example.com/IN': deleting an RR at xphyperv.samdom.example.com A
Sep 11 22:26:16 schumacher named[29051]: client 1.2.3.4#1123: view samba4: updating zone 'samdom.example.com/IN': adding an RR at 'xphyperv.samdom.example.com' A

When I query the name-server the record does indeed get updated but I'm still bothered by the denied message. Mr Bartlett had stated this was normal and was due to insecure updates being denied first before trying other methods. I tried to apply a registry setting to only allow secure updates to see if this was the issue but this still produced an error message stating denied. To make matters worse (with regards to my paranoid mind!), a user on the #samba-technical channel stated they hadn't seen these errors with their setup. I've got even more confused with Bind DLZ modules and everything else and just wanted a bit of clarity.

Any thoughts, ideas or telling me to stop worrying about it are appreciated! Thanks :)

--
Ian Kaney
Mail: ikaney at itsevolution.net
ITS Evolution, http://www.itsevolution.net/