Samba4 dynamic DNS update issue
Andrew Bartlett
abartlet at samba.org
Tue Dec 4 22:04:39 MST 2012
On Fri, 2012-11-23 at 21:14 +0200, Chirana Gheorghita Eugeniu Theodor
wrote:
> Hmm ,
> seems that no has any idea about my previous issue:
> http://lists.samba.org/archive/samba-technical/2012-November/088999.html
>
> Here is a new one not a unsolvable but a non standard fix:
>
> I got the following error in named messages:
> Nov 23 19:19:00 cerberus named[29639]: client 192.168.30.254#50842: update '
> altavia.aviamotors.ro/IN' denied
> Nov 23 19:47:22 cerberus named[29639]: client 192.168.30.254#53026: update '
> altavia.aviamotors.ro/IN' denied
> Nov 23 20:03:39 cerberus named[29639]: client 192.168.30.254#49221: update '
> altavia.aviamotors.ro/IN' denied
> Nov 23 20:11:11 cerberus named[29639]: client 192.168.30.254#50886: update '
> altavia.aviamotors.ro/IN' denied
> Nov 23 20:20:42 cerberus named[29639]: client 192.168.30.254#54307: update '
> altavia.aviamotors.ro/IN' denied
> Nov 23 20:32:41 cerberus named[29639]: client 192.168.30.254#49650: update '
> altavia.aviamotors.ro/IN' denied
> Nov 23 20:35:36 cerberus named[29639]: client 192.168.30.249#54725: update '
> altavia.aviamotors.ro/IN' denied
>
>
> I had to modify the
> /named/chroot/samba/private/named.conf file so:
>
> commented this line:
> * include "/samba/private/named.conf.update"
>
> to ignore these:
> /* this file is auto-generated - do not edit */
> update-policy {
> grant ALTAVIA.AVIAMOTORS.RO ms-self * A AAAA;
> grant Administrator at ALTAVIA.AVIAMOTORS.RO wildcard * A AAAA SRV
> CNAME;
> grant CERBERUS$@altavia.aviamotors.ro wildcard * A AAAA SRV CNAME;
> };
>
>
> and added this:
> allow-update {192.168.30.0/24;};
This looks like you have simply removed all security from BIND.
You should instead use the DLZ module, so we can apply correct ACLs.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba-technical
mailing list