Samba4 dynamic DNS update issue

Chirana Gheorghita Eugeniu Theodor office at adaptcom.ro
Wed Dec 5 12:34:21 MST 2012 

Hello,
I am using the flatfile option, meaning that I have a bind 9.9.2 witch
servers the dns part for samba. DLZ is only for db zones storage. Do I have
an option of using dlz with flat files?

On Wed, Dec 5, 2012 at 7:04 AM, Andrew Bartlett <abartlet at samba.org> wrote:

> On Fri, 2012-11-23 at 21:14 +0200, Chirana Gheorghita Eugeniu Theodor
> wrote:
> > Hmm ,
> > seems that no has any idea about my previous issue:
> > http://lists.samba.org/archive/samba-technical/2012-November/088999.html
> >
> > Here is a new one not a unsolvable but a non standard fix:
> >
> > I got the following error in named messages:
> > Nov 23 19:19:00 cerberus named[29639]: client 192.168.30.254#50842:
> update '
> > altavia.aviamotors.ro/IN' denied
> > Nov 23 19:47:22 cerberus named[29639]: client 192.168.30.254#53026:
> update '
> > altavia.aviamotors.ro/IN' denied
> > Nov 23 20:03:39 cerberus named[29639]: client 192.168.30.254#49221:
> update '
> > altavia.aviamotors.ro/IN' denied
> > Nov 23 20:11:11 cerberus named[29639]: client 192.168.30.254#50886:
> update '
> > altavia.aviamotors.ro/IN' denied
> > Nov 23 20:20:42 cerberus named[29639]: client 192.168.30.254#54307:
> update '
> > altavia.aviamotors.ro/IN' denied
> > Nov 23 20:32:41 cerberus named[29639]: client 192.168.30.254#49650:
> update '
> > altavia.aviamotors.ro/IN' denied
> > Nov 23 20:35:36 cerberus named[29639]: client 192.168.30.249#54725:
> update '
> > altavia.aviamotors.ro/IN' denied
> >
> >
> > I had to modify the
> > /named/chroot/samba/private/named.conf file so:
> >
> > commented this line:
> >          * include "/samba/private/named.conf.update"
> >
> > to ignore these:
> > /* this file is auto-generated - do not edit */
> > update-policy {
> >         grant ALTAVIA.AVIAMOTORS.RO ms-self * A AAAA;
> >         grant Administrator at ALTAVIA.AVIAMOTORS.RO wildcard * A AAAA SRV
> > CNAME;
> >         grant CERBERUS$@altavia.aviamotors.ro wildcard * A AAAA SRV
> CNAME;
> > };
> >
> >
> > and added this:
> >         allow-update {192.168.30.0/24;};
>
>
> This looks like you have simply removed all security from BIND.
>
> You should instead use the DLZ module, so we can apply correct ACLs.
>
> Andrew Bartlett
>
> --
> Andrew Bartlett                                http://samba.org/~abartlet/
> Authentication Developer, Samba Team           http://samba.org
>
>
>


-- 
___________________________________________________
Cu stima/Best regards/Mit freundlichen Grüßen/最好的问候,

Chirana-Gheorghita Eugeniu-Theodor
Bucharest, Romania

e-mail : office at adaptcom.ro
mobile: 0743 698721
            0747 447675

More information about the samba-technical mailing list