Samba4 dynamic DNS update issue
Chirana Gheorghita Eugeniu Theodor
office at adaptcom.ro
Wed Dec 5 12:34:21 MST 2012
Hello,
I am using the flatfile option, meaning that I have a bind 9.9.2 witch
servers the dns part for samba. DLZ is only for db zones storage. Do I have
an option of using dlz with flat files?
On Wed, Dec 5, 2012 at 7:04 AM, Andrew Bartlett <abartlet at samba.org> wrote:
> On Fri, 2012-11-23 at 21:14 +0200, Chirana Gheorghita Eugeniu Theodor
> wrote:
> > Hmm ,
> > seems that no has any idea about my previous issue:
> > http://lists.samba.org/archive/samba-technical/2012-November/088999.html
> >
> > Here is a new one not a unsolvable but a non standard fix:
> >
> > I got the following error in named messages:
> > Nov 23 19:19:00 cerberus named[29639]: client 192.168.30.254#50842:
> update '
> > altavia.aviamotors.ro/IN' denied
> > Nov 23 19:47:22 cerberus named[29639]: client 192.168.30.254#53026:
> update '
> > altavia.aviamotors.ro/IN' denied
> > Nov 23 20:03:39 cerberus named[29639]: client 192.168.30.254#49221:
> update '
> > altavia.aviamotors.ro/IN' denied
> > Nov 23 20:11:11 cerberus named[29639]: client 192.168.30.254#50886:
> update '
> > altavia.aviamotors.ro/IN' denied
> > Nov 23 20:20:42 cerberus named[29639]: client 192.168.30.254#54307:
> update '
> > altavia.aviamotors.ro/IN' denied
> > Nov 23 20:32:41 cerberus named[29639]: client 192.168.30.254#49650:
> update '
> > altavia.aviamotors.ro/IN' denied
> > Nov 23 20:35:36 cerberus named[29639]: client 192.168.30.249#54725:
> update '
> > altavia.aviamotors.ro/IN' denied
> >
> >
> > I had to modify the
> > /named/chroot/samba/private/named.conf file so:
> >
> > commented this line:
> > * include "/samba/private/named.conf.update"
> >
> > to ignore these:
> > /* this file is auto-generated - do not edit */
> > update-policy {
> > grant ALTAVIA.AVIAMOTORS.RO ms-self * A AAAA;
> > grant Administrator at ALTAVIA.AVIAMOTORS.RO wildcard * A AAAA SRV
> > CNAME;
> > grant CERBERUS$@altavia.aviamotors.ro wildcard * A AAAA SRV
> CNAME;
> > };
> >
> >
> > and added this:
> > allow-update {192.168.30.0/24;};
>
>
> This looks like you have simply removed all security from BIND.
>
> You should instead use the DLZ module, so we can apply correct ACLs.
>
> Andrew Bartlett
>
> --
> Andrew Bartlett http://samba.org/~abartlet/
> Authentication Developer, Samba Team http://samba.org
>
>
>
--
___________________________________________________
Cu stima/Best regards/Mit freundlichen Grüßen/最好的问候,
Chirana-Gheorghita Eugeniu-Theodor
Bucharest, Romania
e-mail : office at adaptcom.ro
mobile: 0743 698721
0747 447675
More information about the samba-technical
mailing list