DLZ updates "denied"
Charles Tryon
charles.tryon at gmail.com
Mon Jan 9 14:08:16 MST 2012
Well, I completely rebuilt my Samba4 server, this time based on Fedora16 so
that I would take advantage of the updated bind 9.8. I believe I have
successfully configured my DNS according to the Samba4 HOWTO, pointing to
the config file generated by the S4 provision step. I can look up the
various A and SVR records generated by the provision step, and have
successfully manually added definitions for other machines on my network
using the samba-tool commands.
My problem is that I STILL can't get DHCP leases to update DNS. I've seen
a lot of different references on the Internet for the DHCP settings, some
of which contradict each other, so it's likely I have problems in that
setup.
This is what I get:
Jan 9 15:47:10 samba dhcpd: DHCPACK on 192.168.2.181 to 08:00:27:6f:7e:c9
(mint) via eth0
Jan 9 15:47:10 samba dhcpd[31106]: DHCPACK on 192.168.2.181 to
08:00:27:6f:7e:c9 (mint) via eth0
Jan 9 15:47:10 samba dhcpd: Unable to add forward map from
mint.bbaggins.net to 192.168.2.181: not found
Jan 9 15:47:10 samba dhcpd[31106]: Unable to add forward map from
mint.bbaggins.net to 192.168.2.181: not found
DHCP config:
authoratative;
option domain-name "bbaggins.net";
option nis-domain "bbaggins.net";
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.2.255;
option domain-name-servers 192.168.2.6;
option ntp-servers brenen.bbaggins.net;
default-lease-time 9200;
max-lease-time 14400;
ddns-updates on;
ddns-update-style interim;
ddns-domainname "bbaggins.net";
ddns-rev-domainname "in-addr.arpa";
ignore client-updates;
update-optimization false;
subnet 192.168.2.0 netmask 255.255.255.0
{
allow client-updates;
authoritative;
option routers 192.168.2.1;
range 192.168.2.100 192.168.2.200;
}
----------------------------------
If I configure the ddns-style to "OFF", then I get a different failure mode:
Jan 9 15:27:13 samba named[30891]: samba_dlz: starting transaction on zone
bbaggins.net
Jan 9 15:27:13 samba named[30891]: client 192.168.2.169#65186: update '
bbaggins.net/IN' denied
Jan 9 15:27:13 samba named[30891]: samba_dlz: cancelling transaction on
zone bbaggins.net
Jan 9 15:27:13 samba named[30891]: samba_dlz: starting transaction on zone
bbaggins.net
Jan 9 15:27:13 samba named[30891]: samba_dlz: failed to create session info
Jan 9 15:27:13 samba named[30891]: client 192.168.2.169#65098: updating
zone 'bbaggins.net/NONE': update failed: rejected by secure update (REFUSED)
Jan 9 15:27:13 samba named[30891]: samba_dlz: cancelling transaction on
zone bbaggins.net
----------------------------------
My /etc/named.conf is mostly from the default one provided by Fedora, aside
from the tkey-gssapi-keytab line and the "include" pointing to the Samba
named.conf at the bottom. The generated conf just points to the DLZ
database file in the samba modules dir:
options {
listen-on port 53 { 127.0.0.1; 192.168.2.0/24; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; 192.168.2.0/24; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/usr/local/samba/private/named.conf";
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
----------------------------------
So, what am I still doing wrong???
--
Charles Tryon
_________________________________________________________________________
"It's the job that's never started that takes longest to finish."
-- Samwise Gamgee
More information about the samba-technical
mailing list