DNS updates denied?

Charles Tryon charles.tryon at gmail.com
Thu Jan 26 10:22:14 MST 2012 

On Wed, Jan 25, 2012 at 5:10 PM, Amitay Isaacs <amitay at gmail.com> wrote:

> Hi Charles,
>
> On Thu, Jan 26, 2012 at 6:35 AM, Charles Tryon <charles.tryon at gmail.com>
> wrote:
> > DNS Policy question:  I've finally found a way for DHCP on my Samba
> system
> > to securely update the DNS records (bind9.8/DLZ) using a script to get a
> > proper Kerberos ticket.  The odd part is that the Windows boxes
> themselves
> > are trying to update their own records every time they renew the DHCP
> > lease... and they are getting denied.  Is that because of the fact that
> > they didn't originally *create* the A, AAAA and PTR records?
>
> Windows does update the forward and reverse (if the zone is available) DNS
> names
> when it joins the domain. The issue with DHCP updating the names is which
> user
> is updating the names. If the names are created as dns-admin or
> administrator,
> then windows machines will not be able to update the names, as they will
> not
> have the permissions to update the names created by dns-admins or
> administrator.
>
> So it might be easier to leave the updates to be handled by windows, as
> they are
> created using the machine account and can be updated by windows. The issue
> then would be that if you have any samba servers joining domain, they
> will not be
> updating the domain as there is no code in samba to update it's own dns
> entry.
>

Amitay,
  Good point, as long as we can get the clients to update DNS correctly,
which I have not yet been able to get to work.  I believe there is a fix in
place for this, though I haven't been able to test it yet.

  The problem is when you are in a mixed environment along with Linux
and/or Mac DHCP clients.  I'm not sure if the Mac clients try to
automatically update the DNS when they get an address from DHCP, and I'm
sure Linux clients don't do this by default.  Is there a way around this?




> Amitay.
>



-- 
    Charles Tryon
_________________________________________________________________________
  “Risks are not to be evaluated in terms of the probability of success,
but in terms of the value of the goal.”
                - Ralph D. Winter

More information about the samba-technical mailing list