DNS updates denied?

Michael Croes mycroes at gmail.com
Thu Jan 26 10:58:40 MST 2012 

It's possible to manually invoke nsupdate -g on Linux clients to update the
dns records. I did this for a couple of servers and also for all records
for my second DC. It's doable with just a couple of clients...
Regards,

Michael
Op 26 jan. 2012 18:22 schreef "Charles Tryon" <charles.tryon at gmail.com> het
volgende:

> On Wed, Jan 25, 2012 at 5:10 PM, Amitay Isaacs <amitay at gmail.com> wrote:
>
> > Hi Charles,
> >
> > On Thu, Jan 26, 2012 at 6:35 AM, Charles Tryon <charles.tryon at gmail.com>
> > wrote:
> > > DNS Policy question:  I've finally found a way for DHCP on my Samba
> > system
> > > to securely update the DNS records (bind9.8/DLZ) using a script to get
> a
> > > proper Kerberos ticket.  The odd part is that the Windows boxes
> > themselves
> > > are trying to update their own records every time they renew the DHCP
> > > lease... and they are getting denied.  Is that because of the fact that
> > > they didn't originally *create* the A, AAAA and PTR records?
> >
> > Windows does update the forward and reverse (if the zone is available)
> DNS
> > names
> > when it joins the domain. The issue with DHCP updating the names is which
> > user
> > is updating the names. If the names are created as dns-admin or
> > administrator,
> > then windows machines will not be able to update the names, as they will
> > not
> > have the permissions to update the names created by dns-admins or
> > administrator.
> >
> > So it might be easier to leave the updates to be handled by windows, as
> > they are
> > created using the machine account and can be updated by windows. The
> issue
> > then would be that if you have any samba servers joining domain, they
> > will not be
> > updating the domain as there is no code in samba to update it's own dns
> > entry.
> >
>
> Amitay,
>  Good point, as long as we can get the clients to update DNS correctly,
> which I have not yet been able to get to work.  I believe there is a fix in
> place for this, though I haven't been able to test it yet.
>
>  The problem is when you are in a mixed environment along with Linux
> and/or Mac DHCP clients.  I'm not sure if the Mac clients try to
> automatically update the DNS when they get an address from DHCP, and I'm
> sure Linux clients don't do this by default.  Is there a way around this?
>
>
>
>
> > Amitay.
> >
>
>
>
> --
>    Charles Tryon
> _________________________________________________________________________
>  “Risks are not to be evaluated in terms of the probability of success,
> but in terms of the value of the goal.”
>                - Ralph D. Winter
>

More information about the samba-technical mailing list