Internal dns server changed between RC2 & 4.1.0pre1-GIT-2c3a808

Rowland Penny repenny at
Mon Oct 15 11:21:05 MDT 2012

On 15/10/12 17:37, Kai Blin wrote:
> On 2012-10-15 18:07, Rowland Penny wrote:
> Hi Rowland,
>> Hello, I set Samba 4 RC2 to update the internal nameserver via dhcp
>> using a script, this works ok. I have compiled and installed
>> 4.1.0pre1-GIT-2c3a808 and dhcp updating the nameserver no longer works!
> I need more details here. How did the script work?

It is one I found on the internet and altered to fit my needs, as I said 
it works on RC2 but now will not work on pre1.
basically the script is run by dhcp from dhcpd.conf, it checks a 
kerberos keytab then runs nsupdate to first delete the pc's nameserver 
record (if there is one) then adds it into to the required zone. The 
script then checks to see if the record now exists.

>> Everything is the same, only the version of Samba4 has changed
> Yes, we fixed
So, it now listens on all interfaces?

>> If I run netstat -nlp | grep LISTEN | grep 53 on RC2 I get:
>> tcp        0      0* LISTEN      810/samba
>> tcp6       0      0 fe80::e2cb:4eff:fe06:53 :::* LISTEN      810/samba
>> But on 4.1.0pre1-GIT-2c3a808 I get:
>> tcp        0      0    * LISTEN
>> 22350/samba
>> tcp6       0      0 :::53                   :::* LISTEN      22350/samba
>> If I run the script manually: /usr/local/sbin/ add
>> LinPad
>> I get:
>> root at adserver:~# dns_tkey_negotiategss: TKEY is unacceptable
>> specified zone '' does not exist (NXDOMAIN)
>> dhcpd: DDNS: adding records for <LinPad.home.lan> FAILED:
>> status 10
>> Why is the TKEY suddenly unacceptable? and why is it saying the reverse
>> zone does not exist when it does, as I created it and samba-tool lists it?.
> What happens if you query records from outside of
> that update?
Do you mean as in:
host -t A linpad.home.lan
Host linpad.home.lan not found: 3(NXDOMAIN)

host -t PTR has no PTR record

>   Are you using the correct Kerberos keys?
Ah, what would be the correct Kerberos keys?, I am using one that I 
created for a user I also created, as I said it works on RC2
> A network capture might help.
This would be no problem if I only knew how to do this (hint hint) ;-)

> Cheers,
> Kai
Thanks for any help you can give


This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the samba-technical mailing list