samba4 and bind9 - dynamic udpdates not working anymore

Karl Haue karl.haue at
Fri Dec 26 05:31:02 MST 2014

Rowland Penny <repenny241155 <at>> writes:

> This is what is in mine:
> options {
>          directory "/var/cache/bind";
>          forwarders {;; };
>          dnssec-validation no;
>          auth-nxdomain no;    # conform to RFC1035
>          listen-on-v6 { any; };
>          tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
> };
> NOTE: I used bind9 on Debian Wheezy with backports enabled.
> Remove the forwarder line from smb.conf
> I Have been using Samba4 & Bind9 for 2 yrs now without major incident, 
> but I also run a DHCP server on the AD DC, this is what works for me.

OK /usr/local/bind9/etc/named.conf.options is changed now, looks like your
proposal - only path to dns.keytab is /usr/local/samba/private. 

in smb.conf was no forwarder (not used anytime).

bind and samba are restarted, but the same problem again.

Every time I try a "ipconfig /registerdns) the log shows me the "access
denied" error.

I use ISC DHCP Service on this raspberry, too. 
But with a subdomain (, because I have the information,
dhcp daemon cannot write to DNS of samba (ad.daheim.local).

Maybe it is a problem with my restored database files? 

I set the same rights and hardlinks again, but I do not know how to look
inside the files or check the files.


More information about the samba-technical mailing list