Aw: Re: Re: samba4 and bind9 - dynamic udpdates not working anymore

support at support at
Sat Dec 27 07:57:59 MST 2014


may you have us the output of named-sdb -V please .

@ Roland ,

>From one of my  RPI as well intel based  samba ads  with dlz :

#### BIND DLZ-DNS ####
        dns forwarder = <eth ip>
        allow dns updates = nonsecure and secure
        nsupdate command =  /usr/bin/nsupdate -g

-g switch been nessary  
.... BIND’s nsupdate tool supports Microsoft’s Kerberos authentication scheme when using the -g flag 

 Without you get an denied with spnego dns updates  on Bind-DLZ on older bind9.x
 this are not required for internal dns uppon the samba docs.

named.conf i.e what i used here :

 options {
        allow-transfer  { localhost;; };
        allow-query     { localhost;; };
        allow-recursion { localhost;; };

        recursion yes;

        dnssec-enable no;
        dnssec-validation no;
        dnssec-lookaside auto;

        tkey-domain "<REALM>";
        tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";


@ Rowland   probably we shuold add some hints at

as you and louis  solved that allready a while ago .. see i.e ..

Mit freundlichen Grüßen / Best Regards

Horst Venzke ; PGP NET : 1024G/082F2E6D ;

Legal Notice: This transmittal and/or attachments may be privileged or confidential. It is intended solely for the addressee named above. Any review, dissemination, or copying is strictly prohibited. If you received this transmittal in error, please notify us immediately by reply and immediately delete this message and all its attachments. Thank you.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: addressbook.vcf
Type: text/x-vcard
Size: 929 bytes
Desc: not available
URL: <>

More information about the samba-technical mailing list