allow dns updates on samba4

Stefan (metze) Metzmacher metze at
Tue Jan 28 00:59:52 MST 2014

Hi Carlos,

>> I'm a bit confused here. What DNS backend are you using? As far as I can
>> tell, the "allow dns updates" directive in smb.conf is only used by the
>> internal dns. Yet, in the other thread you mentioned you were using BIND
>> 9.8.4.
> I forgot to mention the initially I was using bind_dlz backend, then I
> change to internal dns backend. As you say the "allow dns updates"
> directive in smb.conf in only used by the internal dns.
>> With the internal DNS, as long as the appropriate subnet is created in
>> AD, clients should be able to make updates to that subnet. If this is
>> your scenario and it's not working, please let me know.
> I create the subnet in AD, using "Active Directory Sites and Services"
> in a workstations with Remote Server Administration Tools. I made the
> test with internal dns and bind_dlz backend, but dynamic dns updates
> don't work. The only way that it works is setting "allow dns updates =
> nonsecure" in smb.conf when I using internal dns backend.
> While the clients are in the same subnet of Samba DC, there is no problems.
> Is possible if the clock between DC and client are not synchronized, the
> dynamic dns updates don't work?

Yes, the secure dns updates use kerberos and need synchronized clocks.

Have a look at


More information about the samba-technical mailing list