Fwd: Re: Can't update reverse zone with samba4 + bind9
Rowland Penny
repenny241155 at gmail.com
Sat Jul 11 21:35:17 UTC 2015
On 11/07/15 15:49, Jorge Ariel Salomón Rodríguez wrote:
> Hi Rowland, here is the dhcp.conf, I changed the real name of my
> domain to domain.com, I hope you understand:
>
> ddns-update-style interim;
> include "/etc/rndc.key";
>
> zone domain.com. {
> primary 127.0.0.1;
> key "rndc-key";
> }
>
> ddns-domainname "domain.com";
> option domain-name "domain.com";
> option domain-name-servers 192.168.2.1;
> option routers 192.168.2.1;
> option broadcast-address 192.168.2.255;
> option ntp-servers 192.168.2.1;
>
> default-lease-time 86400;
> max-lease-time 86400;
>
> authoritative;
>
> log-facility local7;
>
> subnet 192.168.2.0 netmask 255.255.255.0 {
> range 192.168.2.20 192.168.2.200;
>
> # DNS zones to update
> zone 2.168.192.in-addr.arpa. {
> primary 192.168.2.1;
> key "rndc-key";
> }
>
> zone domain.com. {
> primary 192.168.2.1;
> key "rndc-key";
> }
> }
>
> Thanks for your quick response.
>
> Jorge.
>
> El 09/07/2015 a las 10:45, Rowland Penny escribió:
>> On 08/07/15 15:55, Jorge Ariel Salomón Rodríguez wrote:
>>> Hi,
>>>
>>> I have installed samba4 + Bin9 + dhcp working well, the problem is
>>> that it not update the reverse zone when a client is added to
>>> domain, this is the message that throws the log:
>>>
>>> 06-Jul-2015 21:40:58.267 samba_dlz: starting transaction on zone
>>> 100.168.192.in-addr.arpa
>>> 06-Jul-2015 21:40:58.268 samba_dlz: spnego update failed
>>> 06-Jul-2015 21:40:58.268 client 192.168.100.1#20233/key rndc-key:
>>> updating zone '100.168.192.in-addr.arpa/NONE': update failed:
>>> rejected by secure update (REFUSED)
>>> 06-Jul-2015 21:40:58.269 samba_dlz: cancelling transaction on zone
>>> 100.168.192.in-addr.arpa
>>>
>>> What should I do to fix this problem and reverse zone is updated
>>> correctly?
>>>
>>> Thanks.
>>>
>>>
>>>
>>>
>>
>> How are you running dhcp ? can you post your dhcpd.conf
>>
>> Rowland
>>
>>
>>
>
> --
>
> *Ing. Jorge Ariel Salomón Rodríguez *
> Administrador de Red Provincial de los Joven Club de Computación en
> Matanzas
> Tel: (53)-(45)-31-6422, (53)-(45)-31-6424
>
>
>
I thought that was how you where not updating samba dns with dhcp :-)
I think you will find it is the clients updating their own records,
compare your dhcpd.conf with mine:
cat /etc/dhcp/dhcpd.conf
default-lease-time 14400;
max-lease-time 14400;
authoritative;
subnet 192.168.0.0 netmask 255.255.255.0 {
range 192.168.0.21 192.168.0.229;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.0.255;
option time-offset 0;
option routers 192.168.0.1;
option domain-name "example.com";
option domain-name-servers 192.168.0.2;
option domain-search "example.com";
option netbios-name-servers 192.168.0.2;
option ntp-servers 192.168.0.2;
}
on commit {
set ClientIP = binary-to-ascii(10, 8, ".", leased-address);
set ClientDHCID = binary-to-ascii(16, 8, ":", hardware);
set ClientName = pick-first-value(option host-name,
config-option-host-name, client-name);
log(concat("Commit: IP: ", ClientIP, " DHCID: ", ClientDHCID, " Name: ",
ClientName));
execute("/usr/local/sbin/dhcp-dyndns.sh", "add", ClientIP, ClientDHCID,
ClientName);
}
on release {
set ClientIP = binary-to-ascii(10, 8, ".", leased-address);
set ClientDHCID = binary-to-ascii(16, 8, ":", hardware);
log(concat("Release: IP: ", ClientIP));
execute("/usr/local/sbin/dhcp-dyndns.sh", "delete", ClientIP, ClientDHCID);
}
I have been doing it this way for nearly 3 years now, with only self
inflicted errors.
Rowland
More information about the samba-technical
mailing list