Samba 4.10.x and Bind9 DLZ dynamic updates

David Rivera rivera.david87 at
Thu Apr 18 05:59:55 UTC 2019

Hi Marcel,

I believe I ran into this same issue when upgrading from Samba 4.8.0 to
4.9.5+. I had to follow the instructions in the link below to rebuild bind
from the source RPM, removing --disable-isc-spnego from the SPEC file.
You'll need to download the right package and follow the correct
instructions for your distribution.


On Wed, Apr 17, 2019 at 9:19 AM Marcel via samba-technical <
samba-technical at> wrote:

> Hi there,
> since upgrading to Samba 4.10.x I can no longer do dynamic
> DNS updates using bind 9.11 (with samba dlz).
> I'm not 100% sure wether this is a 4.10 issue, or related to changes
> in my build environment. However I can no longer do GSSAPI based
> ("nsupdate -g") DNS updates on my setup (NOTAUTH error).
> I already tried several fixes (samba_dnsupgrade etc.) to get rid of this
> issue - no luck so far
> Kerberos based updates using "samba-tool dns" work btw - with the
> same user.
> I just wanted to ask if someone is using 4.10.x with bind9 dlz backend
> and is still able to use this kind of DNS updates.
> Any help / hint is welcome.
> Best regards,
>  Marcel

More information about the samba-technical mailing list