[Samba] samba4 internal dns Server ddns for the reverse lookup Zone

Markus Roth markusroth1983 at gmx.net
Wed Aug 13 13:53:49 MDT 2014 

Hi everybody,

first thanks a lot for your help :-) 

@Dale
I tried to compile bind directly but if i do it like the samba wiki it don't
create any folders or the named.conf. So i loaded the
bind-9.8.2-0.23.rc1.el6_5.1.src.rpm form y new centos6.5 server and
installed it with rpm -i. At next i edit the bind.spec file and removed the
line "--disable-isc-spengo". A few lines under these line i saw the option
"--with-gssapi". At last i add the option "--with-dlopen=yes" and did
rpmbuild -bb bind.spec. Then i installed the bind-libs and bind-9.8.2 rpms
which are now new generated.

Is this correct?

@Rowland

I think i have now bind with dlz support. Because after the denied message
it does a correct ddns for my forward and reverse lookup zone. 

But i don't know why it shows me first the denied message?

 My whole log entry for a client update looks like this:

----------------------------------------------------------------------------
----------------------------------------------
Aug 13 21:39:26 Server1 named[11383]: samba_dlz: starting transaction on
zone winnet.local
Aug 13 21:39:26 Server1 named[11383]: client 192.168.178.127#59988: update
'winnet.local/IN' denied
Aug 13 21:39:26 Server1 named[11383]: samba_dlz: cancelling transaction on
zone winnet.local
Aug 13 21:39:26 Server1 named[11383]: samba_dlz: starting transaction on
zone winnet.local
Aug 13 21:39:26 Server1 named[11383]: samba_dlz: allowing update of
signer=client1\$\@WINNET.LOCAL name=client1.winnet.local tcpaddr= type=AAAA
key=1084-ms-7.1-688d.8856a952-2321-11e4-96a6-000c29a4b410/160/0
Aug 13 21:39:26 Server1 named[11383]: samba_dlz: allowing update of
signer=client1\$\@WINNET.LOCAL name=client1.winnet.local tcpaddr= type=A
key=1084-ms-7.1-688d.8856a952-2321-11e4-96a6-000c29a4b410/160/0
Aug 13 21:39:26 Server1 named[11383]: samba_dlz: allowing update of
signer=client1\$\@WINNET.LOCAL name=client1.winnet.local tcpaddr= type=A
key=1084-ms-7.1-688d.8856a952-2321-11e4-96a6-000c29a4b410/160/0
Aug 13 21:39:26 Server1 named[11383]: client 192.168.178.127#53970: updating
zone 'winnet.local/NONE': deleting rrset at 'client1.winnet.local' AAAA
Aug 13 21:39:26 Server1 named[11383]: client 192.168.178.127#53970: updating
zone 'winnet.local/NONE': deleting rrset at 'client1.winnet.local' A
Aug 13 21:39:26 Server1 named[11383]: samba_dlz: subtracted rdataset
client1.winnet.local
'client1.winnet.local.#0111200#011IN#011A#011192.168.178.127'
Aug 13 21:39:26 Server1 named[11383]: client 192.168.178.127#53970: updating
zone 'winnet.local/NONE': adding an RR at 'client1.winnet.local' A
Aug 13 21:39:26 Server1 named[11383]: samba_dlz: added rdataset
client1.winnet.local
'client1.winnet.local.#0111200#011IN#011A#011192.168.178.127'
Aug 13 21:39:26 Server1 named[11383]: samba_dlz: committed transaction on
zone winnet.local
Aug 13 21:39:26 Server1 named[11383]: samba_dlz: starting transaction on
zone 178.168.192.in-addr.arpa
Aug 13 21:39:26 Server1 named[11383]: client 192.168.178.127#55717: update
'178.168.192.in-addr.arpa/IN' denied
Aug 13 21:39:26 Server1 named[11383]: samba_dlz: cancelling transaction on
zone 178.168.192.in-addr.arpa
Aug 13 21:39:26 Server1 named[11383]: samba_dlz: starting transaction on
zone 178.168.192.in-addr.arpa
Aug 13 21:39:26 Server1 named[11383]: samba_dlz: allowing update of
signer=client1\$\@WINNET.LOCAL name=127.178.168.192.in-addr.arpa tcpaddr=
type=PTR key=1084-ms-7.1-688d.8856a952-2321-11e4-96a6-000c29a4b410/160/0
Aug 13 21:39:26 Server1 named[11383]: samba_dlz: allowing update of
signer=client1\$\@WINNET.LOCAL name=127.178.168.192.in-addr.arpa tcpaddr=
type=PTR key=1084-ms-7.1-688d.8856a952-2321-11e4-96a6-000c29a4b410/160/0
Aug 13 21:39:26 Server1 named[11383]: client 192.168.178.127#57170: updating
zone '178.168.192.in-addr.arpa/NONE': deleting rrset at
'127.178.168.192.in-addr.arpa' PTR
Aug 13 21:39:26 Server1 named[11383]: client 192.168.178.127#57170: updating
zone '178.168.192.in-addr.arpa/NONE': adding an RR at
'127.178.168.192.in-addr.arpa' PTR
Aug 13 21:39:26 Server1 named[11383]: samba_dlz: added
127.178.168.192.in-addr.arpa
127.178.168.192.in-addr.arpa.#0111200#011IN#011PTR#011client1.winnet.local.
Aug 13 21:39:26 Server1 named[11383]: samba_dlz: subtracted rdataset
178.168.192.in-addr.arpa
'178.168.192.in-addr.arpa.#0113600#011IN#011SOA#011server1.winnet.local.
hostmaster.winnet.local. 2 900 600 86400 3600'
Aug 13 21:39:26 Server1 named[11383]: samba_dlz: added rdataset
178.168.192.in-addr.arpa
'178.168.192.in-addr.arpa.#0113600#011IN#011SOA#011server1.winnet.local.
hostmaster.winnet.local. 3 900 600 86400 3600'
Aug 13 21:39:26 Server1 named[11383]: samba_dlz: committed transaction on
zone 178.168.192.in-addr.arpa

----------------------------------------------------------------------------
----------------------------------------------


-----Ursprüngliche Nachricht-----
Von: Dale Schroeder [mailto:dale at BriannasSaladDressing.com] 
Gesendet: Dienstag, 12. August 2014 23:13
An: Markus Roth; Samba
Betreff: Re: [Samba] samba4 internal dns Server ddns for the reverse lookup
Zone

Markus,

See if this has what you are looking for: 
http://wiki.samba.org/index.php/DNS_Backend_BIND

Dale

On 08/11/2014 6:37 PM, Markus Roth wrote:
> Hi Rowland,
>
> Thanks a lot for your help. Do bind need a special configuration for dlz?
I've installed bind over the centos yum packet Manager. Than i included the
samba named.conf and the samba dns_update List in the bind named.conf. At
last i gave named via chgrp -r /usr/local/samba/private the permission to
this folder. Is that wrong? If it's so do you have a dlz how to?
>
> Kind. Regarts
>           Markus
>
> Am 10.08.14 um 20:01 schrieb Rowland Penny
>
>> On 10/08/14 18:32, Markus Roth wrote:
>>
>>> Hi everybody,
>>> According to my ddns denied problem with bind dlz zone i tried the
internal dns server from samba4. The forward lookup zone is still working
correctly and do ddns updates for my win7 Client. But when i create the
reverse zone with the windows remote admin tools and restart samba4 the ddns
isn't working for the reverse zone. No ip adresses will be added. How can i
configure reverse ddns?
>>
>>
>> Hi, From reading your previously post and the portion of the logfile,
>>
>> saying 'ddns denied problem with bind dlz zone'
>>
>> is incorrect, you were not using bind_dlz, if you were, you would have
>>
>> had lines similar to these:
>>
>>
>>
>> Aug 10 18:29:24 dc1 named[19739]: samba_dlz: starting transaction on
>>
>> zone example.com
>>
>> Aug 10 18:29:24 dc1 named[19739]: samba_dlz: allowing update of
>>
>> signer=dhcpduser\@EXAMPLE.COM name=ThinkPad.example.com
>>
>> tcpaddr=127.0.0.1 type=A key=2541565829.sig-dc1.example.com/160/0
>>
>> Aug 10 18:29:24 dc1 named[19739]: samba_dlz: allowing update of
>>
>> signer=dhcpduser\@EXAMPLE.COM name=ThinkPad.example.com
>>
>> tcpaddr=127.0.0.1 type=A key=2541565829.sig-dc1.example.com/160/0
>>
>> Aug 10 18:29:24 dc1 named[19739]: client 127.0.0.1#50000/key
>>
>> dhcpduser\@EXAMPLE.COM: updating zone 'example.com/NONE': deleting rrset
>>
>> at 'ThinkPad.example.com' A
>>
>> Aug 10 18:29:24 dc1 named[19739]: samba_dlz: subtracted rdataset
>>
>> ThinkPad.example.com
>>
>> 'ThinkPad.example.com.#0113600#011IN#011A#011192.168.0.215'
>>
>> Aug 10 18:29:24 dc1 named[19739]: client 127.0.0.1#50000/key
>>
>> dhcpduser\@EXAMPLE.COM: updating zone 'example.com/NONE': adding an RR
>>
>> at 'ThinkPad.example.com' A
>>
>> Aug 10 18:29:24 dc1 named[19739]: samba_dlz: added rdataset
>>
>> ThinkPad.example.com
>>
>> 'ThinkPad.example.com.#0113600#011IN#011A#011192.168.0.215'
>>
>> Aug 10 18:29:24 dc1 named[19739]: samba_dlz: committed transaction on
>>
>> zone example.com
>>
>>
>>
>> Rowland
>>
>>
>>
>> -- 
>>
>> To unsubscribe from this list go to the following URL and read the
>>
>> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list