[Samba] samba4 internal dns Server ddns for the reverse lookup Zone

Markus Roth markusroth1983 at gmx.net
Wed Aug 13 14:54:18 MDT 2014 

Hi Rowland,

ok, thanks to that. So do you think my config is correct? Should i post my
configuration files? How do other persons do the ddns updates? That would be
interest...

Do anybody know if ddns for a reverse lookup zone is also possible with the
internal samba dns server? I've also setup this kind of configuration and
the reverse lookup zone won't be updated...

-----Ursprüngliche Nachricht-----
Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] Im
Auftrag von Rowland Penny
Gesendet: Mittwoch, 13. August 2014 22:03
An: samba at lists.samba.org
Betreff: Re: [Samba] samba4 internal dns Server ddns for the reverse lookup
Zone

On 13/08/14 20:53, Markus Roth wrote:
> Hi everybody,
>
> first thanks a lot for your help :-)
>
> @Dale
> I tried to compile bind directly but if i do it like the samba wiki it 
> don't create any folders or the named.conf. So i loaded the 
> bind-9.8.2-0.23.rc1.el6_5.1.src.rpm form y new centos6.5 server and 
> installed it with rpm -i. At next i edit the bind.spec file and 
> removed the line "--disable-isc-spengo". A few lines under these line 
> i saw the option "--with-gssapi". At last i add the option 
> "--with-dlopen=yes" and did rpmbuild -bb bind.spec. Then i installed 
> the bind-libs and bind-9.8.2 rpms which are now new generated.
>
> Is this correct?
>
> @Rowland
>
> I think i have now bind with dlz support. Because after the denied 
> message it does a correct ddns for my forward and reverse lookup zone.
>
> But i don't know why it shows me first the denied message?

Don't quote me on this, but  I think it is a window thing, windows tries to
update dns in an unsecure way, fails and then tries again in a secure way
and succeeds.

Not really sure about this because I turned off client updates and DHCP
carries out the dns updates via a bash script.

Rowland
>
>   My whole log entry for a client update looks like this:
>
> ----------------------------------------------------------------------
> ------
> ----------------------------------------------
> Aug 13 21:39:26 Server1 named[11383]: samba_dlz: starting transaction 
> on zone winnet.local Aug 13 21:39:26 Server1 named[11383]: client 
> 192.168.178.127#59988: update 'winnet.local/IN' denied Aug 13 21:39:26 
> Server1 named[11383]: samba_dlz: cancelling transaction on zone 
> winnet.local Aug 13 21:39:26 Server1 named[11383]: samba_dlz: starting 
> transaction on zone winnet.local Aug 13 21:39:26 Server1 named[11383]: 
> samba_dlz: allowing update of signer=client1\$\@WINNET.LOCAL 
> name=client1.winnet.local tcpaddr= type=AAAA
> key=1084-ms-7.1-688d.8856a952-2321-11e4-96a6-000c29a4b410/160/0
> Aug 13 21:39:26 Server1 named[11383]: samba_dlz: allowing update of 
> signer=client1\$\@WINNET.LOCAL name=client1.winnet.local tcpaddr= 
> type=A
> key=1084-ms-7.1-688d.8856a952-2321-11e4-96a6-000c29a4b410/160/0
> Aug 13 21:39:26 Server1 named[11383]: samba_dlz: allowing update of 
> signer=client1\$\@WINNET.LOCAL name=client1.winnet.local tcpaddr= 
> type=A
> key=1084-ms-7.1-688d.8856a952-2321-11e4-96a6-000c29a4b410/160/0
> Aug 13 21:39:26 Server1 named[11383]: client 192.168.178.127#53970: 
> updating zone 'winnet.local/NONE': deleting rrset at 
> 'client1.winnet.local' AAAA Aug 13 21:39:26 Server1 named[11383]: 
> client 192.168.178.127#53970: updating zone 'winnet.local/NONE': 
> deleting rrset at 'client1.winnet.local' A Aug 13 21:39:26 Server1 
> named[11383]: samba_dlz: subtracted rdataset client1.winnet.local 
> 'client1.winnet.local.#0111200#011IN#011A#011192.168.178.127'
> Aug 13 21:39:26 Server1 named[11383]: client 192.168.178.127#53970: 
> updating zone 'winnet.local/NONE': adding an RR at 
> 'client1.winnet.local' A Aug 13 21:39:26 Server1 named[11383]: 
> samba_dlz: added rdataset client1.winnet.local 
> 'client1.winnet.local.#0111200#011IN#011A#011192.168.178.127'
> Aug 13 21:39:26 Server1 named[11383]: samba_dlz: committed transaction 
> on zone winnet.local Aug 13 21:39:26 Server1 named[11383]: samba_dlz: 
> starting transaction on zone 178.168.192.in-addr.arpa Aug 13 21:39:26 
> Server1 named[11383]: client 192.168.178.127#55717: update 
> '178.168.192.in-addr.arpa/IN' denied Aug 13 21:39:26 Server1 
> named[11383]: samba_dlz: cancelling transaction on zone 
> 178.168.192.in-addr.arpa Aug 13 21:39:26 Server1 named[11383]: 
> samba_dlz: starting transaction on zone 178.168.192.in-addr.arpa Aug 
> 13 21:39:26 Server1 named[11383]: samba_dlz: allowing update of 
> signer=client1\$\@WINNET.LOCAL name=127.178.168.192.in-addr.arpa 
> tcpaddr= type=PTR 
> key=1084-ms-7.1-688d.8856a952-2321-11e4-96a6-000c29a4b410/160/0
> Aug 13 21:39:26 Server1 named[11383]: samba_dlz: allowing update of 
> signer=client1\$\@WINNET.LOCAL name=127.178.168.192.in-addr.arpa 
> tcpaddr= type=PTR 
> key=1084-ms-7.1-688d.8856a952-2321-11e4-96a6-000c29a4b410/160/0
> Aug 13 21:39:26 Server1 named[11383]: client 192.168.178.127#57170: 
> updating zone '178.168.192.in-addr.arpa/NONE': deleting rrset at 
> '127.178.168.192.in-addr.arpa' PTR Aug 13 21:39:26 Server1 
> named[11383]: client 192.168.178.127#57170: updating zone 
> '178.168.192.in-addr.arpa/NONE': adding an RR at 
> '127.178.168.192.in-addr.arpa' PTR Aug 13 21:39:26 Server1 
> named[11383]: samba_dlz: added 127.178.168.192.in-addr.arpa 
>
127.178.168.192.in-addr.arpa.#0111200#011IN#011PTR#011client1.winnet.local.
> Aug 13 21:39:26 Server1 named[11383]: samba_dlz: subtracted rdataset 
> 178.168.192.in-addr.arpa 
> '178.168.192.in-addr.arpa.#0113600#011IN#011SOA#011server1.winnet.local.
> hostmaster.winnet.local. 2 900 600 86400 3600'
> Aug 13 21:39:26 Server1 named[11383]: samba_dlz: added rdataset 
> 178.168.192.in-addr.arpa 
> '178.168.192.in-addr.arpa.#0113600#011IN#011SOA#011server1.winnet.local.
> hostmaster.winnet.local. 3 900 600 86400 3600'
> Aug 13 21:39:26 Server1 named[11383]: samba_dlz: committed transaction 
> on zone 178.168.192.in-addr.arpa
>
> ----------------------------------------------------------------------
> ------
> ----------------------------------------------
>
>
> -----Ursprüngliche Nachricht-----
> Von: Dale Schroeder [mailto:dale at BriannasSaladDressing.com]
> Gesendet: Dienstag, 12. August 2014 23:13
> An: Markus Roth; Samba
> Betreff: Re: [Samba] samba4 internal dns Server ddns for the reverse 
> lookup Zone
>
> Markus,
>
> See if this has what you are looking for:
> http://wiki.samba.org/index.php/DNS_Backend_BIND
>
> Dale
>
> On 08/11/2014 6:37 PM, Markus Roth wrote:
>> Hi Rowland,
>>
>> Thanks a lot for your help. Do bind need a special configuration for dlz?
> I've installed bind over the centos yum packet Manager. Than i 
> included the samba named.conf and the samba dns_update List in the 
> bind named.conf. At last i gave named via chgrp -r 
> /usr/local/samba/private the permission to this folder. Is that wrong? If
it's so do you have a dlz how to?
>> Kind. Regarts
>>            Markus
>>
>> Am 10.08.14 um 20:01 schrieb Rowland Penny
>>
>>> On 10/08/14 18:32, Markus Roth wrote:
>>>
>>>> Hi everybody,
>>>> According to my ddns denied problem with bind dlz zone i tried the
> internal dns server from samba4. The forward lookup zone is still 
> working correctly and do ddns updates for my win7 Client. But when i 
> create the reverse zone with the windows remote admin tools and 
> restart samba4 the ddns isn't working for the reverse zone. No ip 
> adresses will be added. How can i configure reverse ddns?
>>>
>>> Hi, From reading your previously post and the portion of the 
>>> logfile,
>>>
>>> saying 'ddns denied problem with bind dlz zone'
>>>
>>> is incorrect, you were not using bind_dlz, if you were, you would 
>>> have
>>>
>>> had lines similar to these:
>>>
>>>
>>>
>>> Aug 10 18:29:24 dc1 named[19739]: samba_dlz: starting transaction on
>>>
>>> zone example.com
>>>
>>> Aug 10 18:29:24 dc1 named[19739]: samba_dlz: allowing update of
>>>
>>> signer=dhcpduser\@EXAMPLE.COM name=ThinkPad.example.com
>>>
>>> tcpaddr=127.0.0.1 type=A key=2541565829.sig-dc1.example.com/160/0
>>>
>>> Aug 10 18:29:24 dc1 named[19739]: samba_dlz: allowing update of
>>>
>>> signer=dhcpduser\@EXAMPLE.COM name=ThinkPad.example.com
>>>
>>> tcpaddr=127.0.0.1 type=A key=2541565829.sig-dc1.example.com/160/0
>>>
>>> Aug 10 18:29:24 dc1 named[19739]: client 127.0.0.1#50000/key
>>>
>>> dhcpduser\@EXAMPLE.COM: updating zone 'example.com/NONE': deleting 
>>> rrset
>>>
>>> at 'ThinkPad.example.com' A
>>>
>>> Aug 10 18:29:24 dc1 named[19739]: samba_dlz: subtracted rdataset
>>>
>>> ThinkPad.example.com
>>>
>>> 'ThinkPad.example.com.#0113600#011IN#011A#011192.168.0.215'
>>>
>>> Aug 10 18:29:24 dc1 named[19739]: client 127.0.0.1#50000/key
>>>
>>> dhcpduser\@EXAMPLE.COM: updating zone 'example.com/NONE': adding an 
>>> RR
>>>
>>> at 'ThinkPad.example.com' A
>>>
>>> Aug 10 18:29:24 dc1 named[19739]: samba_dlz: added rdataset
>>>
>>> ThinkPad.example.com
>>>
>>> 'ThinkPad.example.com.#0113600#011IN#011A#011192.168.0.215'
>>>
>>> Aug 10 18:29:24 dc1 named[19739]: samba_dlz: committed transaction 
>>> on
>>>
>>> zone example.com
>>>
>>>
>>>
>>> Rowland
>>>
>>>
>>>
>>> --
>>>
>>> To unsubscribe from this list go to the following URL and read the
>>>
>>> instructions:  https://lists.samba.org/mailman/options/samba
>

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list