[Samba] samba4 internal dns Server ddns for the reverse lookup Zone
Rowland Penny
rowlandpenny at googlemail.com
Wed Aug 13 15:01:34 MDT 2014
On 13/08/14 21:54, Markus Roth wrote:
> Hi Rowland,
>
> ok, thanks to that. So do you think my config is correct? Should i post my
> configuration files? How do other persons do the ddns updates? That would be
> interest...
Steve uses sssd and this also updates the reverse zone, not sure how
anybody else does it.
>
> Do anybody know if ddns for a reverse lookup zone is also possible with the
> internal samba dns server? I've also setup this kind of configuration and
> the reverse lookup zone won't be updated...
Again, don't quote me, but I 'think' that windows doesn't use/update the
reverse zone.
Rowland
>
> -----Ursprüngliche Nachricht-----
> Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] Im
> Auftrag von Rowland Penny
> Gesendet: Mittwoch, 13. August 2014 22:03
> An: samba at lists.samba.org
> Betreff: Re: [Samba] samba4 internal dns Server ddns for the reverse lookup
> Zone
>
> On 13/08/14 20:53, Markus Roth wrote:
>> Hi everybody,
>>
>> first thanks a lot for your help :-)
>>
>> @Dale
>> I tried to compile bind directly but if i do it like the samba wiki it
>> don't create any folders or the named.conf. So i loaded the
>> bind-9.8.2-0.23.rc1.el6_5.1.src.rpm form y new centos6.5 server and
>> installed it with rpm -i. At next i edit the bind.spec file and
>> removed the line "--disable-isc-spengo". A few lines under these line
>> i saw the option "--with-gssapi". At last i add the option
>> "--with-dlopen=yes" and did rpmbuild -bb bind.spec. Then i installed
>> the bind-libs and bind-9.8.2 rpms which are now new generated.
>>
>> Is this correct?
>>
>> @Rowland
>>
>> I think i have now bind with dlz support. Because after the denied
>> message it does a correct ddns for my forward and reverse lookup zone.
>>
>> But i don't know why it shows me first the denied message?
> Don't quote me on this, but I think it is a window thing, windows tries to
> update dns in an unsecure way, fails and then tries again in a secure way
> and succeeds.
>
> Not really sure about this because I turned off client updates and DHCP
> carries out the dns updates via a bash script.
>
> Rowland
>> My whole log entry for a client update looks like this:
>>
>> ----------------------------------------------------------------------
>> ------
>> ----------------------------------------------
>> Aug 13 21:39:26 Server1 named[11383]: samba_dlz: starting transaction
>> on zone winnet.local Aug 13 21:39:26 Server1 named[11383]: client
>> 192.168.178.127#59988: update 'winnet.local/IN' denied Aug 13 21:39:26
>> Server1 named[11383]: samba_dlz: cancelling transaction on zone
>> winnet.local Aug 13 21:39:26 Server1 named[11383]: samba_dlz: starting
>> transaction on zone winnet.local Aug 13 21:39:26 Server1 named[11383]:
>> samba_dlz: allowing update of signer=client1\$\@WINNET.LOCAL
>> name=client1.winnet.local tcpaddr= type=AAAA
>> key=1084-ms-7.1-688d.8856a952-2321-11e4-96a6-000c29a4b410/160/0
>> Aug 13 21:39:26 Server1 named[11383]: samba_dlz: allowing update of
>> signer=client1\$\@WINNET.LOCAL name=client1.winnet.local tcpaddr=
>> type=A
>> key=1084-ms-7.1-688d.8856a952-2321-11e4-96a6-000c29a4b410/160/0
>> Aug 13 21:39:26 Server1 named[11383]: samba_dlz: allowing update of
>> signer=client1\$\@WINNET.LOCAL name=client1.winnet.local tcpaddr=
>> type=A
>> key=1084-ms-7.1-688d.8856a952-2321-11e4-96a6-000c29a4b410/160/0
>> Aug 13 21:39:26 Server1 named[11383]: client 192.168.178.127#53970:
>> updating zone 'winnet.local/NONE': deleting rrset at
>> 'client1.winnet.local' AAAA Aug 13 21:39:26 Server1 named[11383]:
>> client 192.168.178.127#53970: updating zone 'winnet.local/NONE':
>> deleting rrset at 'client1.winnet.local' A Aug 13 21:39:26 Server1
>> named[11383]: samba_dlz: subtracted rdataset client1.winnet.local
>> 'client1.winnet.local.#0111200#011IN#011A#011192.168.178.127'
>> Aug 13 21:39:26 Server1 named[11383]: client 192.168.178.127#53970:
>> updating zone 'winnet.local/NONE': adding an RR at
>> 'client1.winnet.local' A Aug 13 21:39:26 Server1 named[11383]:
>> samba_dlz: added rdataset client1.winnet.local
>> 'client1.winnet.local.#0111200#011IN#011A#011192.168.178.127'
>> Aug 13 21:39:26 Server1 named[11383]: samba_dlz: committed transaction
>> on zone winnet.local Aug 13 21:39:26 Server1 named[11383]: samba_dlz:
>> starting transaction on zone 178.168.192.in-addr.arpa Aug 13 21:39:26
>> Server1 named[11383]: client 192.168.178.127#55717: update
>> '178.168.192.in-addr.arpa/IN' denied Aug 13 21:39:26 Server1
>> named[11383]: samba_dlz: cancelling transaction on zone
>> 178.168.192.in-addr.arpa Aug 13 21:39:26 Server1 named[11383]:
>> samba_dlz: starting transaction on zone 178.168.192.in-addr.arpa Aug
>> 13 21:39:26 Server1 named[11383]: samba_dlz: allowing update of
>> signer=client1\$\@WINNET.LOCAL name=127.178.168.192.in-addr.arpa
>> tcpaddr= type=PTR
>> key=1084-ms-7.1-688d.8856a952-2321-11e4-96a6-000c29a4b410/160/0
>> Aug 13 21:39:26 Server1 named[11383]: samba_dlz: allowing update of
>> signer=client1\$\@WINNET.LOCAL name=127.178.168.192.in-addr.arpa
>> tcpaddr= type=PTR
>> key=1084-ms-7.1-688d.8856a952-2321-11e4-96a6-000c29a4b410/160/0
>> Aug 13 21:39:26 Server1 named[11383]: client 192.168.178.127#57170:
>> updating zone '178.168.192.in-addr.arpa/NONE': deleting rrset at
>> '127.178.168.192.in-addr.arpa' PTR Aug 13 21:39:26 Server1
>> named[11383]: client 192.168.178.127#57170: updating zone
>> '178.168.192.in-addr.arpa/NONE': adding an RR at
>> '127.178.168.192.in-addr.arpa' PTR Aug 13 21:39:26 Server1
>> named[11383]: samba_dlz: added 127.178.168.192.in-addr.arpa
>>
> 127.178.168.192.in-addr.arpa.#0111200#011IN#011PTR#011client1.winnet.local.
>> Aug 13 21:39:26 Server1 named[11383]: samba_dlz: subtracted rdataset
>> 178.168.192.in-addr.arpa
>> '178.168.192.in-addr.arpa.#0113600#011IN#011SOA#011server1.winnet.local.
>> hostmaster.winnet.local. 2 900 600 86400 3600'
>> Aug 13 21:39:26 Server1 named[11383]: samba_dlz: added rdataset
>> 178.168.192.in-addr.arpa
>> '178.168.192.in-addr.arpa.#0113600#011IN#011SOA#011server1.winnet.local.
>> hostmaster.winnet.local. 3 900 600 86400 3600'
>> Aug 13 21:39:26 Server1 named[11383]: samba_dlz: committed transaction
>> on zone 178.168.192.in-addr.arpa
>>
>> ----------------------------------------------------------------------
>> ------
>> ----------------------------------------------
>>
>>
>> -----Ursprüngliche Nachricht-----
>> Von: Dale Schroeder [mailto:dale at BriannasSaladDressing.com]
>> Gesendet: Dienstag, 12. August 2014 23:13
>> An: Markus Roth; Samba
>> Betreff: Re: [Samba] samba4 internal dns Server ddns for the reverse
>> lookup Zone
>>
>> Markus,
>>
>> See if this has what you are looking for:
>> http://wiki.samba.org/index.php/DNS_Backend_BIND
>>
>> Dale
>>
>> On 08/11/2014 6:37 PM, Markus Roth wrote:
>>> Hi Rowland,
>>>
>>> Thanks a lot for your help. Do bind need a special configuration for dlz?
>> I've installed bind over the centos yum packet Manager. Than i
>> included the samba named.conf and the samba dns_update List in the
>> bind named.conf. At last i gave named via chgrp -r
>> /usr/local/samba/private the permission to this folder. Is that wrong? If
> it's so do you have a dlz how to?
>>> Kind. Regarts
>>> Markus
>>>
>>> Am 10.08.14 um 20:01 schrieb Rowland Penny
>>>
>>>> On 10/08/14 18:32, Markus Roth wrote:
>>>>
>>>>> Hi everybody,
>>>>> According to my ddns denied problem with bind dlz zone i tried the
>> internal dns server from samba4. The forward lookup zone is still
>> working correctly and do ddns updates for my win7 Client. But when i
>> create the reverse zone with the windows remote admin tools and
>> restart samba4 the ddns isn't working for the reverse zone. No ip
>> adresses will be added. How can i configure reverse ddns?
>>>> Hi, From reading your previously post and the portion of the
>>>> logfile,
>>>>
>>>> saying 'ddns denied problem with bind dlz zone'
>>>>
>>>> is incorrect, you were not using bind_dlz, if you were, you would
>>>> have
>>>>
>>>> had lines similar to these:
>>>>
>>>>
>>>>
>>>> Aug 10 18:29:24 dc1 named[19739]: samba_dlz: starting transaction on
>>>>
>>>> zone example.com
>>>>
>>>> Aug 10 18:29:24 dc1 named[19739]: samba_dlz: allowing update of
>>>>
>>>> signer=dhcpduser\@EXAMPLE.COM name=ThinkPad.example.com
>>>>
>>>> tcpaddr=127.0.0.1 type=A key=2541565829.sig-dc1.example.com/160/0
>>>>
>>>> Aug 10 18:29:24 dc1 named[19739]: samba_dlz: allowing update of
>>>>
>>>> signer=dhcpduser\@EXAMPLE.COM name=ThinkPad.example.com
>>>>
>>>> tcpaddr=127.0.0.1 type=A key=2541565829.sig-dc1.example.com/160/0
>>>>
>>>> Aug 10 18:29:24 dc1 named[19739]: client 127.0.0.1#50000/key
>>>>
>>>> dhcpduser\@EXAMPLE.COM: updating zone 'example.com/NONE': deleting
>>>> rrset
>>>>
>>>> at 'ThinkPad.example.com' A
>>>>
>>>> Aug 10 18:29:24 dc1 named[19739]: samba_dlz: subtracted rdataset
>>>>
>>>> ThinkPad.example.com
>>>>
>>>> 'ThinkPad.example.com.#0113600#011IN#011A#011192.168.0.215'
>>>>
>>>> Aug 10 18:29:24 dc1 named[19739]: client 127.0.0.1#50000/key
>>>>
>>>> dhcpduser\@EXAMPLE.COM: updating zone 'example.com/NONE': adding an
>>>> RR
>>>>
>>>> at 'ThinkPad.example.com' A
>>>>
>>>> Aug 10 18:29:24 dc1 named[19739]: samba_dlz: added rdataset
>>>>
>>>> ThinkPad.example.com
>>>>
>>>> 'ThinkPad.example.com.#0113600#011IN#011A#011192.168.0.215'
>>>>
>>>> Aug 10 18:29:24 dc1 named[19739]: samba_dlz: committed transaction
>>>> on
>>>>
>>>> zone example.com
>>>>
>>>>
>>>>
>>>> Rowland
>>>>
>>>>
>>>>
>>>> --
>>>>
>>>> To unsubscribe from this list go to the following URL and read the
>>>>
>>>> instructions: https://lists.samba.org/mailman/options/samba
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list