[Samba] ddns update fails for reverse zone

Rowland Penny rowlandpenny at googlemail.com
Fri Jan 10 06:57:25 MST 2014


On 10/01/14 12:05, steve wrote:
> Hi everyone.
> I have a Linux nsupdate client sending dns update requests via sssd.
> Just gone from 4.1.2 to 4.1.3. I've done this:
> http://linuxcostablanca.blogspot.com.es/2013/09/samba4-bind9dlz-stale-dns-records-with.html
> After which the forward zone update is working fine:
>
> 2014-01-10T12:32:35.376142+01:00 hh16 named[4963]: samba_dlz: starting
> transaction on zone hh3.site
> 2014-01-10T12:32:35.382352+01:00 hh16 named[4963]: samba_dlz: allowing
> update of signer=CATRAL\$\@HH3.SITE name=catral.hh3.site
> tcpaddr=192.168.1.22 type=A key=4172394391.sig-hh16.hh3.site/160/0
> 2014-01-10T12:32:35.382917+01:00 hh16 named[4963]: client
> 192.168.1.22#48586/key CATRAL\$\@HH3.SITE: updating zone
> 'hh3.site/NONE': deleting rrset at 'catral.hh3.site' A
> 2014-01-10T12:32:35.390788+01:00 hh16 named[4963]: samba_dlz: subtracted
> rdataset catral.hh3.site
> 'catral.hh3.site.#0113600#011IN#011A#011192.168.1.22'
> 2014-01-10T12:32:35.394326+01:00 hh16 named[4963]: samba_dlz: subtracted
> rdataset hh3.site 'hh3.site.#0113600#011IN#011SOA#011hh16.hh3.site.
> hostmaster.hh3.site. 635 900 600 86400 0'
> 2014-01-10T12:32:35.396199+01:00 hh16 named[4963]: samba_dlz: added
> rdataset hh3.site 'hh3.site.#0113600#011IN#011SOA#011hh16.hh3.site.
> hostmaster.hh3.site. 636 900 600 86400 0'
> 2014-01-10T12:32:35.698255+01:00 hh16 named[4963]: samba_dlz: committed
> transaction on zone hh3.site
> 2014-01-10T12:32:35.749459+01:00 hh16 named[4963]: samba_dlz: starting
> transaction on zone hh3.site
> 2014-01-10T12:32:35.753506+01:00 hh16 named[4963]: samba_dlz: allowing
> update of signer=CATRAL\$\@HH3.SITE name=catral.hh3.site
> tcpaddr=192.168.1.22 type=AAAA key=3660185835.sig-hh16.hh3.site/160/0
> 2014-01-10T12:32:35.754206+01:00 hh16 named[4963]: client
> 192.168.1.22#48262/key CATRAL\$\@HH3.SITE: updating zone
> 'hh3.site/NONE': deleting rrset at 'catral.hh3.site' AAAA
> 2014-01-10T12:32:35.754706+01:00 hh16 named[4963]: samba_dlz: committed
> transaction on zone hh3.site
> 2014-01-10T12:32:35.805458+01:00 hh16 named[4963]: samba_dlz: starting
> transaction on zone hh3.site
> 2014-01-10T12:32:35.806991+01:00 hh16 named[4963]: samba_dlz: allowing
> update of signer=CATRAL\$\@HH3.SITE name=catral.hh3.site
> tcpaddr=192.168.1.22 type=A key=3866959392.sig-hh16.hh3.site/160/0
> 2014-01-10T12:32:35.807875+01:00 hh16 named[4963]: client
> 192.168.1.22#40235/key CATRAL\$\@HH3.SITE: updating zone
> 'hh3.site/NONE': adding an RR at 'catral.hh3.site' A
> 2014-01-10T12:32:35.810897+01:00 hh16 named[4963]: samba_dlz: added
> rdataset catral.hh3.site
> 'catral.hh3.site.#0113600#011IN#011A#011192.168.1.22'
> 2014-01-10T12:32:35.814287+01:00 hh16 named[4963]: samba_dlz: subtracted
> rdataset hh3.site 'hh3.site.#0113600#011IN#011SOA#011hh16.hh3.site.
> hostmaster.hh3.site. 636 900 600 86400 0'
> 2014-01-10T12:32:35.831279+01:00 hh16 named[4963]: samba_dlz: added
> rdataset hh3.site 'hh3.site.#0113600#011IN#011SOA#011hh16.hh3.site.
> hostmaster.hh3.site. 637 900 600 86400 0'
> 2014-01-10T12:32:36.744347+01:00 hh16 named[4963]: samba_dlz: committed
> transaction on zone hh3.site
>
> But the reverse zone doesn't go:
>
> 2014-01-10T12:32:37.037639+01:00 hh16 named[4963]: samba_dlz: starting
> transaction on zone 1.168.192.in-addr.arpa
> 2014-01-10T12:32:37.041533+01:00 hh16 named[4963]: samba_dlz:
> disallowing update of signer=CATRAL\$\@HH3.SITE
> name=22.1.168.192.in-addr.arpa type=PTR error=insufficient access rights
> 2014-01-10T12:32:37.042160+01:00 hh16 named[4963]: client
> 192.168.1.22#50967/key CATRAL\$\@HH3.SITE: updating zone
> '1.168.192.in-addr.arpa/NONE': update failed: rejected by secure update
> (REFUSED)
> 2014-01-10T12:32:37.042579+01:00 hh16 named[4963]: samba_dlz: cancelling
> transaction on zone 1.168.192.in-addr.arpa
> 2014-01-10T12:32:37.514441+01:00 hh16 named[4963]: samba_dlz: starting
> transaction on zone 1.168.192.in-addr.arpa
> 2014-01-10T12:32:37.516754+01:00 hh16 named[4963]: samba_dlz:
> disallowing update of signer=CATRAL\$\@HH3.SITE
> name=22.1.168.192.in-addr.arpa type=PTR error=insufficient access rights
> 2014-01-10T12:32:37.517581+01:00 hh16 named[4963]: client
> 192.168.1.22#53190/key CATRAL\$\@HH3.SITE: updating zone
> '1.168.192.in-addr.arpa/NONE': update failed: rejected by secure update
> (REFUSED)
> 2014-01-10T12:32:37.518280+01:00 hh16 named[4963]: samba_dlz: cancelling
> transaction on zone 1.168.192.in-addr.arpa
>
> Question: We're up. Am I going to break anything if I delete and
> recreate the reverse zone?
>
> Any other stuff to try?
>
> Cheers and belated happy new year,
> Steve
>
>
Hi Steve, I have updated to 4.1.4 and am not having this problem, but I 
did run 'samba-tool dbcheck --cross-ncs --fix' before I restarted samba 4.
You could try deleting just the reverse record for the machine in 
question, this may help and I am sure it will not do any harm.

Rowland



More information about the samba mailing list