[Samba] A and/or PTR record deleted after pc wake-up
Peter Serbe
peter at serbe.ch
Thu Mar 6 04:45:52 MST 2014
steve schrieb am 06.03.2014 11:36:
>> > Mar 5 15:43:13 rtd-dc1 named[3717]: samba_dlz: starting transaction on zone
>> INTERNAL.DOMAIN.TLD
>> > Mar 5 15:43:13 rtd-dc1 named[3717]: client 10.249.250.64#49271: update
>> 'INTERNAL.DOMAIN.TLD/IN' denied
>> > Mar 5 15:43:13 rtd-dc1 named[3717]: samba_dlz: cancelling transaction on
>> zone INTERNAL.DOMAIN.TLD
>>
>
> Yes, but immediately afterwards it then goes onto authenticate perfectly
> well. Working on exactly the same zone it just denied access to:
I noticed that, too. But I found it strange, that the first attempt failed.
I don't know whether it is worth the effort to fix this kind of issue, which
might not be severe, but fills the logs with obscure entries. Besides, I
got used to solve issues with some machines by doing it in the order of
their precedence, as often the dependency of some issues is totally obscure.
> The machine key has been used to authenticate. named must have had
> access to the dns keytab too.
>
> @Louis: are we certain that there is nothing in DNS for Admin-PC? I
> mean, according to samba-tool dns or the windows dns admin. Maybe is
> there is, delete it, unjoin and rejoin?
> HTH
> Steve
By the way: I find Bind being pretty stable. To the best of my knowledge
the last versions of Bind primarily fixed security issues, which I would not
expect to be the primary concern here, as I presume that server won't be
exposed to the internet. So I would not expect too much from upgrading
Bind.
I only have a small network, and I use fixed IP addresses for all my
machines. At least in that scenario I never observed an issue with
"forgotten" DNS entries. What I observed some time ago was, that the
link between Bind and Samba had been broken, but apparently Bind did
continue to use cached information from before.
But after a clean resinstall everything works as it should.
HTH & Best regards
Peter
More information about the samba
mailing list