[Samba] A and/or PTR record deleted after pc wake-up

[Peter Serbe]

steve schrieb am 06.03.2014 11:36:

>> > Mar  5 15:43:13 rtd-dc1 named[3717]: samba_dlz: starting transaction on zone
>> INTERNAL.DOMAIN.TLD
>> > Mar  5 15:43:13 rtd-dc1 named[3717]: client 10.249.250.64#49271: update
>> 'INTERNAL.DOMAIN.TLD/IN' denied
>> > Mar  5 15:43:13 rtd-dc1 named[3717]: samba_dlz: cancelling transaction on
>> zone INTERNAL.DOMAIN.TLD
>> 
> 
> Yes, but immediately afterwards it then goes onto authenticate perfectly
> well. Working on exactly the same zone it just denied access to:

I noticed that, too. But I found it strange, that the first attempt failed.
I don't know whether it is worth the effort to fix this kind of issue, which 
might not be severe, but fills the logs with obscure entries. Besides, I 
got used to solve issues with some machines by doing it in the order of 
their precedence, as often the dependency of some issues is totally obscure. 

> The machine key has been used to authenticate. named must have had
> access to the dns keytab too.
> 
> @Louis: are we certain that there is nothing in DNS for Admin-PC? I
> mean, according to samba-tool dns or the windows dns admin. Maybe is
> there is, delete it, unjoin and rejoin?
> HTH
> Steve

By the way: I find Bind being pretty stable. To the best of my knowledge 
the last versions of Bind primarily fixed security issues, which I would not 
expect to be the primary concern here, as I presume that server won't be 
exposed to the internet. So I would not expect too much from upgrading 
Bind. 

I only have a small network, and I use fixed IP addresses for all my 
machines. At least in that scenario I never observed an issue with 
"forgotten" DNS entries. What I observed some time ago was, that the 
link between Bind and Samba had been broken, but apparently Bind did 
continue to use cached information from before. 

But after a clean resinstall everything works as it should. 

HTH & Best regards
Peter