[Samba] help with DNS issues with dynamic updates

Damien Dye damien.dye at sondrel.com
Tue Mar 18 08:23:13 MDT 2014

Hi guys

am needing some help, am using bind to provide the DNS backend for samba
using dlz resolution works well however!!

my clients are not able to update the registered DNS entries
when running samba_dnsupdate against the samba DLZ named server

am getting

; Communication with failed: timed out
could not talk to any default name server
Failed nsupdate: 1

Then bind stops responding completely and the server has to be reset to
resolve it.

can somebody give me a hit to whats wrong as everything on wiki is in.

below is the servers named.conf file

acl "xfer" {

acl "trusted" {;


options {
        directory "/var/bind";
        pid-file "/var/run/named/named.pid";
        empty-zones-enable no;
        allow-update    {trusted;};
        version none;
        hostname none;
        server-id none;
        listen-on-v6 { ::1; };
        listen-on {;;};
        allow-query { trusted;};
        allow-query-cache { trusted;};
        allow-recursion {trusted;};
        allow-transfer {none;};
        auth-nxdomain yes;
        tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";

        //dnssec-enable yes;
        //dnssec-validation yes;

         * As of bind 9.8.0:
         * "If the root key provided has expired,
         * named will log the expiration and validation will not work."
        //dnssec-validation auto;

        /* if you have problems and are behind a firewall: */
        // query-source address * port 53;

logging {
        channel default_log {
                file "/var/log/named/named.log" versions 5 size 50M;
                print-time yes;
                print-severity yes;
                print-category yes;

        category default { default_log; };
        category general { default_log; };

        channel xfer-log {
                file "/var/log/named/tansfer.log";
                print-category yes;
                print-severity yes;
                print-time yes;
                severity info;
        category xfer-in { xfer-log; };
        category xfer-out { xfer-log; };
        category notify { xfer-log; };


//include "/etc/bind/rndc.key";
//controls {
//      inet port 953 allow {; ::1/128; } keys {
"rndc-key"; };

zone "." in {
        type hint;
        file "/var/bind/named.cache";

zone "localhost" IN {
        type master;
        file "pri/localhost.zone";
        notify no;

zone "127.in-addr.arpa" IN {
        type master;
        file "pri/127.zone";
        notify no;

//Required zone for AD
dlz "AD DNS Zone" {
    database "dlopen /usr/lib/samba/bind9/dlz_bind9_9.so";

Bind information below

UK-DC01 ~ # named -V
BIND 9.9.5 (Extended Support Version) <id:f9b8a50e> built by make with
'--prefix=/usr' '--build=x86_64-pc-linux-gnu' '--host=x86_64-pc-linux-gnu'
'--mandir=/usr/share/man' '--infodir=/usr/share/info'
'--datadir=/usr/share' '--sysconfdir=/etc' '--localstatedir=/var/lib'
'--libdir=/usr/lib64' '--sysconfdir=/etc/bind' '--localstatedir=/var'
'--with-libtool' '--enable-full-report' '--disable-threads' '--with-dlopen'
'--with-dlz-filesystem' '--with-dlz-stub' '--without-dlz-postgres'
'--without-dlz-mysql' '--with-dlz-bdb' '--with-dlz-ldap'
'--without-dlz-odbc' '--with-openssl=/usr' '--with-ecdsa' '--with-idn'
'--enable-ipv6' '--without-libxml2' '--disable-newstats' '--with-gssapi'
'--disable-rpz-nsip' '--disable-rpz-nsdname' '--disable-linux-caps'
'--without-gost' '--disable-filter-aaaa' '--disable-fixed-rrset'
'--disable-rrl' '--without-python' '--without-readline'
'--with-randomdev=/dev/urandom' 'build_alias=x86_64-pc-linux-gnu'
'host_alias=x86_64-pc-linux-gnu' 'CFLAGS=-O2 -fomit-frame-pointer -pipe
-march=corei7 -msse3 -msse2 -msse -I/usr/include/db4.8' 'LDFLAGS=-Wl,-O1
compiled by GCC 4.7.3
using OpenSSL version: OpenSSL 1.0.1f 6 Jan 2014


Damien Dye
 IT Manager
 *Sondrel Ltd*
 Sondrel House, Theale Lakes Business Park
Moulden Way, Sulhamstead, Berkshire, RG7 4GB, UK

Tel: +44(0)118 9838 550

 [image: Sondrel] <http://www.sondrel.com/>

This e-mail and any attachments may be confidential or legally privileged.
If you are not the intended recipient, you should destroy the e-mail
message and any attachments, and inform us of the erroneous delivery by
return e-mail. You are prohibited from retaining, distributing, disclosing
or using any information contained herein. Internet communications cannot
be guaranteed to be timely, secure, error or virus-free. Sondrel Ltd and
the sender do not accept liability for any errors or omissions, nor do we
accept liability for the content of this email, or for the consequences of
any actions taken on the basis of the information provided, unless that
information is consequently confirmed in writing under the personal
signature of a duly authorised officer of Sondrel Ltd.

This email is sent on behalf of Sondrel Ltd registered in England with
number 4491953, registered office Sondrel House, Theale Lakes Business
Park, Moulden Way, Sulhamstead, Berkshire, RG7 4GB, UK.

More information about the samba mailing list