[Samba] Problems with DNS Dynamic updates + Bind9.8

Bruno Andrade bma at eurotux.com
Fri Jan 16 04:03:42 MST 2015


I have two samba 4.1.14 DCs (two sites) using Bind9.8.2 (DLZ).

I'm having problems with DDNS updates.
I already confirmed permissions for named on related files/folders and
also the firewall.

My named.conf looks like these:
options {
        listen-on port 53 {;; };
        directory       "/var/named";
        allow-query     { any; };
        recursion yes;
        forwarders {; };
        allow-transfer { "none"; };
        allow-update { key ufp.pt; };
        bindkeys-file "/etc/named.iscdlv.key";
        managed-keys-directory "/var/named/dynamic";
        tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";

zone "." IN {
        type hint;
        file "named.ca";

#include "/var/lib/samba/private/named.conf.update";
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
include "/var/lib/samba/private/named.conf";

I have the include for named.conf.update commented because named don't
start if it's included (update-policy error).

On my smb.conf I already tried to use the lines (without success):
allow dns updates = nonsecure and secure
nsupdate command = /usr/bin/nsupdate -g

When I run, via windows, "ipconfig /registerdns" the named.log outputs
that the update is denied.
Then I create a GPO to force windows hosts to do dynamic updates
securely. After that, the denied message don't appear on named.log, but
the record is not registered either.

I also tested named with these options:
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
Without success.

Does anyone have the some, or similar, problem?

Bruno Andrade.

More information about the samba mailing list