[Samba] Problem with dynamic DNS

L.P.H. van Belle belle at bazuin.nl
Tue Sep 8 08:03:56 UTC 2015 

(please reply to the list) 

If the record does not exist, then you have an other problem.

Because samba does support this : 

cat /var/lib/samba/private/named.conf.update
/* this file is auto-generated - do not edit */
update-policy {
        grant INTERNAL.DOMAIN.TLD ms-self * A AAAA;
        grant Administrator at INTERNAL.DOMAIN.TLD wildcard * A AAAA SRV CNAME;
        grant DC1$@internal.domain.tld wildcard * A AAAA SRV CNAME;
        grant DC2$@internal.domain.tld wildcard * A AAAA SRV CNAME;
};


> -----Oorspronkelijk bericht-----
> Van: Aki Tuomi [mailto:cmouse at cmouse.fi]
> Verzonden: dinsdag 8 september 2015 9:59
> Aan: L.P.H. van Belle
> Onderwerp: Re: [Samba] Problem with dynamic DNS
> 
> Unfortunately that DNS record does not exist.
> 
> Aki
> 
> On Tue, Sep 08, 2015 at 09:53:45AM +0200, L.P.H. van Belle wrote:
> > What happens if you remove the dns records and you restart your pc.
> > That solved this problem for me.
> >
> > Greetz,
> >
> > Louis
> >
> >
> >
> > > -----Oorspronkelijk bericht-----
> > > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Aki Tuomi
> > > Verzonden: dinsdag 8 september 2015 9:33
> > > Aan: samba at lists.samba.org
> > > Onderwerp: [Samba] Problem with dynamic DNS
> > >
> > > Hi!
> > >
> > > We are facing problems with Windows 10 and dynamic DNS. The problem is
> > > that
> > > samba_dlz prevents AAAA deletion. Can we permit AAAA somehow or fix
> this?
> > >
> > > Disabling IPv6 and removing IPv6 driver from interface made no
> difference
> > > whatsoever. This works on Windows 7 just fine.
> > >
> > > Samba version: 4.1.6-Ubuntu
> > >
> > > We see the following with wireshark:
> > >
> > > Domain Name System (query)
> > >     Transaction ID: 0x8aa4
> > >     Flags: 0x2800 Dynamic update
> > >         0... .... .... .... = Response: Message is a query
> > >         .010 1... .... .... = Opcode: Dynamic update (5)
> > >         .... ..0. .... .... = Truncated: Message is not truncated
> > >         .... ...0 .... .... = Recursion desired: Don't do query
> > > recursively
> > >         .... .... .0.. .... = Z: reserved (0)
> > >         .... .... ...0 .... = Non-authenticated data: Unacceptable
> > >     Zones: 1
> > >     Prerequisites: 1
> > >     Updates: 3
> > >     Additional RRs: 1
> > >     Zone
> > >         gwad.fi: type SOA, class IN
> > >             Name: gwad.fi
> > >             Type: SOA (Start of zone of authority)
> > >             Class: IN (0x0001)
> > >     Prerequisites
> > >         GW-PC03.gwad.fi: type CNAME, class NONE
> > >             Name: GW-PC03.gwad.fi
> > >             Type: CNAME (Canonical name for an alias)
> > >             Class: NONE (0x00fe)
> > >             Time to live: 0 seconds
> > >             Data length: 0
> > >     Updates
> > >         GW-PC03.gwad.fi: type AAAA, class ANY
> > >             Name: GW-PC03.gwad.fi
> > >             Type: AAAA (IPv6 address)
> > >             Class: ANY (0x00ff)
> > >             Time to live: 0 seconds
> > >             Data length: 0
> > >         GW-PC03.gwad.fi: type A, class ANY
> > >             Name: GW-PC03.gwad.fi
> > >             Type: A (Host address)
> > >             Class: ANY (0x00ff)
> > >             Time to live: 0 seconds
> > >             Data length: 0
> > >         GW-PC03.gwad.fi: type A, class IN, addr 10.132.2.103
> > >             Name: GW-PC03.gwad.fi
> > >             Type: A (Host address)
> > >             Class: IN (0x0001)
> > >             Time to live: 20 minutes
> > >             Data length: 4
> > >             Addr: 10.132.2.103 (10.132.2.103)
> > >     Additional records
> > >         1180-ms-7.2-3c5a3.9620e2ee-55f9-11e5-d29b-14dae91532dd: type
> TSIG,
> > > class ANY
> > >             Name: 1180-ms-7.2-3c5a3.9620e2ee-55f9-11e5-d29b-
> 14dae91532dd
> > >             Type: TSIG (Transaction Signature)
> > >             Class: ANY (0x00ff)
> > >             Time to live: 0 seconds
> > >             Data length: 54
> > >             Algorithm Name: gss-tsig
> > >             Time signed: Sep  8, 2015 10:23:18.000000000 EEST
> > >             Fudge: 36000
> > >             MAC Size: 28
> > >             MAC
> > >                 No dissector for algorithm:gss-tsig
> > >             Original Id: 35492
> > >             Error: No error (0)
> > >             Other Len: 0
> > >
> > >
> > > And this in syslog:
> > >
> > > Sep  8 10:24:57 gw-dc01 named[14101]: samba_dlz: starting transaction
> on
> > > zone gwad.fi
> > > Sep  8 10:24:57 gw-dc01 named[14101]: samba_dlz: disallowing update of
> > > signer=gw-pc03\$\@GWAD.FI name=GW-PC03.gwad.fi type=AAAA
> > > error=insufficient access rights
> > > Sep  8 10:24:57 gw-dc01 named[14101]: client 10.132.2.103#49508/key
> gw-
> > > pc03\$\@GWAD.FI: updating zone 'gwad.fi/NONE': update failed: rejected
> by
> > > secure update (REFUSED)
> > > Sep  8 10:24:57 gw-dc01 named[14101]: samba_dlz: cancelling
> transaction on
> > > zone gwad.fi
> > >
> > > Kind regards
> > > Aki Tuomi
> > >
> > > --
> > > To unsubscribe from this list go to the following URL and read the
> > > instructions:  https://lists.samba.org/mailman/options/samba
> >
> >

More information about the samba mailing list