[Samba] Problem with dynamic DNS
L.P.H. van Belle
belle at bazuin.nl
Tue Sep 8 08:03:56 UTC 2015
(please reply to the list)
If the record does not exist, then you have an other problem.
Because samba does support this :
cat /var/lib/samba/private/named.conf.update
/* this file is auto-generated - do not edit */
update-policy {
grant INTERNAL.DOMAIN.TLD ms-self * A AAAA;
grant Administrator at INTERNAL.DOMAIN.TLD wildcard * A AAAA SRV CNAME;
grant DC1$@internal.domain.tld wildcard * A AAAA SRV CNAME;
grant DC2$@internal.domain.tld wildcard * A AAAA SRV CNAME;
};
> -----Oorspronkelijk bericht-----
> Van: Aki Tuomi [mailto:cmouse at cmouse.fi]
> Verzonden: dinsdag 8 september 2015 9:59
> Aan: L.P.H. van Belle
> Onderwerp: Re: [Samba] Problem with dynamic DNS
>
> Unfortunately that DNS record does not exist.
>
> Aki
>
> On Tue, Sep 08, 2015 at 09:53:45AM +0200, L.P.H. van Belle wrote:
> > What happens if you remove the dns records and you restart your pc.
> > That solved this problem for me.
> >
> > Greetz,
> >
> > Louis
> >
> >
> >
> > > -----Oorspronkelijk bericht-----
> > > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Aki Tuomi
> > > Verzonden: dinsdag 8 september 2015 9:33
> > > Aan: samba at lists.samba.org
> > > Onderwerp: [Samba] Problem with dynamic DNS
> > >
> > > Hi!
> > >
> > > We are facing problems with Windows 10 and dynamic DNS. The problem is
> > > that
> > > samba_dlz prevents AAAA deletion. Can we permit AAAA somehow or fix
> this?
> > >
> > > Disabling IPv6 and removing IPv6 driver from interface made no
> difference
> > > whatsoever. This works on Windows 7 just fine.
> > >
> > > Samba version: 4.1.6-Ubuntu
> > >
> > > We see the following with wireshark:
> > >
> > > Domain Name System (query)
> > > Transaction ID: 0x8aa4
> > > Flags: 0x2800 Dynamic update
> > > 0... .... .... .... = Response: Message is a query
> > > .010 1... .... .... = Opcode: Dynamic update (5)
> > > .... ..0. .... .... = Truncated: Message is not truncated
> > > .... ...0 .... .... = Recursion desired: Don't do query
> > > recursively
> > > .... .... .0.. .... = Z: reserved (0)
> > > .... .... ...0 .... = Non-authenticated data: Unacceptable
> > > Zones: 1
> > > Prerequisites: 1
> > > Updates: 3
> > > Additional RRs: 1
> > > Zone
> > > gwad.fi: type SOA, class IN
> > > Name: gwad.fi
> > > Type: SOA (Start of zone of authority)
> > > Class: IN (0x0001)
> > > Prerequisites
> > > GW-PC03.gwad.fi: type CNAME, class NONE
> > > Name: GW-PC03.gwad.fi
> > > Type: CNAME (Canonical name for an alias)
> > > Class: NONE (0x00fe)
> > > Time to live: 0 seconds
> > > Data length: 0
> > > Updates
> > > GW-PC03.gwad.fi: type AAAA, class ANY
> > > Name: GW-PC03.gwad.fi
> > > Type: AAAA (IPv6 address)
> > > Class: ANY (0x00ff)
> > > Time to live: 0 seconds
> > > Data length: 0
> > > GW-PC03.gwad.fi: type A, class ANY
> > > Name: GW-PC03.gwad.fi
> > > Type: A (Host address)
> > > Class: ANY (0x00ff)
> > > Time to live: 0 seconds
> > > Data length: 0
> > > GW-PC03.gwad.fi: type A, class IN, addr 10.132.2.103
> > > Name: GW-PC03.gwad.fi
> > > Type: A (Host address)
> > > Class: IN (0x0001)
> > > Time to live: 20 minutes
> > > Data length: 4
> > > Addr: 10.132.2.103 (10.132.2.103)
> > > Additional records
> > > 1180-ms-7.2-3c5a3.9620e2ee-55f9-11e5-d29b-14dae91532dd: type
> TSIG,
> > > class ANY
> > > Name: 1180-ms-7.2-3c5a3.9620e2ee-55f9-11e5-d29b-
> 14dae91532dd
> > > Type: TSIG (Transaction Signature)
> > > Class: ANY (0x00ff)
> > > Time to live: 0 seconds
> > > Data length: 54
> > > Algorithm Name: gss-tsig
> > > Time signed: Sep 8, 2015 10:23:18.000000000 EEST
> > > Fudge: 36000
> > > MAC Size: 28
> > > MAC
> > > No dissector for algorithm:gss-tsig
> > > Original Id: 35492
> > > Error: No error (0)
> > > Other Len: 0
> > >
> > >
> > > And this in syslog:
> > >
> > > Sep 8 10:24:57 gw-dc01 named[14101]: samba_dlz: starting transaction
> on
> > > zone gwad.fi
> > > Sep 8 10:24:57 gw-dc01 named[14101]: samba_dlz: disallowing update of
> > > signer=gw-pc03\$\@GWAD.FI name=GW-PC03.gwad.fi type=AAAA
> > > error=insufficient access rights
> > > Sep 8 10:24:57 gw-dc01 named[14101]: client 10.132.2.103#49508/key
> gw-
> > > pc03\$\@GWAD.FI: updating zone 'gwad.fi/NONE': update failed: rejected
> by
> > > secure update (REFUSED)
> > > Sep 8 10:24:57 gw-dc01 named[14101]: samba_dlz: cancelling
> transaction on
> > > zone gwad.fi
> > >
> > > Kind regards
> > > Aki Tuomi
> > >
> > > --
> > > To unsubscribe from this list go to the following URL and read the
> > > instructions: https://lists.samba.org/mailman/options/samba
> >
> >
More information about the samba
mailing list