[Samba] Problem with dynamic DNS

Aki Tuomi cmouse at cmouse.fi
Tue Sep 8 09:53:15 UTC 2015


On Tue, Sep 08, 2015 at 10:19:34AM +0100, Rowland Penny wrote:
> On 08/09/15 09:25, Aki Tuomi wrote:
> >Why would I do that? This is a *computer* not *user* adding the record.
> >It is supposed to match the "grant INTERNAL.DOMAIN.TLD ms-self * A AAAA;" rule
> >but it does not. For some mystical reason.
> >
> >Aki
> >
> >On Tue, Sep 08, 2015 at 10:18:03AM +0200, L.P.H. van Belle wrote:
> >>Did you add the user that adds the dns setting in the dnsadmins group in the ad?
> >>
> >>
> >>
> >>>-----Oorspronkelijk bericht-----
> >>>Van: Aki Tuomi [mailto:cmouse at cmouse.fi]
> >>>Verzonden: dinsdag 8 september 2015 10:08
> >>>Aan: L.P.H. van Belle
> >>>CC: samba at lists.samba.org
> >>>Onderwerp: Re: [Samba] Problem with dynamic DNS
> >>>
> >>>Yeah. I have that setting, but for some reason samba refuses to accept the
> >>>AAAA *deletion* request (probably because it does not exist).
> >>>
> >>>It differs from Win7 which only sends A delete + add. And as I said, the
> >>>windows 7
> >>>workstation has no issues with this.
> >>>
> >>>Aki
> >>>
> >>>On Tue, Sep 08, 2015 at 10:03:56AM +0200, L.P.H. van Belle wrote:
> >>>>(please reply to the list)
> >>>>
> >>>>If the record does not exist, then you have an other problem.
> >>>>
> >>>>Because samba does support this :
> >>>>
> >>>>cat /var/lib/samba/private/named.conf.update
> >>>>/* this file is auto-generated - do not edit */
> >>>>update-policy {
> >>>>         grant INTERNAL.DOMAIN.TLD ms-self * A AAAA;
> >>>>         grant Administrator at INTERNAL.DOMAIN.TLD wildcard * A AAAA SRV
> >>>CNAME;
> >>>>         grant DC1$@internal.domain.tld wildcard * A AAAA SRV CNAME;
> >>>>         grant DC2$@internal.domain.tld wildcard * A AAAA SRV CNAME;
> >>>>};
> >>>>
> >>
> >>
> >>-- 
> >>To unsubscribe from this list go to the following URL and read the
> >>instructions:  https://lists.samba.org/mailman/options/samba
> 
> You could try adding 'allow dns updates = nonsecure and secure' to
> smb.conf and restarting samba
> 
> Rowland
> 

Unfortunately that did not help either, as the clients are using TSIG signatures.
This seems to be some kind of windows 10 specific issue, as it is working differently
to previous windows versions.

Aki



More information about the samba mailing list