Jan Dušátko jan at dusatko.org
Sat Sep 12 19:24:44 UTC 2015

please, could someone make me an advice about integrating those together?

SAMBA4 in Active Directory server mode (this need internal LDAP)
BIND with the DLZ, used for store DNS data, but use DNSSEC (hash based
authentication for the data updates)
ISCDHCP with DNS authentication (hash based)

For few months I trying to find solution how can complete all of them,
but seems like I failed. I didn't found information how can I use BIND
with DLZ and use DNSSEC (need those in configuration)
    options {
          dnssec-enable yes;
          dnssec-validation yes;
          managed-keys-directory "/etc/named/dynamic/";
    include "/etc/namedb/ddns.key";
    managed-keys {
          "." initial-key 257 3 8 "AwEAAag....1ihz0=";
    trusted-keys {
        // backward compatibility
         "." 257 3 8 "AwEAAag....1ihz0=";

The ddns.key should consist:
        algorithm HMAC-???.SIG-ALG.REG.INT;
        secret "...==";

The ISC-DHCP server configuration should consist those clauses:
    ddns-updates on;
    ddns-update-style interim;
    allow unknown-clients;
    ignore client-updates;
    update-static-leases on;
    one-lease-per-client true;
    include "/etc/namedb/ddns.key";

Coexistence of BIND DLZ and DNSSEC together with ISCDHCP works well as
well as coexistence of BIND DLZ and SAMBA4. But integration all of them
is too hard for me, may I overlook something

Any advice please?



Jan Dušátko

e-mail:		jan at dusatko.org

More information about the samba mailing list