[Samba] DDNS with Bind

Rowland Penny rpenny at samba.org
Mon Dec 26 18:19:33 UTC 2016 

On Mon, 26 Dec 2016 18:24:25 +0100
Stefan Kania via samba <samba at lists.samba.org> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> 
> Hello,
> I try to set up a ADDC with bind9 and dhcp-Server for dynamic
> DNS-updates. I followd the wiki:
> https://wiki.samba.org/index.php/Configure_DHCP_to_update_DNS_records_wi
> th_BIND9
> 
> My problem is, that the PTR Record will not be updated, because the
> script is using the wrong reverse-zone:
> - ---------------------
> Dez 26 17:30:05 addc-01 named[512]: client 192.168.56.200#60564/key
> dhcpduser\@EXAMPLE.NET: updating zone '168.192.IN-ADDR.ARPA/IN':
> update failed: not authoritative for update zone (NOTAUTH)
> Dez 26 17:30:05 addc-01 logger[989]: DHCP-DNS Update failed: 02
> Dez 26 17:30:05 addc-01 dhcpd[803]: execute:
> /etc/dhcp/bin/dhcp-dyndns.sh exit status 512
> 
> - ---------------------
> The zonename should be "56.168.192.in-addr.arpa" so the "56" is
> missing. The forward-zone works.
> 
> My reverse-zone is:
> - --------------------
> root at addc-01:~# samba-tool dns zonelist addc-01
>   3 zone(s) found
> 
>   pszZoneName                 : 56.168.192.in-addr.arpa
>   Flags                       : DNS_RPC_ZONE_DSINTEGRATED
> DNS_RPC_ZONE_UPDATE_SECURE
>   ZoneType                    : DNS_ZONE_TYPE_PRIMARY
>   Version                     : 50
>   dwDpFlags                   : DNS_DP_AUTOCREATED
> DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED
>   pszDpFqdn                   : DomainDnsZones.example.net
> 
> - --------------------
> My dhcpd.conf is a copy from the wiki with my values:
> - -------------------
> subnet 192.168.56.0 netmask 255.255.255.0 {
>   option subnet-mask 255.255.255.0;
>   option broadcast-address 192.168.56.255;
>   option time-offset 0;
>   option routers 192.168.56.1;
>   option domain-name "example.net";
>   option domain-name-servers 192.168.56.200;
>   option netbios-name-servers 192.168.56.200;
>   option ntp-servers 192.168.0.200;
>   pool {
>     max-lease-time 1800; # 30 minutes
>     range 192.168.56.210 192.168.56.229;
>   }
> - -------------------
> So where do I have to set up the right reverse-zone?

This is strange, if you follow the script, you will find this:

ip=$2

later on there is this:

# Set PTR address
ptr=$(echo ${ip} | awk -F '.' '{print
$4"."$3"."$2"."$1".in-addr.arpa"}')

Finally the update of the reverse zone is done with this:

nsupdate -g ${NSUPDFLAGS} << UPDATE
server 127.0.0.1
realm ${REALM}
update delete ${ptr} 3600 PTR
update add ${ptr} 3600 PTR ${name}.${domain}
send
UPDATE
result2=$?

If you restart bind9, do you find lines like these in the syslog:

Dec 26 18:10:23 member1 named[6786]: samba_dlz: started for DN DC=samdom,DC=example,DC=com
Dec 26 18:10:23 member1 named[6786]: samba_dlz: starting configure
Dec 26 18:10:23 member1 named[6786]: samba_dlz: configured writeable zone '0.168.192.in-addr.arpa'
Dec 26 18:10:23 member1 named[6786]: samba_dlz: configured writeable zone 'samdom.example.com'
Dec 26 18:10:23 member1 named[6786]: samba_dlz: configured writeable
zone '_msdcs.samdom.example.com'

Can you post your named conf files ?

Rowland

More information about the samba mailing list