[Samba] DDNS with Bind

Rowland Penny rpenny at samba.org
Mon Dec 26 19:33:17 UTC 2016 

On Mon, 26 Dec 2016 19:58:26 +0100
Stefan Kania <stefan at kania-online.de> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> 
> 
> Am 26.12.2016 um 19:19 schrieb Rowland Penny via samba:
> > On Mon, 26 Dec 2016 18:24:25 +0100 Stefan Kania via samba
> > <samba at lists.samba.org> wrote:
> > 
> >> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
> >> 
> >> 
> >> Hello, I try to set up a ADDC with bind9 and dhcp-Server for
> >> dynamic DNS-updates. I followd the wiki: 
> >> https://wiki.samba.org/index.php/Configure_DHCP_to_update_DNS_records
> _wi
> >>
> >> 
> th_BIND9
> >> 
> >> My problem is, that the PTR Record will not be updated, because
> >> the script is using the wrong reverse-zone: -
> >> --------------------- Dez 26 17:30:05 addc-01 named[512]: client
> >> 192.168.56.200#60564/key dhcpduser\@EXAMPLE.NET: updating zone
> >> '168.192.IN-ADDR.ARPA/IN': update failed: not authoritative for
> >> update zone (NOTAUTH) Dez 26 17:30:05 addc-01 logger[989]:
> >> DHCP-DNS Update failed: 02 Dez 26 17:30:05 addc-01 dhcpd[803]:
> >> execute: /etc/dhcp/bin/dhcp-dyndns.sh exit status 512
> >> 
> >> - --------------------- The zonename should be
> >> "56.168.192.in-addr.arpa" so the "56" is missing. The
> >> forward-zone works.
> >> 
> >> My reverse-zone is: - -------------------- root at addc-01:~#
> >> samba-tool dns zonelist addc-01 3 zone(s) found
> >> 
> >> pszZoneName                 : 56.168.192.in-addr.arpa Flags
> >> : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE ZoneType
> >> : DNS_ZONE_TYPE_PRIMARY Version                     : 50 
> >> dwDpFlags                   : DNS_DP_AUTOCREATED 
> >> DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED pszDpFqdn
> >> : DomainDnsZones.example.net
> >> 
> >> - -------------------- My dhcpd.conf is a copy from the wiki with
> >> my values: - ------------------- subnet 192.168.56.0 netmask
> >> 255.255.255.0 { option subnet-mask 255.255.255.0; option
> >> broadcast-address 192.168.56.255; option time-offset 0; option
> >> routers 192.168.56.1; option domain-name "example.net"; option
> >> domain-name-servers 192.168.56.200; option netbios-name-servers
> >> 192.168.56.200; option ntp-servers 192.168.0.200; pool { 
> >> max-lease-time 1800; # 30 minutes range 192.168.56.210
> >> 192.168.56.229; } - ------------------- So where do I have to set
> >> up the right reverse-zone?
> > 
> > This is strange, if you follow the script, you will find this:
> > 
> It's strange for me too ;-)
> > ip=$2
> > 
> > later on there is this:
> > 
> > # Set PTR address ptr=$(echo ${ip} | awk -F '.' '{print 
> > $4"."$3"."$2"."$1".in-addr.arpa"}')
> > 
> so the PTR is complet with all 4 octets of the IP-Address. That's why
> I don't understand that the dnsupdate is not working
> > Finally the update of the reverse zone is done with this:
> > 
> > nsupdate -g ${NSUPDFLAGS} << UPDATE server 127.0.0.1 realm
> > ${REALM} update delete ${ptr} 3600 PTR update add ${ptr} 3600 PTR
> > ${name}.${domain} send UPDATE result2=$?
> > 
> > If you restart bind9, do you find lines like these in the syslog:
> > 
> > Dec 26 18:10:23 member1 named[6786]: samba_dlz: started for DN
> > DC=samdom,DC=example,DC=com Dec 26 18:10:23 member1 named[6786]:
> > samba_dlz: starting configure Dec 26 18:10:23 member1 named[6786]:
> > samba_dlz: configured writeable zone '0.168.192.in-addr.arpa' Dec
> > 26 18:10:23 member1 named[6786]: samba_dlz: configured writeable
> > zone 'samdom.example.com' Dec 26 18:10:23 member1 named[6786]:
> > samba_dlz: configured writeable zone '_msdcs.samdom.example.com'
> > 
> > Can you post your named conf files ?
> Yes here it is:
> - -------------------
> Dec 26 19:51:19 addc-01 named[1645]: samba_dlz: started for DN
> DC=example,DC=net
> Dec 26 19:51:19 addc-01 named[1645]: samba_dlz: starting configure
> Dec 26 19:51:19 addc-01 named[1645]: samba_dlz: configured writeable
> zone '56.168.192.in-addr.arpa'
> Dec 26 19:51:19 addc-01 named[1645]: samba_dlz: configured writeable
> zone 'example.net'
> Dec 26 19:51:19 addc-01 named[1645]: samba_dlz: configured writeable
> zone '_msdcs.example.net'
> - -------------------
> As you can see, the reverse-zone is 56.168.192.in-addr.arpa
> 

Never doubted it ;-)

I have have been basically using that script for the last 4 years
(there have been some mods, but not to the actually update part) and I
have never had this problem.

If you read the manpage for nsupdate (this is what the script ultimately
runs), you will find this:

zone {zonename}
           Specifies that all updates are to be made to the zone zonename. If no zone statement is provided, nsupdate will attempt determine the correct zone to update based on the rest of the input.

Well, for you it obviously it isn't determining the zone, so try adding
it to the script, like this:

nsupdate -g ${NSUPDFLAGS} << UPDATE
server 127.0.0.1
realm ${REALM}
zone 56.168.192.in-addr.arpa
update delete ${ptr} 3600 PTR
update add ${ptr} 3600 PTR ${name}.${domain}
send
UPDATE
result2=$?

Rowland

More information about the samba mailing list