[Samba] [samba4] DNS updates

mathias dufresne infractory at gmail.com
Mon Jan 18 19:44:05 UTC 2016

Hi all,

I would like to be able to rely on samba given tools to manage my DNS
entries but until now, I failed.

>From what I have understood there is one and only one tool responsible to
update DNS: samba_dnsupdate.

Is that previous affirmation true?

I had issue with DNS backend set to internal DNS server: samba_dnsupdate
was almost never working.

So I switched to Bind-DLZ as advised here and on the wiki.

With Bind-DLZ sometimes it works, sometimes it don't.
Two tests platforms: Debian Jessie and Centos 7. Both plqtforms qre using
Sernet packages to be sure to have working packages.

On Debian Jessie it was working easily, just following the wiki.
Rerplication was working and is still working.
Sites were created and DNS entries changed accordingly.
Today I get back on that Debian platform, move again some DC to a new site
- entries on new are created
- entries on old sites are NOT removed
- samba_dnsupdate --verbose ends with "No DNS updates needed"

On Centos 7 it was never working correctly: samba_dnsupdate failed because
of TSIG authentication failure (I'm not at work so I can't be more precise
right now) and?or replication is failing.
On Centos 7 the only to get something a little bit working was to get Bind
configuration from Debian to Centos, removing /var/named and /etc/named*.

Perhaps samba_dnsupdate is not responsible to remove DNS entries, in that
case, what tool is responsible to clean up DNS?

I'm looking for more information about DNS authentication and updates:
Perhaps samba_dnsupdate is not responsible to remove these entries, in that
case, what tool is responsible to clean up DNS?

Finally is someone able to explain:
- how to manually create DNS user and give him right to modify DNS entries.
This is important to be underwstood I think because some others users can
created to do the same, to be able to find them could nice in a
securisation point of view.
- how to recreate the keytab of such user without samba_upgradedns: this
user can be deleted accidentaly, being able to recreate it without
samba_dnsupgrade seems less violent so less risky than switching
- how frequent are DNS updates? Is it every X minutes ? After each Site
modification + at every samba start?

As you see I completely lost into Samba DNS and help would be welcomed.



More information about the samba mailing list