[Samba] Securring DHCP, with DDNS
Walter Mautner
retlaw.rentuam at gmail.com
Tue Jan 26 16:03:15 UTC 2016
You may have 2 dhcps running, but you have to make sure the lease ranges are different. The first dns server stanza should refer to the server which gets the lease update.
For the dns servers you would need to define each other as forwarder, probably by ip range, to be able to resolve the other (half of the) names.
--
W.Mautner (Walter.mautner at ages.at)
+43050555111 IKT Hotline
> Am 26.01.2016 um 16:33 schrieb Sam <sr42354 at gmail.com>:
>
> Hello All,
>
> I have 2 samba4 AD server with dhpd and dynamic DNS.
> I have well understand that for now it's not possible to have 2 DHCP server running in the same time.
> So I would have at a time only one dhcp server running.
> If the first server got a problem I want to manually start the isc-dhcp service in the second to rescue the system.
>
> But It's not working as I expected...
>
> If I switch off Isc-dhcp service in the first DC and switch on in the other one I get these errors :
>
> ipconfig /release
> Jan 26 11:41:36 S4 named[2308]: samba_dlz: starting transaction on zone ariane.intra
> Jan 26 11:41:36 S4 named[2308]: client 172.20.4.2#54917: update 'ariane.intra/IN' denied
> Jan 26 11:41:36 S4 named[2308]: samba_dlz: cancelling transaction on zone ariane.intra
> Jan 26 11:41:36 S4 named[2308]: samba_dlz: starting transaction on zone ariane.intra
> Jan 26 11:41:36 S4 named[2308]: samba_dlz: disallowing update of signer=client7-pcbis\$\@ARIANE.INTRA name=client7-PCbis.ariane.intra type=A*error=**insufficient access rights*
> Jan 26 11:41:36 S4 named[2308]: client 172.20.4.2#65046: updating zone 'ariane.intra/NONE': update failed: rejected by secure update (REFUSED)
> Jan 26 11:41:36 S4 named[2308]: samba_dlz: cancelling transaction on zone ariane.intra
>
> ipconfig /renew
> Jan 26 11:43:22 S4 dhcpd: DHCPDISCOVER from 00:50:56:8f:55:b6 via eth0
> Jan 26 11:43:23 S4 dhcpd: DHCPOFFER on 172.20.4.2 to 00:50:56:8f:55:b6 (client7-PCbis) via eth0
> Jan 26 11:43:23 S4 dhcpd: execute_statement argv[0] = /etc/dhcp/bin/dhcp-dyndns-debian.sh
> Jan 26 11:43:23 S4 dhcpd: execute_statement argv[1] = add
> Jan 26 11:43:23 S4 dhcpd: execute_statement argv[2] = 172.20.4.2
> Jan 26 11:43:23 S4 dhcpd: execute_statement argv[3] = client7-PCbis
> Jan 26 11:43:23 S4 dhcpd: execute_statement argv[4] = 0:50:56:8f:55:b6
> Jan 26 11:43:23 S4 dhcpd: DHCPREQUEST for 172.20.4.2 (172.20.2.2) from 00:50:56:8f:55:b6 (client7-PCbis) via eth0
> Jan 26 11:43:23 S4 dhcpd: DHCPACK on 172.20.4.2 to 00:50:56:8f:55:b6 (client7-PCbis) via eth0
> Jan 26 11:43:23 S4 named[2308]: samba_dlz: starting transaction on zone ariane.intra
> Jan 26 11:43:23 S4 named[2308]: samba_dlz: allowing update of signer=dhcpd-user\@ARIANE.INTRA name=client7-PCbis.ariane.intra tcpaddr=172.20.2.2 type=A key=1616985151.sig-s4.ariane.intra/160/0
> Jan 26 11:43:23 S4 named[2308]: samba_dlz: allowing update of signer=dhcpd-user\@ARIANE.INTRA name=client7-PCbis.ariane.intra tcpaddr=172.20.2.2 type=A key=1616985151.sig-s4.ariane.intra/160/0
> Jan 26 11:43:23 S4 named[2308]: client 172.20.2.2#57599: updating zone 'ariane.intra/NONE': deleting rrset at 'client7-PCbis.ariane.intra' A
> Jan 26 11:43:23 S4 named[2308]: client 172.20.2.2#57599: updating zone 'ariane.intra/NONE': adding an RR at 'client7-PCbis.ariane.intra' A
> Jan 26 11:43:23 S4 named[2308]: samba_dlz: added rdataset client7-PCbis.ariane.intra 'client7-PCbis.ariane.intra.#0113600#011IN#011A#011172.20.4.2'
> Jan 26 11:43:23 S4 named[2308]: samba_dlz: subtracted rdataset ariane.intra 'ariane.intra.#0113600#011IN#011SOA#011s4.ariane.intra. admin.ariane.intra. 98438 900 600 86400 3600'
> Jan 26 11:43:23 S4 named[2308]: samba_dlz: added rdataset ariane.intra 'ariane.intra.#0113600#011IN#011SOA#011s4.ariane.intra. admin.ariane.intra. 98439 900 600 86400 3600'
> Jan 26 11:43:23 S4 named[2308]: samba_dlz: committed transaction on zone ariane.intra
> Jan 26 11:43:23 S4 named[2308]: samba_dlz: starting transaction on zone 4.20.172.in-addr.arpa
> Jan 26 11:43:23 S4 named[2308]: samba_dlz: allowing update of signer=dhcpd-user\@ARIANE.INTRA name=2.4.20.172.in-addr.arpa tcpaddr=172.20.2.2 type=PTR key=1880656139.sig-s4.ariane.intra/160/0
> Jan 26 11:43:23 S4 named[2308]: samba_dlz: allowing update of signer=dhcpd-user\@ARIANE.INTRA name=2.4.20.172.in-addr.arpa tcpaddr=172.20.2.2 type=PTR key=1880656139.sig-s4.ariane.intra/160/0
> Jan 26 11:43:23 S4 named[2308]: client 172.20.2.2#39255: updating zone '4.20.172.in-addr.arpa/NONE': deleting rrset at '2.4.20.172.in-addr.arpa' PTR
> Jan 26 11:43:23 S4 named[2308]: client 172.20.2.2#39255: updating zone '4.20.172.in-addr.arpa/NONE': adding an RR at '2.4.20.172.in-addr.arpa' PTR
> Jan 26 11:43:23 S4 named[2308]: samba_dlz: added rdataset 2.4.20.172.in-addr.arpa '2.4.20.172.in-addr.arpa.#0113600#011IN#011PTR#011client7-PCbis.ariane.intra.'
> Jan 26 11:43:23 S4 named[2308]: samba_dlz: subtracted rdataset 4.20.172.in-addr.arpa '4.20.172.in-addr.arpa.#0113600#011IN#011SOA#011s4.ariane.intra. admin.ariane.intra. 34 900 600 86400 3600'
> Jan 26 11:43:23 S4 named[2308]: samba_dlz: added rdataset 4.20.172.in-addr.arpa '4.20.172.in-addr.arpa.#0113600#011IN#011SOA#011s4.ariane.intra. admin.ariane.intra. 35 900 600 86400 3600'
> Jan 26 11:43:23 S4 named[2308]: samba_dlz: committed transaction on zone 4.20.172.in-addr.arpa
> Jan 26 11:43:23 S4 dhcpd: DDNS: adding records for 172.20.4.2 (client7-PCbis.ariane.intra) succeeded
> Jan 26 11:43:27 S4 named[2308]: samba_dlz: starting transaction on zone ariane.intra
> Jan 26 11:43:27 S4 named[2308]: client 172.20.4.2#49708: update 'ariane.intra/IN' denied
> Jan 26 11:43:27 S4 named[2308]: samba_dlz: cancelling transaction on zone ariane.intra
> Jan 26 11:43:27 S4 named[2308]: samba_dlz: starting transaction on zone ariane.intra
> Jan 26 11:43:27 S4 named[2308]: samba_dlz: disallowing update of signer=client7-pcbis\$\@ARIANE.INTRA name=client7-PCbis.ariane.intra type=AAAA*error=insufficient access rights*
> Jan 26 11:43:27 S4 named[2308]: client 172.20.4.2#58780: updating zone 'ariane.intra/NONE': update failed: rejected by secure update (REFUSED)
> Jan 26 11:43:27 S4 named[2308]: samba_dlz: cancelling transaction on zone ariane.intra
> Jan 26 11:43:27 S4 named[2308]: samba_dlz: starting transaction on zone ariane.intra
> Jan 26 11:43:27 S4 named[2308]: client 172.20.4.2#62901: update 'ariane.intra/IN' denied
> Jan 26 11:43:27 S4 named[2308]: samba_dlz: cancelling transaction on zone ariane.intra
> Jan 26 11:43:27 S4 named[2308]: samba_dlz: starting transaction on zone ariane.intra
> Jan 26 11:43:27 S4 named[2308]: samba_dlz: disallowing update of signer=client7-pcbis\$\@ARIANE.INTRA name=client7-PCbis.ariane.intra type=AAAA*error=insufficient access rights*
> Jan 26 11:43:27 S4 named[2308]: client 172.20.4.2#60619: updating zone 'ariane.intra/NONE': update failed: rejected by secure update (REFUSED)
> Jan 26 11:43:27 S4 named[2308]: samba_dlz: cancelling transaction on zone ariane.intra
> Jan 26 11:43:30 S4 dhcpd: DHCPINFORM from 172.20.4.2 via eth0
> Jan 26 11:43:30 S4 dhcpd: DHCPACK to 172.20.4.2 (00:50:56:8f:55:b6) via eth0
>
>
> How to start quickly with the second DHCP server without mistakes and without manually remove the DNS entries?
>
> Thank you in advance for the answers!
>
> Sam
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list