[Samba] WERR_DNS_ERROR_RCODE_REFUSED

Rowland penny rpenny at samba.org
Wed Jun 29 20:24:20 UTC 2016 

On 29/06/16 21:01, Carlos A. P. Cunha wrote:
> I'm running DNS on Windows too, as it receives the update, and delete 
> it it it also erases the Samba, Windows so I could see are not leaving 
> this I create new entries.
> Entries in samba via command or RSAT are working.
>
>

If you are referring to this that you posted:

Samba 4 logs:

Jun 28 17:28:40 samba named [8988]: samba_dlz: starting transaction on 
zone local.domain
Jun 28 17:28:40 samba named [8988]: client 192.168.200.66 # 59830: 
update 'local.domain / IN' denied
Jun 28 17:28:40 samba named [8988]: samba_dlz: canceling transaction on 
zone local.domain
Jun 28 17:28:40 samba named [8988]: samba_dlz: starting transaction on 
zone local.domain
Jun 28 17:28:40 samba named [8988]: samba_dlz: Allowing update of signer 
= Win2008 \ $ \ @ LOCAL.DOMAIN name = WIN2008.local.domain tcpaddr = 
type = AAAA key = 996-ms-7.3-37764d. 
e5b44e60-3d6e-11e6-02b3-080027f8e516 / 160/0
Jun 28 17:28:40 samba named [8988]: samba_dlz: Allowing update of signer 
= Win2008 \ $ \ @ LOCAL.DOMAIN name = WIN2008.local.domain tcpaddr = 
type = A key = 996-ms-7.3-37764d. e5b44e60-3d6e-11e6-02b3-080027f8e516 / 
160/0
Jun 28 17:28:40 samba named [8988]: samba_dlz: Allowing update of signer 
= Win2008 \ $ \ @ LOCAL.DOMAIN name = WIN2008.local.domain tcpaddr = 
type = A key = 996-ms-7.3-37764d. e5b44e60-3d6e-11e6-02b3-080027f8e516 / 
160/0
Jun 28 17:28:40 samba named [8988]: client 192.168.200.66 # 50239 / key 
Win2008 \ $ \ @ LOCAL.DOMAIN: updating zone 'local.domain / NONE': 
deleting RRset at 'WIN2008.local.domain' YYYY
Jun 28 17:28:40 samba named [8988]: client 192.168.200.66 # 50239 / key 
Win2008 \ $ \ @ LOCAL.DOMAIN: updating zone 'local.domain / NONE': 
deleting RRset at 'WIN2008.local.domain' THE
Jun 28 17:28:40 samba named [8988]: samba_dlz: subtracted rdataset 
WIN2008.local.domain '. WIN2008.local.domain # 011900 # 011IN # 011A # 
011192.168.200.66'
Jun 28 17:28:40 samba named [8988]: client 192.168.200.66 # 50239 / key 
Win2008 \ $ \ @ LOCAL.DOMAIN: updating zone 'local.domain / NONE': 
adding an RR at 'WIN2008.local.domain 'The 192.168.200.66
Jun 28 17:28:40 samba named [8988]: samba_dlz: added rdataset 
WIN2008.local.domain 'WIN2008.local.domain # 0111200 # 011IN # 011A # 
011192.168.200.66.'
Jun 28 17:28:40 samba named [8988]: samba_dlz:. Subtracted local.domain 
rdataset 'local.domain # 0113600 # # 011SOA 011IN # 
011samba.local.domain. hostmaster.local.domain. 5900600 86400 3600 '
Jun 28 17:28:40 samba named [8988]: samba_dlz: added rdataset 
local.domain 'local.domain # 0113600 # # 011SOA 011IN # 
011samba.local.domain.. hostmaster.local.domain. 6900600 86400 3600 '
Jun 28 17:28:40 samba named [8988]: samba_dlz: committed transaction on 
zone local.domain

This is not your windows server dns being updated, it appears to be your 
windows server record being updated on a Samba AD DC running Bind9.

So, I ask again, WHAT DNS SERVER IS RUNNING ON THE WINDOWS DC!

Note: the above is not shouting, it is for emphasis.

Rowland

More information about the samba mailing list