[Samba] Reverse zones fail with secure updates

lingpanda101 lingpanda101 at gmail.com
Tue Nov 22 14:47:08 UTC 2016 

On 11/22/2016 3:43 AM, L.P.H. van Belle via samba wrote:
> Sorry your missing a screen dump..
>
> This part,
>> And is it ticked "Use this connections dns suffix in dns registration"
>> (In dhcp option 81.)
> Found in windows, network interface, TCP settings, tab DNS, in the bottem.
>
>
>
>> -----Oorspronkelijk bericht-----
>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens L.P.H. van Belle
>> via samba
>> Verzonden: dinsdag 22 november 2016 9:38
>> Aan: samba at lists.samba.org
>> Onderwerp: Re: [Samba] Reverse zones fail with secure updates
>>
>> Hai James,
>>
>> What is the connection's DNS suffix of the pc?
>> And did you setup TLS in you samba?
>>
>>
>> Look here, in the advanded tcp settings of the pc.  ( or ipconfig /all )
>>
>> And is it ticked "Use this connections dns suffix in dns registration"
>> (In dhcp option 81.)
>>
>> Or use Group policy editors.
>> - Computer Configuration\Administrative Templates\Network\DNS Client
>> 	-Connection Specific DNS Suffix: enabled, and set to your.domain.tld
>> 	-Register DNS records with connection-specific DNS suffix: enabled
>> 	-Register PTR Records: enabled
>> 	-Dynamic Update: enabled
>>
>> Or use static ips, then A and PTR are registered by the computer.
>>
>> Key is to remember, Windows uses the connection-specific DNS suffix to
>> register DNS records.
>>
>>
>> Greetz,
>>
>> Louis
>>
>>
>>> -----Oorspronkelijk bericht-----
>>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens lingpanda101
>> via
>>> samba
>>> Verzonden: maandag 21 november 2016 21:14
>>> Aan: samba at lists.samba.org
>>> Onderwerp: [Samba] Reverse zones fail with secure updates
>>>
>>> Hello,
>>>
>>>       I'm using Samba 4.5.1 as a ADDC and the internal DNS. If I use
>>> 'allow dns updates = secure' in my smb.conf. Only A records update. The
>>> applicable reverse zone fails to update. If I switch to using non secure
>>> updates both the A and the PTR records are updated. Is someone else able
>>> to confirm this behavior? Thanks.
>>>
>>>
>>> --
>>> - James
>>>
>>>
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>

I'll point out what I have set in my smb.conf

samba-tool testparm -v | grep tls

         ldap ssl = start tls
         tls cafile = tls/ca.pem
         tls certfile = tls/cert.pem
         tls crlfile =
         tls dh params file =
         tls enabled = Yes
         tls keyfile = tls/key.pem
         tls priority = NORMAL:-VERS-SSL3.0
         tls verify peer = ca_and_name

-- 
- James

More information about the samba mailing list