[Samba] Reverse zones fail with secure updates

L.P.H. van Belle belle at bazuin.nl
Tue Nov 22 16:14:32 UTC 2016 

Comments inline

> -----Oorspronkelijk bericht-----
> Van: lingpanda101 [mailto:lingpanda101 at gmail.com]
> Verzonden: dinsdag 22 november 2016 15:32
> Aan: L.P.H. van Belle; samba at lists.samba.org
> Onderwerp: Re: [Samba] Reverse zones fail with secure updates
> 
> Hi Louis,
> 
>        Comments inline
> 
> On 11/22/2016 3:38 AM, L.P.H. van Belle via samba wrote:
> > Hai James,
> >
> > What is the connection's DNS suffix of the pc?
> domain.local

Uhm.. , if you are in production dont change it but a .local (and .lan) 
Are reserved by Apple's mDNS (zeroconf/avahi) 

> > And did you setup TLS in you samba?
> No. How?
https://wiki.samba.org/index.php/Configuring_LDAP_over_SSL_(LDAPS)_on_a_Samba_AD_DC 


> >
> >
> > Look here, in the advanded tcp settings of the pc.  ( or ipconfig /all )
> >
> > And is it ticked "Use this connections dns suffix in dns registration"
> > (In dhcp option 81.)
> Our routers handle DHCP.
Ok then do you routers send option 81, of the dns suffic. 
If not possible, then the Group policy is you last option. 

> >
> > Or use Group policy editors.
> > - Computer Configuration\Administrative Templates\Network\DNS Client
> > 	-Connection Specific DNS Suffix: enabled, and set to your.domain.tld
> > 	-Register DNS records with connection-specific DNS suffix: enabled
> > 	-Register PTR Records: enabled
> > 	-Dynamic Update: enabled
> I tried this method as well.
This works, i use a setup like this. 
! Must be a computer policy, and you must reboot 2x to see if it works. 

> >
> > Or use static ips, then A and PTR are registered by the computer.
> Static IP's only register if I disable secure updates.
Due to no tls/ssl 


> >
> >
> > Key is to remember, Windows uses the connection-specific DNS suffix to
> register DNS records.
> >
> >
> > Greetz,
> >
> > Louis
> >
> >
> >> -----Oorspronkelijk bericht-----
> >> Van: samba [mailto:samba-bounces at lists.samba.org] Namens lingpanda101
> via
> >> samba
> >> Verzonden: maandag 21 november 2016 21:14
> >> Aan: samba at lists.samba.org
> >> Onderwerp: [Samba] Reverse zones fail with secure updates
> >>
> >> Hello,
> >>
> >>       I'm using Samba 4.5.1 as a ADDC and the internal DNS. If I use
> >> 'allow dns updates = secure' in my smb.conf. Only A records update. The
> >> applicable reverse zone fails to update. If I switch to using non
> secure
> >> updates both the A and the PTR records are updated. Is someone else
> able
> >> to confirm this behavior? Thanks.
> >>
> >>
> >> --
> >> - James
> >>
> >>
> >> --
> >> To unsubscribe from this list go to the following URL and read the
> >> instructions:  https://lists.samba.org/mailman/options/samba
> >
> 
> 
> --
> - James

More information about the samba mailing list