[Samba] Samba 4.8.4 + BIND 9.9.4 - possibility of nonsecure DNS updates
L.P.H. van Belle
belle at bazuin.nl
Tue Aug 21 14:50:19 UTC 2018
; TSIG error with server: tsig verify failure
Mayabe update/setup your TSIG key.
https://access.redhat.com/documentation/en-us/openshift_enterprise/2/html/puppet_deployment_guide/generating_a_bind_tsig_key
Im also wondering why RH is using : '--disable-isc-spnego'
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Ji??í ??erný via samba
> Verzonden: dinsdag 21 augustus 2018 16:31
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Samba 4.8.4 + BIND 9.9.4 - possibility
> of nonsecure DNS updates
>
> > So you never read this:
> >
> https://wiki.samba.org/index.php/Changing_the_DNS_Back_End_of_
> a_Samba_AD_DC
> > Which means that you probably never ran the aptly named
> > 'samba_upgradedns'Of course I ran this. Many times. I'm not
> stupid, Rowland. At least I can read:D
> If I've seen that Bind doesn't work, I had to change backend
> to internal DNS.I carefully read and made everything from wiki:
> https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Exis
> ting_Active_Directory
> https://wiki.samba.org/index.php/BIND9_DLZ_DNS_Back_End
> https://wiki.samba.org/index.php/Testing_Dynamic_DNS_Updates
> https://wiki.samba.org/index.php/BIND9_DLZ_DNS_Back_End#Troubl
eshootingAnd tried everything possible. Writing mail to lists is > the last instance for me...On every of our DCs:
> samba_dnsupdate --verbose
> IPs: ['192.168.45.1']
> Looking for DNS entry A dc03x.samdom.svmetal.cz 192.168.45.1
> as dc03x.samdom.svmetal.cz.
> Looking for DNS entry NS samdom.svmetal.cz
> dc03x.samdom.svmetal.cz as samdom.svmetal.cz.
> Looking for DNS entry NS _msdcs.samdom.svmetal.cz
> dc03x.samdom.svmetal.cz as _msdcs.samdom.svmetal.cz.
> Looking for DNS entry A samdom.svmetal.cz 192.168.45.1 as
> samdom.svmetal.cz.
> Looking for DNS entry SRV _ldap._tcp.samdom.svmetal.cz
> dc03x.samdom.svmetal.cz 389 as _ldap._tcp.samdom.svmetal.cz.
> Checking 0 100 389 dc01.samdom.svmetal.cz. against SRV
> _ldap._tcp.samdom.svmetal.cz dc03x.samdom.svmetal.cz 389
> Checking 0 100 389 dc02x.samdom.svmetal.cz. against SRV
> _ldap._tcp.samdom.svmetal.cz dc03x.samdom.svmetal.cz 389
> Checking 0 100 389 dc03x.samdom.svmetal.cz. against SRV
> _ldap._tcp.samdom.svmetal.cz dc03x.samdom.svmetal.cz 389
> Looking for DNS entry SRV
> _ldap._tcp.dc._msdcs.samdom.svmetal.cz
> dc03x.samdom.svmetal.cz 389 as _ldap._tcp.dc._msdcs.samdom.svmetal.cz.
> Checking 0 100 389 dc01.samdom.svmetal.cz. against SRV
> _ldap._tcp.dc._msdcs.samdom.svmetal.cz dc03x.samdom.svmetal.cz 389
> Checking 0 100 389 dc02x.samdom.svmetal.cz. against SRV
> _ldap._tcp.dc._msdcs.samdom.svmetal.cz dc03x.samdom.svmetal.cz 389
> Checking 0 100 389 dc03x.samdom.svmetal.cz. against SRV
> _ldap._tcp.dc._msdcs.samdom.svmetal.cz dc03x.samdom.svmetal.cz 389
> Looking for DNS entry SRV
> _ldap._tcp.991e4476-399a-4712-a64f-a2019ed40e7b.domains._msdcs
.samdom.svmetal.cz dc03x.samdom.svmetal.cz 389 as _ldap.> _tcp.991e4476-399a-4712-a64f-a2019ed40e7b.domains._msdcs.samdo
m.svmetal.cz.
> Checking 0 100 389 dc01.samdom.svmetal.cz. against SRV
> _ldap._tcp.991e4476-399a-4712-a64f-a2019ed40e7b.domains._msdcs
.samdom.svmetal.cz dc03x.samdom.svmetal.cz 389
> Checking 0 100 389 dc02x.samdom.svmetal.cz. against SRV
> _ldap._tcp.991e4476-399a-4712-a64f-a2019ed40e7b.domains._msdcs
.samdom.svmetal.cz dc03x.samdom.svmetal.cz 389
> Checking 0 100 389 dc03x.samdom.svmetal.cz. against SRV
> _ldap._tcp.991e4476-399a-4712-a64f-a2019ed40e7b.domains._msdcs
.samdom.svmetal.cz dc03x.samdom.svmetal.cz 389
> Looking for DNS entry SRV _kerberos._tcp.samdom.svmetal.cz
> dc03x.samdom.svmetal.cz 88 as _kerberos._tcp.samdom.svmetal.cz.
> Checking 0 100 88 dc01.samdom.svmetal.cz. against SRV
> _kerberos._tcp.samdom.svmetal.cz dc03x.samdom.svmetal.cz 88
> Checking 0 100 88 dc02x.samdom.svmetal.cz. against SRV
> _kerberos._tcp.samdom.svmetal.cz dc03x.samdom.svmetal.cz 88
> Checking 0 100 88 dc03x.samdom.svmetal.cz. against SRV
> _kerberos._tcp.samdom.svmetal.cz dc03x.samdom.svmetal.cz 88
> Looking for DNS entry SRV _kerberos._udp.samdom.svmetal.cz
> dc03x.samdom.svmetal.cz 88 as _kerberos._udp.samdom.svmetal.cz.
> Checking 0 100 88 dc01.samdom.svmetal.cz. against SRV
> _kerberos._udp.samdom.svmetal.cz dc03x.samdom.svmetal.cz 88
> Checking 0 100 88 dc02x.samdom.svmetal.cz. against SRV
> _kerberos._udp.samdom.svmetal.cz dc03x.samdom.svmetal.cz 88
> Checking 0 100 88 dc03x.samdom.svmetal.cz. against SRV
> _kerberos._udp.samdom.svmetal.cz dc03x.samdom.svmetal.cz 88
> Looking for DNS entry SRV
> _kerberos._tcp.dc._msdcs.samdom.svmetal.cz
> dc03x.samdom.svmetal.cz 88 as
> _kerberos._tcp.dc._msdcs.samdom.svmetal.cz.
> Checking 0 100 88 dc01.samdom.svmetal.cz. against SRV
> _kerberos._tcp.dc._msdcs.samdom.svmetal.cz dc03x.samdom.svmetal.cz 88
> Checking 0 100 88 dc02x.samdom.svmetal.cz. against SRV
> _kerberos._tcp.dc._msdcs.samdom.svmetal.cz dc03x.samdom.svmetal.cz 88
> Checking 0 100 88 dc03x.samdom.svmetal.cz. against SRV
> _kerberos._tcp.dc._msdcs.samdom.svmetal.cz dc03x.samdom.svmetal.cz 88
> Looking for DNS entry SRV _kpasswd._tcp.samdom.svmetal.cz
> dc03x.samdom.svmetal.cz 464 as _kpasswd._tcp.samdom.svmetal.cz.
> Checking 0 100 464 dc01.samdom.svmetal.cz. against SRV
> _kpasswd._tcp.samdom.svmetal.cz dc03x.samdom.svmetal.cz 464
> Checking 0 100 464 dc02x.samdom.svmetal.cz. against SRV
> _kpasswd._tcp.samdom.svmetal.cz dc03x.samdom.svmetal.cz 464
> Checking 0 100 464 dc03x.samdom.svmetal.cz. against SRV
> _kpasswd._tcp.samdom.svmetal.cz dc03x.samdom.svmetal.cz 464
> Looking for DNS entry SRV _kpasswd._udp.samdom.svmetal.cz
> dc03x.samdom.svmetal.cz 464 as _kpasswd._udp.samdom.svmetal.cz.
> Checking 0 100 464 dc01.samdom.svmetal.cz. against SRV
> _kpasswd._udp.samdom.svmetal.cz dc03x.samdom.svmetal.cz 464
> Checking 0 100 464 dc02x.samdom.svmetal.cz. against SRV
> _kpasswd._udp.samdom.svmetal.cz dc03x.samdom.svmetal.cz 464
> Checking 0 100 464 dc03x.samdom.svmetal.cz. against SRV
> _kpasswd._udp.samdom.svmetal.cz dc03x.samdom.svmetal.cz 464
> Looking for DNS entry CNAME
> a0fcd1d9-a5e2-428c-a271-ab17103bb4d0._msdcs.samdom.svmetal.cz
> dc03x.samdom.svmetal.cz as
> a0fcd1d9-a5e2-428c-a271-ab17103bb4d0._msdcs.samdom.svmetal.cz.
> Looking for DNS entry SRV
> _ldap._tcp.Default-First-Site-Name._sites.samdom.svmetal.cz
> dc03x.samdom.svmetal.cz 389 as
> _ldap._tcp.Default-First-Site-Name._sites.samdom.svmetal.cz.
> Checking 0 100 389 dc01.samdom.svmetal.cz. against SRV
> _ldap._tcp.Default-First-Site-Name._sites.samdom.svmetal.cz
> dc03x.samdom.svmetal.cz 389
> Checking 0 100 389 dc03x.samdom.svmetal.cz. against SRV
> _ldap._tcp.Default-First-Site-Name._sites.samdom.svmetal.cz
> dc03x.samdom.svmetal.cz 389
> Looking for DNS entry SRV
> _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.samdom.svm
etal.cz dc03x.samdom.svmetal.cz 389 as _ldap._tcp.Default-First-> Site-Name._sites.dc._msdcs.samdom.svmetal.cz.
> Checking 0 100 389 dc01.samdom.svmetal.cz. against SRV
> _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.samdom.svm
etal.cz dc03x.samdom.svmetal.cz 389
> Checking 0 100 389 dc03x.samdom.svmetal.cz. against SRV
> _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.samdom.svm
etal.cz dc03x.samdom.svmetal.cz 389
> Looking for DNS entry SRV
> _kerberos._tcp.Default-First-Site-Name._sites.samdom.svmetal.c
> z dc03x.samdom.svmetal.cz 88 as
> _kerberos._tcp.Default-First-Site-Name._sites.samdom.svmetal.cz.
> Checking 0 100 88 dc01.samdom.svmetal.cz. against SRV
> _kerberos._tcp.Default-First-Site-Name._sites.samdom.svmetal.c
> z dc03x.samdom.svmetal.cz 88
> Checking 0 100 88 dc03x.samdom.svmetal.cz. against SRV
> _kerberos._tcp.Default-First-Site-Name._sites.samdom.svmetal.c
> z dc03x.samdom.svmetal.cz 88
> Looking for DNS entry SRV
> _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.samdom
.svmetal.cz dc03x.samdom.svmetal.cz 88 as _kerberos._tcp.Default-> First-Site-Name._sites.dc._msdcs.samdom.svmetal.cz.
> Checking 0 100 88 dc01.samdom.svmetal.cz. against SRV
> _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.samdom
.svmetal.cz dc03x.samdom.svmetal.cz 88
> Checking 0 100 88 dc03x.samdom.svmetal.cz. against SRV
> _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.samdom
.svmetal.cz dc03x.samdom.svmetal.cz 88
> Looking for DNS entry A gc._msdcs.samdom.svmetal.cz
> 192.168.45.1 as gc._msdcs.samdom.svmetal.cz.
> Looking for DNS entry SRV _gc._tcp.samdom.svmetal.cz
> dc03x.samdom.svmetal.cz 3268 as _gc._tcp.samdom.svmetal.cz.
> Checking 0 100 3268 dc01.samdom.svmetal.cz. against SRV
> _gc._tcp.samdom.svmetal.cz dc03x.samdom.svmetal.cz 3268
> Checking 0 100 3268 dc02x.samdom.svmetal.cz. against SRV
> _gc._tcp.samdom.svmetal.cz dc03x.samdom.svmetal.cz 3268
> Checking 0 100 3268 dc03x.samdom.svmetal.cz. against SRV
> _gc._tcp.samdom.svmetal.cz dc03x.samdom.svmetal.cz 3268
> Looking for DNS entry SRV
> _ldap._tcp.gc._msdcs.samdom.svmetal.cz
> dc03x.samdom.svmetal.cz 3268 as
> _ldap._tcp.gc._msdcs.samdom.svmetal.cz.
> Checking 0 100 3268 dc01.samdom.svmetal.cz. against SRV
> _ldap._tcp.gc._msdcs.samdom.svmetal.cz dc03x.samdom.svmetal.cz 3268
> Checking 0 100 3268 dc02x.samdom.svmetal.cz. against SRV
> _ldap._tcp.gc._msdcs.samdom.svmetal.cz dc03x.samdom.svmetal.cz 3268
> Checking 0 100 3268 dc03x.samdom.svmetal.cz. against SRV
> _ldap._tcp.gc._msdcs.samdom.svmetal.cz dc03x.samdom.svmetal.cz 3268
> Looking for DNS entry SRV
> _gc._tcp.Default-First-Site-Name._sites.samdom.svmetal.cz
> dc03x.samdom.svmetal.cz 3268 as
> _gc._tcp.Default-First-Site-Name._sites.samdom.svmetal.cz.
> Checking 0 100 3268 dc01.samdom.svmetal.cz. against SRV
> _gc._tcp.Default-First-Site-Name._sites.samdom.svmetal.cz
> dc03x.samdom.svmetal.cz 3268
> Checking 0 100 3268 dc03x.samdom.svmetal.cz. against SRV
> _gc._tcp.Default-First-Site-Name._sites.samdom.svmetal.cz
> dc03x.samdom.svmetal.cz 3268
> Looking for DNS entry SRV
> _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.samdom.svm
etal.cz dc03x.samdom.svmetal.cz 3268 as _ldap._tcp.Default-First-> Site-Name._sites.gc._msdcs.samdom.svmetal.cz.
> Checking 0 100 3268 dc01.samdom.svmetal.cz. against SRV
> _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.samdom.svm
etal.cz dc03x.samdom.svmetal.cz 3268
> Checking 0 100 3268 dc03x.samdom.svmetal.cz. against SRV
> _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.samdom.svm
etal.cz dc03x.samdom.svmetal.cz 3268
> Looking for DNS entry A DomainDnsZones.samdom.svmetal.cz
> 192.168.45.1 as DomainDnsZones.samdom.svmetal.cz.
> Looking for DNS entry SRV
> _ldap._tcp.DomainDnsZones.samdom.svmetal.cz
> dc03x.samdom.svmetal.cz 389 as
> _ldap._tcp.DomainDnsZones.samdom.svmetal.cz.
> Checking 0 100 389 dc01.samdom.svmetal.cz. against SRV
> _ldap._tcp.DomainDnsZones.samdom.svmetal.cz
> dc03x.samdom.svmetal.cz 389
> Checking 0 100 389 dc02x.samdom.svmetal.cz. against SRV
> _ldap._tcp.DomainDnsZones.samdom.svmetal.cz
> dc03x.samdom.svmetal.cz 389
> Checking 0 100 389 dc03x.samdom.svmetal.cz. against SRV
> _ldap._tcp.DomainDnsZones.samdom.svmetal.cz
> dc03x.samdom.svmetal.cz 389
> Looking for DNS entry SRV
> _ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.samdo
m.svmetal.cz dc03x.samdom.svmetal.cz 389 as _ldap._tcp.Default-> First-Site-Name._sites.DomainDnsZones.samdom.svmetal.cz.
> Checking 0 100 389 dc01.samdom.svmetal.cz. against SRV
> _ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.samdo
m.svmetal.cz dc03x.samdom.svmetal.cz 389
> Checking 0 100 389 dc03x.samdom.svmetal.cz. against SRV
> _ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.samdo
m.svmetal.cz dc03x.samdom.svmetal.cz 389
> Looking for DNS entry A ForestDnsZones.samdom.svmetal.cz
> 192.168.45.1 as ForestDnsZones.samdom.svmetal.cz.
> Looking for DNS entry SRV
> _ldap._tcp.ForestDnsZones.samdom.svmetal.cz
> dc03x.samdom.svmetal.cz 389 as
> _ldap._tcp.ForestDnsZones.samdom.svmetal.cz.
> Checking 0 100 389 dc01.samdom.svmetal.cz. against SRV
> _ldap._tcp.ForestDnsZones.samdom.svmetal.cz
> dc03x.samdom.svmetal.cz 389
> Checking 0 100 389 dc02x.samdom.svmetal.cz. against SRV
> _ldap._tcp.ForestDnsZones.samdom.svmetal.cz
> dc03x.samdom.svmetal.cz 389
> Checking 0 100 389 dc03x.samdom.svmetal.cz. against SRV
> _ldap._tcp.ForestDnsZones.samdom.svmetal.cz
> dc03x.samdom.svmetal.cz 389
> Looking for DNS entry SRV
> _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.samdo
m.svmetal.cz dc03x.samdom.svmetal.cz 389 as _ldap._tcp.Default-> First-Site-Name._sites.ForestDnsZones.samdom.svmetal.cz.
> Checking 0 100 389 dc01.samdom.svmetal.cz. against SRV
> _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.samdo
m.svmetal.cz dc03x.samdom.svmetal.cz 389
> Checking 0 100 389 dc03x.samdom.svmetal.cz. against SRV
> _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.samdo
m.svmetal.cz dc03x.samdom.svmetal.cz 389
> No DNS updates needed
>
> But samba_dnsupdate --verbose --all-names
> IPs: ['192.168.45.1']
> force update: A dc03x.samdom.svmetal.cz 192.168.45.1
> force update: NS samdom.svmetal.cz dc03x.samdom.svmetal.cz
> force update: NS _msdcs.samdom.svmetal.cz dc03x.samdom.svmetal.cz
> force update: A samdom.svmetal.cz 192.168.45.1
> force update: SRV _ldap._tcp.samdom.svmetal.cz
> dc03x.samdom.svmetal.cz 389
> force update: SRV _ldap._tcp.dc._msdcs.samdom.svmetal.cz
> dc03x.samdom.svmetal.cz 389
> force update: SRV
> _ldap._tcp.991e4476-399a-4712-a64f-a2019ed40e7b.domains._msdcs
.samdom.svmetal.cz dc03x.samdom.svmetal.cz 389
> force update: SRV _kerberos._tcp.samdom.svmetal.cz
> dc03x.samdom.svmetal.cz 88
> force update: SRV _kerberos._udp.samdom.svmetal.cz
> dc03x.samdom.svmetal.cz 88
> force update: SRV _kerberos._tcp.dc._msdcs.samdom.svmetal.cz
> dc03x.samdom.svmetal.cz 88
> force update: SRV _kpasswd._tcp.samdom.svmetal.cz
> dc03x.samdom.svmetal.cz 464
> force update: SRV _kpasswd._udp.samdom.svmetal.cz
> dc03x.samdom.svmetal.cz 464
> force update: CNAME
> a0fcd1d9-a5e2-428c-a271-ab17103bb4d0._msdcs.samdom.svmetal.cz
> dc03x.samdom.svmetal.cz
> force update: SRV
> _ldap._tcp.Default-First-Site-Name._sites.samdom.svmetal.cz
> dc03x.samdom.svmetal.cz 389
> force update: SRV
> _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.samdom.svm
etal.cz dc03x.samdom.svmetal.cz 389
> force update: SRV
> _kerberos._tcp.Default-First-Site-Name._sites.samdom.svmetal.c
> z dc03x.samdom.svmetal.cz 88
> force update: SRV
> _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.samdom
.svmetal.cz dc03x.samdom.svmetal.cz 88
> force update: A gc._msdcs.samdom.svmetal.cz 192.168.45.1
> force update: SRV _gc._tcp.samdom.svmetal.cz
> dc03x.samdom.svmetal.cz 3268
> force update: SRV _ldap._tcp.gc._msdcs.samdom.svmetal.cz
> dc03x.samdom.svmetal.cz 3268
> force update: SRV
> _gc._tcp.Default-First-Site-Name._sites.samdom.svmetal.cz
> dc03x.samdom.svmetal.cz 3268
> force update: SRV
> _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.samdom.svm
etal.cz dc03x.samdom.svmetal.cz 3268
> force update: A DomainDnsZones.samdom.svmetal.cz 192.168.45.1
> force update: SRV _ldap._tcp.DomainDnsZones.samdom.svmetal.cz
> dc03x.samdom.svmetal.cz 389
> force update: SRV
> _ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.samdo
m.svmetal.cz dc03x.samdom.svmetal.cz 389
> force update: A ForestDnsZones.samdom.svmetal.cz 192.168.45.1
> force update: SRV _ldap._tcp.ForestDnsZones.samdom.svmetal.cz
> dc03x.samdom.svmetal.cz 389
> force update: SRV
> _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.samdo
m.svmetal.cz dc03x.samdom.svmetal.cz 389
> 28 DNS updates and 0 DNS deletes needed
> Successfully obtained Kerberos ticket to
> DNS/dc01.samdom.svmetal.cz as DC03X$
> update(nsupdate): A dc03x.samdom.svmetal.cz 192.168.45.1
> Calling nsupdate for A dc03x.samdom.svmetal.cz 192.168.45.1 (add)
> Successfully obtained Kerberos ticket to
> DNS/dc01.samdom.svmetal.cz as DC03X$
> Outgoing update query:
> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
> ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
> ;; UPDATE SECTION:
> dc03x.samdom.svmetal.cz. 900 IN A 192.168.45.1
>
> ; TSIG error with server: tsig verify failure
> Failed nsupdate: 2
> update(nsupdate): NS samdom.svmetal.cz dc03x.samdom.svmetal.cz
> Calling nsupdate for NS samdom.svmetal.cz
> dc03x.samdom.svmetal.cz (add)
> Successfully obtained Kerberos ticket to
> DNS/dc01.samdom.svmetal.cz as DC03X$
> Outgoing update query:
> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
> ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
> ;; UPDATE SECTION:
> samdom.svmetal.cz. 900 IN NS dc03x.samdom.svmetal.cz.
>
> ; TSIG error with server: tsig verify failure
> Failed nsupdate: 2
> update(nsupdate): NS _msdcs.samdom.svmetal.cz dc03x.samdom.svmetal.cz
> Calling nsupdate for NS _msdcs.samdom.svmetal.cz
> dc03x.samdom.svmetal.cz (add)
> Successfully obtained Kerberos ticket to
> DNS/dc01.samdom.svmetal.cz as DC03X$
> Outgoing update query:
> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
> ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
> ;; UPDATE SECTION:
> _msdcs.samdom.svmetal.cz. 900 IN NS dc03x.samdom.svmetal.cz.
>
> ; TSIG error with server: tsig verify failure
> Failed nsupdate: 2
> update(nsupdate): A samdom.svmetal.cz 192.168.45.1
> Calling nsupdate for A samdom.svmetal.cz 192.168.45.1 (add)
> Successfully obtained Kerberos ticket to
> DNS/dc01.samdom.svmetal.cz as DC03X$
> Outgoing update query:
> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
> ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
> ;; UPDATE SECTION:
> samdom.svmetal.cz. 900 IN A 192.168.45.1
>
> ; TSIG error with server: tsig verify failure
> Failed nsupdate: 2
> update(nsupdate): SRV _ldap._tcp.samdom.svmetal.cz
> dc03x.samdom.svmetal.cz 389
> Calling nsupdate for SRV _ldap._tcp.samdom.svmetal.cz
> dc03x.samdom.svmetal.cz 389 (add)
> Successfully obtained Kerberos ticket to
> DNS/dc01.samdom.svmetal.cz as DC03X$
> Outgoing update query:
> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
> ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
> ;; UPDATE SECTION:
> _ldap._tcp.samdom.svmetal.cz. 900 IN SRV 0 100 389
> dc03x.samdom.svmetal.cz.
>
> ; TSIG error with server: tsig verify failure
> Failed nsupdate: 2
> update(nsupdate): SRV _ldap._tcp.dc._msdcs.samdom.svmetal.cz
> dc03x.samdom.svmetal.cz 389
> Calling nsupdate for SRV
> _ldap._tcp.dc._msdcs.samdom.svmetal.cz
> dc03x.samdom.svmetal.cz 389 (add)
> Successfully obtained Kerberos ticket to
> DNS/dc01.samdom.svmetal.cz as DC03X$
> Outgoing update query:
> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
> ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
> ;; UPDATE SECTION:
> _ldap._tcp.dc._msdcs.samdom.svmetal.cz. 900 IN SRV 0 100
> 389 dc03x.samdom.svmetal.cz.
>
> ; TSIG error with server: tsig verify failure
> Failed nsupdate: 2
> update(nsupdate): SRV
> _ldap._tcp.991e4476-399a-4712-a64f-a2019ed40e7b.domains._msdcs
.samdom.svmetal.cz dc03x.samdom.svmetal.cz 389
> Calling nsupdate for SRV
> _ldap._tcp.991e4476-399a-4712-a64f-a2019ed40e7b.domains._msdcs
.samdom.svmetal.cz dc03x.samdom.svmetal.cz 389 (add)
> Successfully obtained Kerberos ticket to
> DNS/dc01.samdom.svmetal.cz as DC03X$
> Outgoing update query:
> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
> ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
> ;; UPDATE SECTION:
> _ldap._tcp.991e4476-399a-4712-a64f-a2019ed40e7b.domains._msdcs
.samdom.svmetal.cz. 900 IN SRV 0 100 389 dc03x.samdom.svmetal.cz.
>
> ; TSIG error with server: tsig verify failure
> Failed nsupdate: 2
> update(nsupdate): SRV _kerberos._tcp.samdom.svmetal.cz
> dc03x.samdom.svmetal.cz 88
> Calling nsupdate for SRV _kerberos._tcp.samdom.svmetal.cz
> dc03x.samdom.svmetal.cz 88 (add)
> Successfully obtained Kerberos ticket to
> DNS/dc01.samdom.svmetal.cz as DC03X$
> Outgoing update query:
> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
> ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
> ;; UPDATE SECTION:
> _kerberos._tcp.samdom.svmetal.cz. 900 IN SRV 0 100 88
> dc03x.samdom.svmetal.cz.
>
> ; TSIG error with server: tsig verify failure
> Failed nsupdate: 2
> update(nsupdate): SRV _kerberos._udp.samdom.svmetal.cz
> dc03x.samdom.svmetal.cz 88
> Calling nsupdate for SRV _kerberos._udp.samdom.svmetal.cz
> dc03x.samdom.svmetal.cz 88 (add)
> Successfully obtained Kerberos ticket to
> DNS/dc01.samdom.svmetal.cz as DC03X$
> Outgoing update query:
> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
> ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
> ;; UPDATE SECTION:
> _kerberos._udp.samdom.svmetal.cz. 900 IN SRV 0 100 88
> dc03x.samdom.svmetal.cz.
>
> ; TSIG error with server: tsig verify failure
> Failed nsupdate: 2
> update(nsupdate): SRV
> _kerberos._tcp.dc._msdcs.samdom.svmetal.cz dc03x.samdom.svmetal.cz 88
> Calling nsupdate for SRV
> _kerberos._tcp.dc._msdcs.samdom.svmetal.cz
> dc03x.samdom.svmetal.cz 88 (add)
> Successfully obtained Kerberos ticket to
> DNS/dc01.samdom.svmetal.cz as DC03X$
> Outgoing update query:
> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
> ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
> ;; UPDATE SECTION:
> _kerberos._tcp.dc._msdcs.samdom.svmetal.cz. 900 IN SRV 0
> 100 88 dc03x.samdom.svmetal.cz.
>
> ; TSIG error with server: tsig verify failure
> Failed nsupdate: 2
> update(nsupdate): SRV _kpasswd._tcp.samdom.svmetal.cz
> dc03x.samdom.svmetal.cz 464
> Calling nsupdate for SRV _kpasswd._tcp.samdom.svmetal.cz
> dc03x.samdom.svmetal.cz 464 (add)
> Successfully obtained Kerberos ticket to
> DNS/dc01.samdom.svmetal.cz as DC03X$
> Outgoing update query:
> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
> ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
> ;; UPDATE SECTION:
> _kpasswd._tcp.samdom.svmetal.cz. 900 IN SRV 0 100 464
> dc03x.samdom.svmetal.cz.
>
> ; TSIG error with server: tsig verify failure
> Failed nsupdate: 2
> update(nsupdate): SRV _kpasswd._udp.samdom.svmetal.cz
> dc03x.samdom.svmetal.cz 464
> Calling nsupdate for SRV _kpasswd._udp.samdom.svmetal.cz
> dc03x.samdom.svmetal.cz 464 (add)
> Successfully obtained Kerberos ticket to
> DNS/dc01.samdom.svmetal.cz as DC03X$
> Outgoing update query:
> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
> ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
> ;; UPDATE SECTION:
> _kpasswd._udp.samdom.svmetal.cz. 900 IN SRV 0 100 464
> dc03x.samdom.svmetal.cz.
>
> ; TSIG error with server: tsig verify failure
> Failed nsupdate: 2
> update(nsupdate): CNAME
> a0fcd1d9-a5e2-428c-a271-ab17103bb4d0._msdcs.samdom.svmetal.cz
> dc03x.samdom.svmetal.cz
> Calling nsupdate for CNAME
> a0fcd1d9-a5e2-428c-a271-ab17103bb4d0._msdcs.samdom.svmetal.cz
> dc03x.samdom.svmetal.cz (add)
> Successfully obtained Kerberos ticket to
> DNS/dc01.samdom.svmetal.cz as DC03X$
> Outgoing update query:
> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
> ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
> ;; UPDATE SECTION:
> a0fcd1d9-a5e2-428c-a271-ab17103bb4d0._msdcs.samdom.svmetal.cz.
> 900 IN CNAME dc03x.samdom.svmetal.cz.
>
> ; TSIG error with server: tsig verify failure
> Failed nsupdate: 2
> update(nsupdate): SRV
> _ldap._tcp.Default-First-Site-Name._sites.samdom.svmetal.cz
> dc03x.samdom.svmetal.cz 389
> Calling nsupdate for SRV
> _ldap._tcp.Default-First-Site-Name._sites.samdom.svmetal.cz
> dc03x.samdom.svmetal.cz 389 (add)
> Successfully obtained Kerberos ticket to
> DNS/dc01.samdom.svmetal.cz as DC03X$
> Outgoing update query:
> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
> ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
> ;; UPDATE SECTION:
> _ldap._tcp.Default-First-Site-Name._sites.samdom.svmetal.cz.
> 900 IN SRV 0 100 389 dc03x.samdom.svmetal.cz.
>
> ; TSIG error with server: tsig verify failure
> Failed nsupdate: 2
> update(nsupdate): SRV
> _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.samdom.svm
etal.cz dc03x.samdom.svmetal.cz 389
> Calling nsupdate for SRV
> _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.samdom.svm
etal.cz dc03x.samdom.svmetal.cz 389 (add)
> Successfully obtained Kerberos ticket to
> DNS/dc01.samdom.svmetal.cz as DC03X$
> Outgoing update query:
> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
> ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
> ;; UPDATE SECTION:
> _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.samdom.svm
etal.cz. 900 IN SRV 0 100 389 dc03x.samdom.svmetal.cz.
>
> ; TSIG error with server: tsig verify failure
> Failed nsupdate: 2
> update(nsupdate): SRV
> _kerberos._tcp.Default-First-Site-Name._sites.samdom.svmetal.c
> z dc03x.samdom.svmetal.cz 88
> Calling nsupdate for SRV
> _kerberos._tcp.Default-First-Site-Name._sites.samdom.svmetal.c
> z dc03x.samdom.svmetal.cz 88 (add)
> Successfully obtained Kerberos ticket to
> DNS/dc01.samdom.svmetal.cz as DC03X$
> Outgoing update query:
> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
> ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
> ;; UPDATE SECTION:
> _kerberos._tcp.Default-First-Site-Name._sites.samdom.svmetal.c
> z. 900 IN SRV 0 100 88 dc03x.samdom.svmetal.cz.
>
> ; TSIG error with server: tsig verify failure
> Failed nsupdate: 2
> update(nsupdate): SRV
> _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.samdom
.svmetal.cz dc03x.samdom.svmetal.cz 88
> Calling nsupdate for SRV
> _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.samdom
.svmetal.cz dc03x.samdom.svmetal.cz 88 (add)
> Successfully obtained Kerberos ticket to
> DNS/dc01.samdom.svmetal.cz as DC03X$
> Outgoing update query:
> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
> ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
> ;; UPDATE SECTION:
> _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.samdom
.svmetal.cz. 900 IN SRV 0 100 88 dc03x.samdom.svmetal.cz.
>
> ; TSIG error with server: tsig verify failure
> Failed nsupdate: 2
> update(nsupdate): A gc._msdcs.samdom.svmetal.cz 192.168.45.1
> Calling nsupdate for A gc._msdcs.samdom.svmetal.cz 192.168.45.1 (add)
> Successfully obtained Kerberos ticket to
> DNS/dc01.samdom.svmetal.cz as DC03X$
> Outgoing update query:
> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
> ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
> ;; UPDATE SECTION:
> gc._msdcs.samdom.svmetal.cz. 900 IN A 192.168.45.1
>
> ; TSIG error with server: tsig verify failure
> Failed nsupdate: 2
> update(nsupdate): SRV _gc._tcp.samdom.svmetal.cz
> dc03x.samdom.svmetal.cz 3268
> Calling nsupdate for SRV _gc._tcp.samdom.svmetal.cz
> dc03x.samdom.svmetal.cz 3268 (add)
> Successfully obtained Kerberos ticket to
> DNS/dc01.samdom.svmetal.cz as DC03X$
> Outgoing update query:
> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
> ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
> ;; UPDATE SECTION:
> _gc._tcp.samdom.svmetal.cz. 900 IN SRV 0 100 3268
> dc03x.samdom.svmetal.cz.
>
> ; TSIG error with server: tsig verify failure
> Failed nsupdate: 2
> update(nsupdate): SRV _ldap._tcp.gc._msdcs.samdom.svmetal.cz
> dc03x.samdom.svmetal.cz 3268
> Calling nsupdate for SRV
> _ldap._tcp.gc._msdcs.samdom.svmetal.cz
> dc03x.samdom.svmetal.cz 3268 (add)
> Successfully obtained Kerberos ticket to
> DNS/dc01.samdom.svmetal.cz as DC03X$
> Outgoing update query:
> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
> ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
> ;; UPDATE SECTION:
> _ldap._tcp.gc._msdcs.samdom.svmetal.cz. 900 IN SRV 0 100
> 3268 dc03x.samdom.svmetal.cz.
>
> ; TSIG error with server: tsig verify failure
> Failed nsupdate: 2
> update(nsupdate): SRV
> _gc._tcp.Default-First-Site-Name._sites.samdom.svmetal.cz
> dc03x.samdom.svmetal.cz 3268
> Calling nsupdate for SRV
> _gc._tcp.Default-First-Site-Name._sites.samdom.svmetal.cz
> dc03x.samdom.svmetal.cz 3268 (add)
> Successfully obtained Kerberos ticket to
> DNS/dc01.samdom.svmetal.cz as DC03X$
> Outgoing update query:
> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
> ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
> ;; UPDATE SECTION:
> _gc._tcp.Default-First-Site-Name._sites.samdom.svmetal.cz.
> 900 IN SRV 0 100 3268 dc03x.samdom.svmetal.cz.
>
> ; TSIG error with server: tsig verify failure
> Failed nsupdate: 2
> update(nsupdate): SRV
> _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.samdom.svm
etal.cz dc03x.samdom.svmetal.cz 3268
> Calling nsupdate for SRV
> _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.samdom.svm
etal.cz dc03x.samdom.svmetal.cz 3268 (add)
> Successfully obtained Kerberos ticket to
> DNS/dc01.samdom.svmetal.cz as DC03X$
> Outgoing update query:
> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
> ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
> ;; UPDATE SECTION:
> _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.samdom.svm
etal.cz. 900 IN SRV 0 100 3268 dc03x.samdom.svmetal.cz.
>
> ; TSIG error with server: tsig verify failure
> Failed nsupdate: 2
> update(nsupdate): A DomainDnsZones.samdom.svmetal.cz 192.168.45.1
> Calling nsupdate for A DomainDnsZones.samdom.svmetal.cz
> 192.168.45.1 (add)
> Successfully obtained Kerberos ticket to
> DNS/dc01.samdom.svmetal.cz as DC03X$
> Outgoing update query:
> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
> ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
> ;; UPDATE SECTION:
> DomainDnsZones.samdom.svmetal.cz. 900 IN A 192.168.45.1
>
> ; TSIG error with server: tsig verify failure
> Failed nsupdate: 2
> update(nsupdate): SRV
> _ldap._tcp.DomainDnsZones.samdom.svmetal.cz
> dc03x.samdom.svmetal.cz 389
> Calling nsupdate for SRV
> _ldap._tcp.DomainDnsZones.samdom.svmetal.cz
> dc03x.samdom.svmetal.cz 389 (add)
> Successfully obtained Kerberos ticket to
> DNS/dc01.samdom.svmetal.cz as DC03X$
> Outgoing update query:
> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
> ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
> ;; UPDATE SECTION:
> _ldap._tcp.DomainDnsZones.samdom.svmetal.cz. 900 IN SRV 0
> 100 389 dc03x.samdom.svmetal.cz.
>
> ; TSIG error with server: tsig verify failure
> Failed nsupdate: 2
> update(nsupdate): SRV
> _ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.samdo
m.svmetal.cz dc03x.samdom.svmetal.cz 389
> Calling nsupdate for SRV
> _ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.samdo
m.svmetal.cz dc03x.samdom.svmetal.cz 389 (add)
> Successfully obtained Kerberos ticket to
> DNS/dc01.samdom.svmetal.cz as DC03X$
> Outgoing update query:
> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
> ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
> ;; UPDATE SECTION:
> _ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.samdo
m.svmetal.cz. 900 IN SRV 0 100 389 dc03x.samdom.svmetal.cz.
>
> ; TSIG error with server: tsig verify failure
> Failed nsupdate: 2
> update(nsupdate): A ForestDnsZones.samdom.svmetal.cz 192.168.45.1
> Calling nsupdate for A ForestDnsZones.samdom.svmetal.cz
> 192.168.45.1 (add)
> Successfully obtained Kerberos ticket to
> DNS/dc01.samdom.svmetal.cz as DC03X$
> Outgoing update query:
> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
> ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
> ;; UPDATE SECTION:
> ForestDnsZones.samdom.svmetal.cz. 900 IN A 192.168.45.1
>
> ; TSIG error with server: tsig verify failure
> Failed nsupdate: 2
> update(nsupdate): SRV
> _ldap._tcp.ForestDnsZones.samdom.svmetal.cz
> dc03x.samdom.svmetal.cz 389
> Calling nsupdate for SRV
> _ldap._tcp.ForestDnsZones.samdom.svmetal.cz
> dc03x.samdom.svmetal.cz 389 (add)
> Successfully obtained Kerberos ticket to
> DNS/dc01.samdom.svmetal.cz as DC03X$
> Outgoing update query:
> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
> ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
> ;; UPDATE SECTION:
> _ldap._tcp.ForestDnsZones.samdom.svmetal.cz. 900 IN SRV 0
> 100 389 dc03x.samdom.svmetal.cz.
>
> ; TSIG error with server: tsig verify failure
> Failed nsupdate: 2
> update(nsupdate): SRV
> _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.samdo
m.svmetal.cz dc03x.samdom.svmetal.cz 389
> Calling nsupdate for SRV
> _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.samdo
m.svmetal.cz dc03x.samdom.svmetal.cz 389 (add)
> Successfully obtained Kerberos ticket to
> DNS/dc01.samdom.svmetal.cz as DC03X$
> Outgoing update query:
> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
> ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
> ;; UPDATE SECTION:
> _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.samdo
m.svmetal.cz. 900 IN SRV 0 100 389 dc03x.samdom.svmetal.cz.
>
> ; TSIG error with server: tsig verify failure
> Failed nsupdate: 2
> Failed update of 28 entries
>
> But it's nothing new, that errors I've seen from 4.2 until now.
>
> > It shouldn't have been 'painful' to upgrade, you could have
> done an in
> > place dist-upgrade. If this is not possible, you should have demoted
> > the old one and then joined a new DC with the same IP but a
> new name.
> > There is another flaw in your thinking, all DC's running a dns
> > nameserver are SOA masters.No, you cannot upgrade CentOS 6
> to 7 inplace.
> And I'm sorry for misunderstanding with SOA. Only one DC
> should be primary server in SOA (the very first provisioned
> DC), but that DC and all another DCs are NS for domain zones.
> But if you demote that first DC (primary in SOA), the record
> for that DC will remain in SOA. I tested it in lab
> environment and Bind threw errors because of that.
> Moreover samba-tool domain demote remain many things in DNS
> and you have to run samba-tool domain demote
> --remove-other-dead-server= also. And manually delete rest
> for sure. Thats pain.
> And I don't know how others, but I tested FSMO transfer on
> 4.7 (both DCs) and also 4.8 (both DCs) at it also didn't
> performed well. I hit some kind of timeouts during transfer
> and I had to run it 7 times to transfer all roles.It was
> really painfull in our environment. But it's quite old (from
> Samba 4.2) a classiupgraded, so quite different than default
> provisioned.Actually, I'm really glad our domain works at
> least with nonsecure internal DNS;)
> > That is where I expected them to be ;-)
> > The only thing that can change the dns records is whatever
> owns them,
> > it looks like whatever is trying to change the records is
> being refused
> > because it doesn't own them.Ok. But is there some insecure
> workaround? How do that internal server with "nonsecure"
> options? As I wrote in the first mail, I have no problem with
> forcing Bind to do thing insecure.Jiri
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list