[Samba] client @0x7f6ed800bc20 172.16.5.86#62582: update 'campus.company.intra/IN' denied

Elias Pereira empbilly at gmail.com
Mon Jul 2 13:27:58 UTC 2018


Hello,

The error described in the email title happens in version 9.10 of the bind
that I have installed in our main DC. In face of that, I found the samba
wiki article that talks about this problem.
https://wiki.samba.org/index.php/Using_BIND_DLZ_backend_with_secured_/_signed_DNS_updates

I made a new installation via source with the suggested options:

root at dc3:~# fakeroot ./configure --prefix=/usr --mandir=/usr/share/man
--infodir=/usr/share/info --sysconfdir=/etc/bind --localstatedir=/var
--enable-threads --enable-largefile --with-libtool --enable-shared
--enable-static --with-openssl=/usr --with-gssapi=/usr --with-gnu-ld
--with-dlz-postgres=no --with-dlz-mysql=no --with-dlz-bdb=yes
--with-dlz-filesystem=yes --with-dlz-ldap=yes --with-dlz-stub=yes
--with-dlopen=yes --with-geoip=/usr --enable-ipv6
CFLAGS=-fno-strict-aliasing

root at dc3:~# named -v
BIND 9.12.1-P2 <id:14b0e01>

root at dc3:/etc/bind# named-checkconf OK

samba_dnsupdate --verbose --all-names OK

samba-tool dbcheck --cross-ncs --reset-well-known-acls --fix --yes OK

named.conf.options
options {
        directory "/var/cache/bind";
        version "non3";

        forwarders { xxx.xxx.xxx.xxx; }; #public IP

        allow-query { internal; };

        #dnssec-enable no;
        dnssec-validation no;
        #dnssec-lookaside auto;

        tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";

        auth-nxdomain no;    # conform to RFC1035

        listen-on port 53 { 127.0.0.1; xxx.xxx.xxx.xxx; }; #public IP
        #listen-on-v6 { none; };

        zone-statistics yes;
        statistics-file "/var/log/named/stats/named_stats.log";
};

include "/etc/bind/rndc.key";
controls {
        inet 127.0.0.1 allow { localhost; } keys { rndc-key;};
};

acl "internal" {
        172.16.0.0/16;
        10.10.4.0/24;
        10.10.5.0/26;
        xxx.xxx.xxx.xxx/26;
        10.59.0.0/16;
        10.41.0.0/22;
        10.42.2.0/24;
        10.50.0.0/22;
        10.51.0.0/23;
        10.52.0.0/24;
        10.40.0.0/16;
        10.10.1.0/26;
        xxx.xxx.xxx.xxx/26;
        10.10.10.0/26;
};

For example, if the 172.16.5.86 client is offline, can it cause the error?

Any idea?

-- 
Elias Pereira


More information about the samba mailing list