[Samba] client @0x7f6ed800bc20 172.16.5.86#62582: update 'campus.company.intra/IN' denied
Elias Pereira
empbilly at gmail.com
Mon Jul 2 13:27:58 UTC 2018
Hello,
The error described in the email title happens in version 9.10 of the bind
that I have installed in our main DC. In face of that, I found the samba
wiki article that talks about this problem.
https://wiki.samba.org/index.php/Using_BIND_DLZ_backend_with_secured_/_signed_DNS_updates
I made a new installation via source with the suggested options:
root at dc3:~# fakeroot ./configure --prefix=/usr --mandir=/usr/share/man
--infodir=/usr/share/info --sysconfdir=/etc/bind --localstatedir=/var
--enable-threads --enable-largefile --with-libtool --enable-shared
--enable-static --with-openssl=/usr --with-gssapi=/usr --with-gnu-ld
--with-dlz-postgres=no --with-dlz-mysql=no --with-dlz-bdb=yes
--with-dlz-filesystem=yes --with-dlz-ldap=yes --with-dlz-stub=yes
--with-dlopen=yes --with-geoip=/usr --enable-ipv6
CFLAGS=-fno-strict-aliasing
root at dc3:~# named -v
BIND 9.12.1-P2 <id:14b0e01>
root at dc3:/etc/bind# named-checkconf OK
samba_dnsupdate --verbose --all-names OK
samba-tool dbcheck --cross-ncs --reset-well-known-acls --fix --yes OK
named.conf.options
options {
directory "/var/cache/bind";
version "non3";
forwarders { xxx.xxx.xxx.xxx; }; #public IP
allow-query { internal; };
#dnssec-enable no;
dnssec-validation no;
#dnssec-lookaside auto;
tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
auth-nxdomain no; # conform to RFC1035
listen-on port 53 { 127.0.0.1; xxx.xxx.xxx.xxx; }; #public IP
#listen-on-v6 { none; };
zone-statistics yes;
statistics-file "/var/log/named/stats/named_stats.log";
};
include "/etc/bind/rndc.key";
controls {
inet 127.0.0.1 allow { localhost; } keys { rndc-key;};
};
acl "internal" {
172.16.0.0/16;
10.10.4.0/24;
10.10.5.0/26;
xxx.xxx.xxx.xxx/26;
10.59.0.0/16;
10.41.0.0/22;
10.42.2.0/24;
10.50.0.0/22;
10.51.0.0/23;
10.52.0.0/24;
10.40.0.0/16;
10.10.1.0/26;
xxx.xxx.xxx.xxx/26;
10.10.10.0/26;
};
For example, if the 172.16.5.86 client is offline, can it cause the error?
Any idea?
--
Elias Pereira
More information about the samba
mailing list