[Samba] client @0x7f6ed800bc20 172.16.5.86#62582: update 'campus.company.intra/IN' denied

Elias Pereira empbilly at gmail.com
Tue Jul 3 01:56:39 UTC 2018 

>
> I don't know what error you are getting, even if you have posted it,
> can you post the full error. Can you please post all the lines from
> syslog around the error and not just the error.


The only logs that show is below.

./daemon.log.1:33430:Jul  2 06:16:28 dc3 named[9754]: client
10.10.4.3#52074: update 'campus.company.intra/IN' denied
./daemon.log.1:33432:Jul  2 06:17:03 dc3 named[9754]: client
10.10.1.2#58780: update 'campus. company.intra /IN' denied
./daemon.log.1:33433:Jul  2 06:17:03 dc3 named[9754]: client
10.10.1.2#56611: update 'campus. company.intra /IN' denied
./daemon.log.1:33436:Jul  2 06:18:53 dc3 named[9754]: client
10.10.5.12#60664: update 'campus. company.intra /IN' denied
./daemon.log.1:33442:Jul  2 06:24:43 dc3 named[9754]: client
10.10.5.12#55716: update 'campus. company.intra /IN' denied

Maybe execute dlz_bind9_11.so in *debug*
<https://wiki.samba.org/index.php/BIND9_DLZ_DNS_Back_End#Debugging_the_BIND9_DLZ_Module>mode
for more information?

On Mon, Jul 2, 2018 at 2:50 PM Rowland Penny via samba <
samba at lists.samba.org> wrote:

> On Mon, 2 Jul 2018 14:22:36 -0300
> Elias Pereira via samba <samba at lists.samba.org> wrote:
>
> > >
> > > I repeat, Bind 9.12.x is unsupported at this time, just because it
> > > worked once is no reason to use it. It may have nothing to do with
> > > your problem, but using a supported Bind version will rule it out.
> >
> >
> > Ok. :)
> >
> > I'll reinstall using supported version 9.11.3-2
> >
> > OK, your server, but I think you should be aware that I have been
> > using
> > > Bind9 with Samba since December 2012 and I have never used the
> > > rndc.key
> >
> >
> > Without these entries, the error below always appears in the logs.
> >
> > Jul  2 12:37:23 dc3 named[20416]: configuring command channel from
> > '/etc/bind/rndc.key'
> > Jul  2 12:37:23 dc3 named[20416]: couldn't add command
> > channel ::1#953: address not available
> >
>
> okay, perhaps I should have said that I have never had any mention of
> rndc.key in the bind conf files. I use Devuan and this splits the named
> conf files into separate parts, I only alter two of these:
>
> /etc/bind/named.conf.options
>
> options {
>         directory "/var/cache/bind";
>         version "0.0.7";
>
>         forwarders { 8.8.8.8; 8.8.4.4; };
>
>         dnssec-validation no;
>
>         auth-nxdomain yes;    # conform to RFC1035 =no
>         listen-on-v6 { none; };
>         listen-on port 53 { 192.168.0.6; 127.0.0.1; };
>         notify no;
>         empty-zones-enable no;
>
>         //  Add any subnets or hosts you want to allow to use this DNS
> server
>         allow-query { 192.168.0.0/24; 127.0.0.1/32; };
>         //  Add any subnets or hosts you want to allow to use recursive
> queries
>         allow-recursion {  192.168.0.0/24; 127.0.0.1/32; };
>
>         tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
> };
>
>
> /etc/bind/named.conf.local
>
> include "/var/lib/samba/private/named.conf";
>
> When I restart Bind9, I get (amongst the other lines) these lines
> in /var/log/syslog
>
> Jul  2 18:32:57 dc4 named[3133]: set up managed keys zone for view
> _default, file 'managed-keys.bind'
> Jul  2 18:32:57 dc4 named[3133]: configuring command channel from
> '/etc/bind/rndc.key'
> Jul  2 18:32:57 dc4 named[3133]: command channel listening on 127.0.0.1#953
> Jul  2 18:32:57 dc4 named[3133]: configuring command channel from
> '/etc/bind/rndc.key'
> Jul  2 18:32:57 dc4 named[3133]: command channel listening on ::1#953
>
> So I don't have the lines in the named conf files but it is still used,
> you need to find out why it doesn't work for you.
>
> >
> > Client update denied error still remains in the logs.
>
> I don't know what error you are getting, even if you have posted it,
> can you post the full error. Can you please post all the lines from
> syslog around the error and not just the error.
>
> >
> > Does this error interfere with client updates with ADDC or is this
> > something with bind?
>
> No, the rndc error is for the command channel and I am sure this isn't
> affecting updates.
>
> Rowland
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


-- 
Elias Pereira

More information about the samba mailing list