[Samba] client @0x7f6ed800bc20 172.16.5.86#62582: update 'campus.company.intra/IN' denied
Elias Pereira
empbilly at gmail.com
Tue Jul 3 13:37:29 UTC 2018
>
> auth-nxdomain yes; # conform to RFC1035 =no
Why do you use this variable as "yes"? :)
Note the lack of './daemon.log.1:33430:'. I have '/var/log/deamon.log'
> and it contains lines in the format above, they all start with the date.
I used a grep to find the lines with "denied" and posted. If I get the logs
directly from syslog, it usually appears with the date at startup.
Jul 3 10:07:45 dc3 named[31128]: client @0x7fd9a0059800
172.16.4.252#51989: update 'campus.company.intra/IN' denied
Jul 3 10:07:45 dc3 named[31128]: client @0x7fd9a0059800 10.10.4.119#63432:
update 'campus.company.intra/IN' denied
Jul 3 10:07:45 dc3 named[31128]: client @0x7fd9a0059800
172.16.4.252#62280: update 'campus.company.intra/IN' denied
Jul 3 10:07:52 dc3 named[31128]: client @0x7fd9a4070a90 10.10.4.50#58891:
update
The lines show that various clients are being denied updating a record,
> this may be perfectly okay, they may not own the record. Do you have
> anything else updating the records, DHCP for instance. If so, the
> problem does not lie on the DC, it lies on the clients and they need to
> be told to stop trying to update their own records.
Our dchp is a pfsense and the settings are basic.
Any other thing that I can do for test?
On Tue, Jul 3, 2018 at 4:51 AM Rowland Penny via samba <
samba at lists.samba.org> wrote:
> On Mon, 2 Jul 2018 22:56:39 -0300
> Elias Pereira via samba <samba at lists.samba.org> wrote:
>
> > >
> > > I don't know what error you are getting, even if you have posted it,
> > > can you post the full error. Can you please post all the lines from
> > > syslog around the error and not just the error.
> >
> >
> > The only logs that show is below.
> >
> > ./daemon.log.1:33430:Jul 2 06:16:28 dc3 named[9754]: client
> > 10.10.4.3#52074: update 'campus.company.intra/IN' denied
> > ./daemon.log.1:33432:Jul 2 06:17:03 dc3 named[9754]: client
> > 10.10.1.2#58780: update 'campus. company.intra /IN' denied
> > ./daemon.log.1:33433:Jul 2 06:17:03 dc3 named[9754]: client
> > 10.10.1.2#56611: update 'campus. company.intra /IN' denied
> > ./daemon.log.1:33436:Jul 2 06:18:53 dc3 named[9754]: client
> > 10.10.5.12#60664: update 'campus. company.intra /IN' denied
> > ./daemon.log.1:33442:Jul 2 06:24:43 dc3 named[9754]: client
> > 10.10.5.12#55716: update 'campus. company.intra /IN' denied
> >
> > Maybe execute dlz_bind9_11.so in *debug*
> > <
> https://wiki.samba.org/index.php/BIND9_DLZ_DNS_Back_End#Debugging_the_BIND9_DLZ_Module
> >mode
> > for more information?
> >
>
> You could try that, but that log fragment looks a bit different from
> mine. Okay, I do not have any lines similar to yours, but if I did, I
> feel they would look like this:
>
> Jul 2 06:16:28 dc3 named[9754]: client 10.10.4.3#52074: update
> 'campus.company.intra/IN' denied
> Jul 2 06:17:03 dc3 named[9754]: client 10.10.1.2#58780: update 'campus.
> company.intra /IN' denied
> Jul 2 06:17:03 dc3 named[9754]: client 10.10.1.2#56611: update 'campus.
> company.intra /IN' denied
> Jul 2 06:18:53 dc3 named[9754]: client 10.10.5.12#60664: update 'campus.
> company.intra /IN' denied
> Jul 2 06:24:43 dc3 named[9754]: client 10.10.5.12#55716: update 'campus.
> company.intra /IN' denied
>
> Note the lack of './daemon.log.1:33430:'. I have '/var/log/deamon.log'
> and it contains lines in the format above, they all start with the date.
>
> The lines show that various clients are being denied updating a record,
> this may be perfectly okay, they may not own the record. Do you have
> anything else updating the records, DHCP for instance. If so, the
> problem does not lie on the DC, it lies on the clients and they need to
> be told to stop trying to update their own records.
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
--
Elias Pereira
More information about the samba
mailing list