[Samba] Samba, AD, 'short' name resolving...
Marco Gaiarin
gaio at sv.lnf.it
Fri Jun 8 10:04:30 UTC 2018
> You are meaning here, literally: windows client try to register/update
> DNS using ONLY the dns provided by DHCP?
> Or, speaking differently the same thing, windows client suppose blindly
> that DNS got by DHCP ARE AD DCs?
Ok, DNS registration seems to work, but on a (form me) strange way...
Spotted in logs:
Jun 8 10:14:25 vdcud1 named[1049]: client 10.5.2.127#50250: request has invalid signature: TSIG 1592-ms-7.34-f336b9d.cc4eac93-69d4-11e8-1eb6-dc4a3e58a634 (QUIRINIUS\$\@AD.FVG.LNF.IT): tsig verify failure (BADSIG)
Jun 8 10:19:05 vdcud1 named[1049]: samba_dlz: starting transaction on zone ad.fvg.lnf.it
Jun 8 10:19:05 vdcud1 named[1049]: client 10.5.2.127#56413: update 'ad.fvg.lnf.it/IN' denied
Jun 8 10:19:05 vdcud1 named[1049]: samba_dlz: cancelling transaction on zone ad.fvg.lnf.it
note that '10.5.2.127' is in a different 'site' from vdcud1. Also, the
link under which vdcud1 is located now suffer major troubles, so some
network errors are expected.
Effectively, after some seconds:
Jun 8 10:19:06 vdcud1 named[1049]: samba_dlz: starting transaction on zone ad.fvg.lnf.it
Jun 8 10:19:06 vdcud1 named[1049]: samba_dlz: allowing update of signer=QUIRINIUS\$\@AD.FVG.LNF.IT name=QUIRINIUS.ad.fvg.lnf.it tcpaddr= type=AAAA key=1592-ms-7.35-f37ffc1.cc4eac93-69d4-11e8-1eb6-dc4a3e58a634/160/0
Jun 8 10:19:06 vdcud1 named[1049]: samba_dlz: allowing update of signer=QUIRINIUS\$\@AD.FVG.LNF.IT name=QUIRINIUS.ad.fvg.lnf.it tcpaddr= type=A key=1592-ms-7.35-f37ffc1.cc4eac93-69d4-11e8-1eb6-dc4a3e58a634/160/0
Jun 8 10:19:06 vdcud1 named[1049]: samba_dlz: allowing update of signer=QUIRINIUS\$\@AD.FVG.LNF.IT name=QUIRINIUS.ad.fvg.lnf.it tcpaddr= type=A key=1592-ms-7.35-f37ffc1.cc4eac93-69d4-11e8-1eb6-dc4a3e58a634/160/0
Jun 8 10:19:06 vdcud1 named[1049]: client 10.5.2.127#50735/key QUIRINIUS\$\@AD.FVG.LNF.IT: updating zone 'ad.fvg.lnf.it/NONE': deleting rrset at 'QUIRINIUS.ad.fvg.lnf.it' AAAA
Jun 8 10:19:06 vdcud1 named[1049]: client 10.5.2.127#50735/key QUIRINIUS\$\@AD.FVG.LNF.IT: updating zone 'ad.fvg.lnf.it/NONE': deleting rrset at 'QUIRINIUS.ad.fvg.lnf.it' A
Jun 8 10:19:06 vdcud1 named[1049]: samba_dlz: subtracted rdataset QUIRINIUS.ad.fvg.lnf.it 'QUIRINIUS.ad.fvg.lnf.it.#0111200#011IN#011A#01110.5.2.127'
Jun 8 10:19:06 vdcud1 named[1049]: client 10.5.2.127#50735/key QUIRINIUS\$\@AD.FVG.LNF.IT: updating zone 'ad.fvg.lnf.it/NONE': adding an RR at 'QUIRINIUS.ad.fvg.lnf.it' A
Jun 8 10:19:06 vdcud1 named[1049]: samba_dlz: added rdataset QUIRINIUS.ad.fvg.lnf.it 'QUIRINIUS.ad.fvg.lnf.it.#0111200#011IN#011A#01110.5.2.127'
Jun 8 10:19:06 vdcud1 named[1049]: samba_dlz: committed transaction on zone ad.fvg.lnf.it
Jun 8 10:19:06 vdcud1 named[1049]: samba_dlz: starting transaction on zone ad.fvg.lnf.it
Jun 8 10:19:06 vdcud1 named[1049]: client 10.5.2.127#49227: update 'ad.fvg.lnf.it/IN' denied
Jun 8 10:19:06 vdcud1 named[1049]: samba_dlz: cancelling transaction on zone ad.fvg.lnf.it
Jun 8 10:19:06 vdcud1 named[1049]: samba_dlz: starting transaction on zone ad.fvg.lnf.it
Jun 8 10:19:06 vdcud1 named[1049]: samba_dlz: allowing update of signer=QUIRINIUS\$\@AD.FVG.LNF.IT name=QUIRINIUS.ad.fvg.lnf.it tcpaddr= type=AAAA key=1592-ms-7.35-f37ffc1.cc4eac93-69d4-11e8-1eb6-dc4a3e58a634/160/0
Jun 8 10:19:06 vdcud1 named[1049]: samba_dlz: allowing update of signer=QUIRINIUS\$\@AD.FVG.LNF.IT name=QUIRINIUS.ad.fvg.lnf.it tcpaddr= type=A key=1592-ms-7.35-f37ffc1.cc4eac93-69d4-11e8-1eb6-dc4a3e58a634/160/0
Jun 8 10:19:06 vdcud1 named[1049]: samba_dlz: allowing update of signer=QUIRINIUS\$\@AD.FVG.LNF.IT name=QUIRINIUS.ad.fvg.lnf.it tcpaddr= type=A key=1592-ms-7.35-f37ffc1.cc4eac93-69d4-11e8-1eb6-dc4a3e58a634/160/0
Jun 8 10:19:06 vdcud1 named[1049]: client 10.5.2.127#53254/key QUIRINIUS\$\@AD.FVG.LNF.IT: updating zone 'ad.fvg.lnf.it/NONE': deleting rrset at 'QUIRINIUS.ad.fvg.lnf.it' AAAA
Jun 8 10:19:06 vdcud1 named[1049]: client 10.5.2.127#53254/key QUIRINIUS\$\@AD.FVG.LNF.IT: updating zone 'ad.fvg.lnf.it/NONE': deleting rrset at 'QUIRINIUS.ad.fvg.lnf.it' A
Jun 8 10:19:06 vdcud1 named[1049]: samba_dlz: subtracted rdataset QUIRINIUS.ad.fvg.lnf.it 'QUIRINIUS.ad.fvg.lnf.it.#0111200#011IN#011A#01110.5.2.127'
Jun 8 10:19:06 vdcud1 named[1049]: client 10.5.2.127#53254/key QUIRINIUS\$\@AD.FVG.LNF.IT: updating zone 'ad.fvg.lnf.it/NONE': adding an RR at 'QUIRINIUS.ad.fvg.lnf.it' A
Jun 8 10:19:06 vdcud1 named[1049]: samba_dlz: added rdataset QUIRINIUS.ad.fvg.lnf.it 'QUIRINIUS.ad.fvg.lnf.it.#0111200#011IN#011A#01110.5.2.127'
transaction happened.
So, to me:
a) seems that DNS offered by DHCP CAN not be the AD DNS, and client
find a way to register himself.
b) client use as DNS to register some ''random'' DNS, and seems to keep
them for some time...
Currently i've machine on site A that register on site C, and machine
of site B that register on site A.
AARRGGH! ;-)
--
dott. Marco Gaiarin GNUPG Key ID: 240A3D66
Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/
Polo FVG - Via della Bontà , 7 - 33078 - San Vito al Tagliamento (PN)
marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797
Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
More information about the samba
mailing list