[Samba] Configure DHCP to update DNS records with BIND9

L.P.H. van Belle belle at bazuin.nl
Tue Aug 13 14:25:58 UTC 2019 

Hai, 

Can you post your bind9 config also.
Might be handy because i think you missing something there. 

For example. 
named.conf.options

options {
.....

        // https://wiki.samba.org/index.php/Dns-backend_bind
        // DNS dynamic updates via Kerberos (optional, but recommended)
        //tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";	// before samba 4.9 
        tkey-gssapi-keytab "/var/lib/samba/bind-dns/dns.keytab";  // after samba 4.9 or an upgraded samba as of 4.9.

};

include "/etc/bind/rndc.key";
    controls {
     inet 127.0.0.1 allow { localhost; } keys { rndc-key;};
    //inet ::1 allow { localhost; } keys { rndc-key;};
};


Greetz, 

Louis



> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Joerg via samba
> Verzonden: dinsdag 13 augustus 2019 15:50
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] Configure DHCP to update DNS records with BIND9
> 
> Hello everyone,
> 
>  
> 
> I have configured my Samba as AD with BIND9_DLZ as backend 
> and trying to
> configure the ISC-DHCP-server to add the leases to BIND_DLZ
> 
> As described in the samba wiki:
> https://wiki.samba.org/index.php/Configure_DHCP_to_update_DNS_
> records_with_B
> IND9
> 
>  
> 
> Everything is working fine so far, but I get an error message 
> as shown below
> in syslog:
> 
>  
> 
> Aug 13 14:32:28 SAMBA dhcpd[4635]: DHCPDISCOVER from 60:6d:3c:09:6a:52
> (amazon-b550a4de2) via home.lan
> 
> Aug 13 14:32:29 SAMBA dhcpd[4635]: DHCPOFFER on 192.168.0.104 to
> 60:6d:3c:09:6a:52 (amazon-b550a4de2) via home.lan
> 
> Aug 13 14:32:29 SAMBA dhcpd[4635]: Commit: IP: 192.168.0.104 DHCID:
> 60:6d:3c:09:6a:52 Name: amazon-b550a4de2
> 
> Aug 13 14:32:29 SAMBA dhcpd[4635]: execute_statement argv[0] =
> /usr/local/bin/dhcp-dyndns.sh
> 
> Aug 13 14:32:29 SAMBA dhcpd[4635]: execute_statement argv[1] = add
> 
> Aug 13 14:32:29 SAMBA dhcpd[4635]: execute_statement argv[2] 
> = 192.168.0.104
> 
> Aug 13 14:32:29 SAMBA dhcpd[4635]: execute_statement argv[3] =
> 60:6d:3c:09:6a:52
> 
> Aug 13 14:32:29 SAMBA dhcpd[4635]: execute_statement argv[4] =
> amazon-b550a4de2
> 
> Aug 13 14:32:29 SAMBA named[11842]: samba_dlz: allowing update of
> signer=dhcpduser\@HOME.LAN name=amazon-b550a4de2.HOME.LAN 
> tcpaddr=127.0.0.1
> type=A key=365897329.sig-samba.home.lan/160/0
> 
> Aug 13 14:32:29 SAMBA named[11842]: samba_dlz: allowing update of
> signer=dhcpduser\@HOME.LAN name=amazon-b550a4de2.HOME.LAN 
> tcpaddr=127.0.0.1
> type=A key=365897329.sig-samba.home.lan/160/0
> 
> Aug 13 14:32:29 SAMBA named[11842]: client @0x7f118109b250
> 127.0.0.1#47097/key dhcpduser\@HOME.LAN: updating zone 
> 'home.lan/NONE':
> deleting rrset at 'amazon-b550a4de2.HOME.LAN' A
> 
> Aug 13 14:32:29 SAMBA named[11842]: client @0x7f118109b250
> 127.0.0.1#47097/key dhcpduser\@HOME.LAN: updating zone 
> 'home.lan/NONE':
> adding an RR at 'amazon-b550a4de2.HOME.LAN' A 192.168.0.104
> 
> Aug 13 14:32:29 SAMBA named[11842]: client @0x7f118104d710
> 127.0.0.1#54253/key dhcpduser\@HOME.LAN: signer 
> "dhcpduser\@HOME.LAN" denied
> 
> Aug 13 14:32:29 SAMBA named[11842]: client @0x7f118104d710
> 127.0.0.1#54253/key dhcpduser\@HOME.LAN: update 
> '0.168.192.in-addr.arpa/IN'
> denied
> 
> Aug 13 14:32:29 SAMBA dhcpd: DHCP-DNS Update failed: 02
> 
>  
> 
> This is my dhcpd.conf:
> 
>  
> 
> ddns-update-style none;
> 
> update-static-leases on;
> 
> allow unknown-clients;
> 
> use-host-decl-names on;
> 
> default-lease-time 86400; #24 hours
> 
> max-lease-time 86400;
> 
> supersede domain-name "home.lan";
> 
> prepend domain-name-servers 127.0.0.1;
> 
> authoritative;
> 
> log-facility local7;
> 
>  
> 
> subnet 192.168.0.0 netmask 255.255.255.0 {
> 
>                 option domain-name "HOME.LAN";
> 
>                 option domain-name-servers 192.168.0.1;
> 
>                 option subnet-mask 255.255.255.0;
> 
>                 option routers 192.168.0.254;
> 
>                 option netbios-name-servers 192.168.0.1;
> 
>                 option ntp-servers 192.168.0.1;
> 
>                 option broadcast-address 192.168.0.255;
> 
>                 option time-offset 0;
> 
>                 ddns-domainname "HOME.LAN. <http://HOME.LAN.> ";
> 
>                 ddns-rev-domainname "0.168.192.in-addr.arpa.";
> 
>                 option ntp-servers 192.168.0.1;
> 
>                 pool {
> 
>                         range 192.168.0.100 192.168.0.200;
> 
>                 }
> 
> }
> 
>  
> 
> on commit {
> 
> set noname = concat("dhcp-", binary-to-ascii(10, 8, "-", 
> leased-address));
> 
> set ClientIP = binary-to-ascii(10, 8, ".", leased-address);
> 
> set ClientDHCID = concat (
> 
> suffix (concat ("0", binary-to-ascii (16, 8, "",
> substring(hardware,1,1))),2), ":",
> 
> suffix (concat ("0", binary-to-ascii (16, 8, "",
> substring(hardware,2,1))),2), ":",
> 
> suffix (concat ("0", binary-to-ascii (16, 8, "",
> substring(hardware,3,1))),2), ":",
> 
> suffix (concat ("0", binary-to-ascii (16, 8, "",
> substring(hardware,4,1))),2), ":",
> 
> suffix (concat ("0", binary-to-ascii (16, 8, "",
> substring(hardware,5,1))),2), ":",
> 
> suffix (concat ("0", binary-to-ascii (16, 8, "",
> substring(hardware,6,1))),2)
> 
> );
> 
> set ClientName = pick-first-value(option host-name, 
> config-option-host-name,
> client-name, noname);
> 
> log(concat("Commit: IP: ", ClientIP, " DHCID: ", ClientDHCID, 
> " Name: ",
> ClientName));
> 
> execute("/usr/local/bin/dhcp-dyndns.sh", "add", ClientIP, ClientDHCID,
> ClientName);
> 
> }
> 
>  
> 
> on release {
> 
> set ClientIP = binary-to-ascii(10, 8, ".", leased-address);
> 
> set ClientDHCID = concat (
> 
> suffix (concat ("0", binary-to-ascii (16, 8, "",
> substring(hardware,1,1))),2), ":",
> 
> suffix (concat ("0", binary-to-ascii (16, 8, "",
> substring(hardware,2,1))),2), ":",
> 
> suffix (concat ("0", binary-to-ascii (16, 8, "",
> substring(hardware,3,1))),2), ":",
> 
> suffix (concat ("0", binary-to-ascii (16, 8, "",
> substring(hardware,4,1))),2), ":",
> 
> suffix (concat ("0", binary-to-ascii (16, 8, "",
> substring(hardware,5,1))),2), ":",
> 
> suffix (concat ("0", binary-to-ascii (16, 8, "",
> substring(hardware,6,1))),2)
> 
> );
> 
> log(concat("Release: IP: ", ClientIP));
> 
> execute("/usr/local/bin/dhcp-dyndns.sh", "delete", ClientIP, 
> ClientDHCID);
> 
> }
> 
>  
> 
> on expiry {
> 
> set ClientIP = binary-to-ascii(10, 8, ".", leased-address);
> 
> # cannot get a ClientMac here, apparently this only works 
> when actually
> receiving a packet
> 
> log(concat("Expired: IP: ", ClientIP));
> 
> # cannot get a ClientName here, for some reason that always fails
> 
> execute("/usr/local/bin/dhcp-dyndns.sh", "delete", ClientIP, "", "0");
> 
> }
> 
>  
> 
> Hostname resolution is working for all devices after the IP 
> is provided by
> the dhcp server.
> 
> Please could you help me to find out what is wrong or why I'm 
> getting this
> error and where it is comming from.???
> 
> Any help and suggestion is much appreciated. thanks you in advance.
> 
>  
> 
> Best regards,
> 
> Joerg
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
>

More information about the samba mailing list