[Samba] Samba BIND9_DLZ autoupdate PTR

Tue Jan 22 15:51:58 UTC 2019

I have set this option to yes.

I think the problem is on an other place. The DHCP server is not the DNS
Server. And I don't know how does the dhcp inform the dns server.

I a classic setup without DLZ somethink like the following is working well.

zone "example.com" in {
  ...
  include "/etc/bind/update-policy";
}

zone "30.168.192.in-addr.arpa." {
  ...
  include "/etc/bind/update-policy";
};

cat /etc/bind/update-policy
// to be included by every zone configuration
update-policy {
    grant local-ddns zonesub any;
    grant dhcpkey zonesub any;
};

How can I do this with DLZ in samba?
I have try this: https://kb.isc.org/docs/aa-00995
My named.conf looks as follow:

root at dc1:/etc/bind# cat /var/lib/samba/private/named.conf
# This DNS configuration is for BIND 9.8.0 or later with dlz_dlopen support.
#
# This file should be included in your main BIND configuration file
#
# For example with
# include "/var/lib/samba/private/named.conf";

#
# This configures dynamically loadable zones (DLZ) from AD schema
# Uncomment only single database line, depending on your BIND version
#
dlz "ad_dns" {

    # For BIND 9.10.x
    database "dlopen /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_10.so";
};

key dhcpkey {
	algorithm hmac-md5;
	secret "......";
};

controls {
    inet 127.0.0.1 allow { localhost; } keys { dhcpkey; };
};

zone "sam.domain.com." {
	type master;
	dlz ad_dns;
	include "/etc/bind/update-policy";	
};

Jan 22 16:46:14 dc1 named[12777]: generating session key for dynamic DNS
Jan 22 16:46:14 dc1 named[12777]: sizing zone task pool based on 8 zones
Jan 22 16:46:14 dc1 named[12777]: Loading 'ad_dns' using driver dlopen
Jan 22 16:46:14 dc1 named[12777]: samba_dlz: started for DN
DC=sam,DC=domain,DC=com
Jan 22 16:46:14 dc1 named[12777]: samba_dlz: starting configure
Jan 22 16:46:14 dc1 named[12777]: samba_dlz: configured writeable zone
'30.168.192.in-addr.arpa'
Jan 22 16:46:14 dc1 named[12777]: samba_dlz: Failed to configure zone
'sam.domain.com'
Jan 22 16:46:14 dc1 named[12777]: loading configuration: already exists
Jan 22 16:46:14 dc1 named[12777]: exiting (due to fatal error)

root at dc1:/etc/bind# named -V
BIND 9.10.3-P4-Debian <id:ebd72b3>
built by make with '--prefix=/usr' '--mandir=/usr/share/man'
'--libdir=/usr/lib/x86_64-linux-gnu' '--infodir=/usr/share/info'
'--sysconfdir=/etc/bind' '--with-python=python3' '--localstatedir=/'
'--enable-threads' '--enable-largefile' '--with-libtool'
'--enable-shared' '--enable-static' '--with-gost=no'
'--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld'
'--with-geoip=/usr' '--with-atf=no' '--enable-ipv6' '--enable-rrl'
'--enable-filter-aaaa' '--enable-native-pkcs11'
'--with-pkcs11=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so'
'--with-randomdev=/dev/urandom' 'CFLAGS=-g -O2
-fdebug-prefix-map=/build/bind9-zVMG3I/bind9-9.10.3.dfsg.P4=.
-fstack-protector-strong -Wformat -Werror=format-security
-fno-strict-aliasing -fno-delete-null-pointer-checks -DNO_VERSION_DATE
-DDIG_SIGCHASE' 'LDFLAGS=-Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-Wdate-time
-D_FORTIFY_SOURCE=2'
compiled by GCC 6.3.0 20170516
compiled with OpenSSL version: OpenSSL 1.0.2l  25 May 2017
linked to OpenSSL version: OpenSSL 1.0.2q  20 Nov 2018
compiled with libxml2 version: 2.9.4
linked to libxml2 version: 20904
root at dc1:/etc/bind#

Am 22.01.19 um 14:35 schrieb L.P.H. van Belle via samba:
> Set auth-nxdomain yes; 