[Samba] Odd behavior with "allow dns updates" (+dhcp_dyndns.sh)
Rowland Penny
rpenny at samba.org
Wed Jan 23 20:26:02 UTC 2019
On Wed, 23 Jan 2019 12:06:41 -0800
Kris Lou via samba <samba at lists.samba.org> wrote:
> >
> >
> >
> >
> > > All,
> > >
> > > I'm hoping somebody could help explain this: with the Wiki
> > > dhcp_dyndns.sh script and "allow dns updates = secure and
> > > nonsecure", I have the following log snippet for a single
> > > machine:
> >
> > The two have absolutely nothing to do with each other.
> >
> >
> OK, now I'm reading that "allow dns updates" only applies to the
> Internal DNS, not Bind_DLZ.
>
>
> > You have identified the problem yourself:
> >
> > From what I can tell, the DHCP update script is running
> > successfully and then the client is attempting to update its own
> > DNS immediately afterwards.
> >
> > If you are using DHCP to update the dns records, you also need to
> > stop your clients from trying to update their own records,
> > something the wiki page warns about, but not obvious enough. I will
> > fix this.
>
>
> I guess that I want to have my cake and eat it too. If I can't get
> it to work, then that kinda makes my decision for me.
It does work (well it it has for myself, for the last 6 years), but you
need to stop your clients from updating their own records. If you are
using the script, there is no reason for the clients to update their
own records.
>
> So let me see if I understand the execution chain correctly:
> * Client (DHCP request) -> DHCPd receive/give lease -> DHCPd
> authenticates against AD with keytab, then receives permission (as
> DNSAdmin) to execute nsupdate
>
> What does the above chain look like without DHCP-driven dynamic
> updates? On "Standard" client update requests?
* Client (DHCP request) -> DHCPd receive/give lease -> Client updates
own records in AD
That's in theory, but sometimes it doesn't and, if it is a Unix
client, it never does.
Rowland
More information about the samba
mailing list