[Samba] Reverse DNS

Christian Naumer cn at brain-biotech.de
Thu Jun 27 08:59:26 UTC 2019 

How does your

/var/lib/samba/private/named.conf.update.static
/var/lib/samba/private/named.conf.update

Look like?

Path may vary depending how you installed samba.


Am 27.06.19 um 10:54 schrieb L.P.H. van Belle via samba:
> Hai, 
> 
> A few things to add/check. 
> 
> For that test with that pc: this part from the previous mail. 
> Jun 27 10:55:07 server5-ad dhcpd[2525]: Release: IP: 192.168.14.198
> Jun 27 10:55:07 server5-ad dhcpd[2525]: execute_statement argv[0] = /usr/local/bin/dhcp-dyndns.sh
> Jun 27 10:55:07 server5-ad dhcpd[2525]: execute_statement argv[1] = delete
> Jun 27 10:55:07 server5-ad dhcpd[2525]: execute_statement argv[2] = 192.168.14.198
> Jun 27 10:55:07 server5-ad dhcpd[2525]: execute_statement argv[3] = 00:50:56:9b:37:9b
> Jun 27 10:55:07 server5-ad sh[2525]: /bin/bash: /usr/local/bin/dhcp-dyndns.sh: Permission denied
> Jun 27 10:55:07 server5-ad dhcpd[2525]: execute: /usr/local/bin/dhcp-dyndns.sh exit status 32256
> Jun 27 10:55:07 server5-ad kernel: [ 1396.188371] audit: type=1400 audit(1561596907.856:94): apparmor="DENIED" operation="open" profile="/usr/sbin/dhcpd" name="/usr/local/bin/dhcp-dyndns.sh" pid=2557 comm="dhcp-dyndns.sh" requested_mask="r" denied_mask="r" fsuid=112 ouid=0
> Jun 27 10:55:07 server5-ad dhcpd[2525]: DHCPRELEASE of 192.168.14.198 from 00:50:56:9b:37:9b (WIN7VM01) via ens160 (found)
> Jun 27 10:55:07 server5-ad dhcpd[2525]: Removed reverse map on 198.14.168.192.in-addr.arpa.
> Jun 27 10:55:09 server5-ad named[1097]: samba_dlz: starting transaction on zone lin.group
> Jun 27 10:55:09 server5-ad named[1097]: client @0x7efc58052610 192.168.14.198#50682: update 'lin.group/IN' denied
> 
> The apparmer profile, you added?  : /usr/local/bin/dhcp-dyndns.sh r  ? Or rx ? 
> Can you show what you added? And where exact. 
> 
> Now can you check the following.
> Open the windows DNS mannager, and goto the needed forward zone where WIN7VM01 exist. 
> Check its rights on that object? Do you see "WIN7VM01$(ADDOM\WIN7VM01$) with full control? 
> And do the same for the reverse zone. Do you see on the reversi IP also "WIN7VM01$(ADDOM\WIN7VM01$) with full control? 
> If that full control is missing, add it. 
> 
> Then reboot the pc, wait/login and check again. 
> Then i also suggest, you check the output of ipconfig /all of the windows client with the dhcp settings. 
> To make sure this is all correctly set. 
> 
> As in check if that matches with the needed settings for DDNS updates. 
> 
> The client will then request that the server update the PTR record by using the FQDN. 
> The DHCP server is configured to register DNS records according to the client's request, the client registers the following records: 
> The PTR record.
> The A record that uses the name that is a concatenation of the computer name and the primary DNS suffix.
> The A record that uses the name that is a concatenation of the computer name and the connection-specific DNS suffix.
> 
> And on the client check if this is set correctly.  
> Then goto Control Panel, double-click Network Connections.
> Right-click the connection that you want to configure, and then click Properties. 
> Click Internet Protocol (TCP/IP), click Properties, and then click Advanced.
> Click DNS. 
> Is "Register this connection's address in DNS " checked? 
> 
> 
> Greetz, 
> 
> Louis
> 
> 
>> -----Oorspronkelijk bericht-----
>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
>> Rowland penny via samba
>> Verzonden: donderdag 27 juni 2019 8:50
>> Aan: sambalist
>> Onderwerp: Re: [Samba] Reverse DNS
>>
>> On 27/06/2019 02:06, Praveen Ghimire wrote:
>>> Hi Rowland,
>>>
>>> Just as a test, I installed the dhcp server in the DC ( in 
>> the lab). Then configured the dhcp as per the wiki
>>>
>>> This is what I see. And again the forward zone update 
>> despite the errors but the reverse doesn't
>>>
>> I think you will find that the DHCP server isn't updating 
>> anything, it 
>> is your clients updating their own records, but they are not setup to 
>> update their reverse record (I believe this is the default)
>>
>> Rowland
>>
>>
>>
>> -- 
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>>
> 
> 

-- 
Dr. Christian Naumer
Research Scientist
Plattform-Koordinator Bioprozesstechnik

B.R.A.I.N Aktiengesellschaft
Darmstaedter Str. 34-36, D-64673 Zwingenberg
e-mail cn at brain-biotech.de, homepage www.brain-biotech.de
fon +49-6251-9331-30  /   fax +49-6251-9331-11

Sitz der Gesellschaft: Zwingenberg/Bergstrasse
Registergericht AG Darmstadt, HRB 24758
Vorstand: Dr. Juergen Eck (Vorsitzender), Manfred Bender,
Ludger Roedder
Aufsichtsratsvorsitzender: Dr. Georg Kellinghusen

More information about the samba mailing list