[Samba] Invalid PTR record in reverse lookup zone

andi andi at bastelmap.de
Sun Nov 10 10:49:38 UTC 2019


I have configured an samba AD DC for use with 
some windows and linux machines. The linux machines use
samba for user auth and also as kerberos kdc for 
nfs mounts. This works fine so far but after a while
the user can not access the nfs shares anymore.

I tried to analyze the problem and finally found, that
the obtaining a ticket for nfs service failes in this 
case because of a wrong spn: nfs/servername at ... instead of
nfs/fqdnservername at ... is used by the clients to get the 

I tracked the problem down to an invalid PTR record for
the DC in the reverse lookup zone. The ptr record
had only the hostname but not the fqdn set.

I manually fixed this using samba-tool dns add/delete and nfs 
mount worked again. Unfortunately after a while the record
gets changed back again. I was unable to figure out how this 
happens. It seems that the change occurs while 'samba_dnsupdate'
tool is running but I didn't found were in 'samba_dnsupdate'
the PTR record is set. I didn't found a suitable log
setting in smb.conf which would help me to find the origin
of the dns change (loglevel 12 for dns produces lots of output
but nothing related to setting PTR records)

samba version is 4.9.5-Debian

Any ideas/help?


gnuPG keyid: 8C2BAF51
fingerprint: 28EE 8438 E688 D992 3661 C753 90B3 BAAA 8C2B AF51
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba/attachments/20191110/f97693a9/signature.sig>

More information about the samba mailing list