[Samba] Internal DNS, update of reverse zone fails

kaffeesurrogat kaffeesurrogat at posteo.de
Sun Feb 16 18:25:23 UTC 2020 

Dear list,

one more problem.


I've setup my host running a samba addc controller. Samba version is
samba-4.11.6-r2. I've joined two win10 clients to my domain. One client
has a static ip, the other one was configured to ask my dhcpd-daemon for
an ip. Following the book from stefan kania, I modified my dhcpd.conf to
execute some scripts I've found on ArchWiki to add my win10-dynip-client
to the internal dns server (A,PTR,...) of my samba-addc. It took quite a
while but it works.

My win10-static-client-name is resolved by the internal dns server,
verified with nslookup SOMENAME. Unfortunately the win10-static-client
did not add an entry to the reverse lookup zone, when I added it to the
domain.

Is there a reason why ? I guess it should not be like this.


I've followed

https://wiki.samba.org/index.php/Testing_Dynamic_DNS_Updates

for testing and

samba_dnsupdate --verbose --all-names

gives:

#############################################
; TSIG error with server: tsig verify failure
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.lfa.ls. 900 IN
SRV 0 100 389 plfa1.lfa.ls.

; TSIG error with server: tsig verify failure

Failed nsupdate: 2
update(nsupdate): A ForestDnsZones.lfa.ls 10.20.30.1
Calling nsupdate for A ForestDnsZones.lfa.ls 10.20.30.1 (add)
Successfully obtained Kerberos ticket to DNS/plfa1.lfa.ls as PLFA1$
Failed nsupdate: 2
update(nsupdate): SRV _ldap._tcp.ForestDnsZones.lfa.ls plfa1.lfa.ls 389
Calling nsupdate for SRV _ldap._tcp.ForestDnsZones.lfa.ls plfa1.lfa.ls
389 (add)
Successfully obtained Kerberos ticket to DNS/plfa1.lfa.ls as PLFA1$
Failed nsupdate: 2
update(nsupdate): SRV
_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.lfa.ls
plfa1.lfa.ls 389
Calling nsupdate for SRV
_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.lfa.ls
plfa1.lfa.ls 389 (add)
Successfully obtained Kerberos ticket to DNS/plfa1.lfa.ls as PLFA1$
Failed nsupdate: 2
Failed update of 29 entries
##########################################################

The wiki  (https://wiki.samba.org/index.php/Samba_Internal_DNS_Back_End)
says that the internal dns of samba does not support shared-key
transaction signature (TSIG)

To be honest, I don't know if TSIG is related to my problem.


Would be really happy about an answer .... and ....

many thanks,

blubberbaer

More information about the samba mailing list