[Samba] Internal DNS, update of reverse zone fails
kaffeesurrogat
kaffeesurrogat at posteo.de
Sun Feb 16 18:25:23 UTC 2020
Dear list,
one more problem.
I've setup my host running a samba addc controller. Samba version is
samba-4.11.6-r2. I've joined two win10 clients to my domain. One client
has a static ip, the other one was configured to ask my dhcpd-daemon for
an ip. Following the book from stefan kania, I modified my dhcpd.conf to
execute some scripts I've found on ArchWiki to add my win10-dynip-client
to the internal dns server (A,PTR,...) of my samba-addc. It took quite a
while but it works.
My win10-static-client-name is resolved by the internal dns server,
verified with nslookup SOMENAME. Unfortunately the win10-static-client
did not add an entry to the reverse lookup zone, when I added it to the
domain.
Is there a reason why ? I guess it should not be like this.
I've followed
https://wiki.samba.org/index.php/Testing_Dynamic_DNS_Updates
for testing and
samba_dnsupdate --verbose --all-names
gives:
#############################################
; TSIG error with server: tsig verify failure
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.lfa.ls. 900 IN
SRV 0 100 389 plfa1.lfa.ls.
; TSIG error with server: tsig verify failure
Failed nsupdate: 2
update(nsupdate): A ForestDnsZones.lfa.ls 10.20.30.1
Calling nsupdate for A ForestDnsZones.lfa.ls 10.20.30.1 (add)
Successfully obtained Kerberos ticket to DNS/plfa1.lfa.ls as PLFA1$
Failed nsupdate: 2
update(nsupdate): SRV _ldap._tcp.ForestDnsZones.lfa.ls plfa1.lfa.ls 389
Calling nsupdate for SRV _ldap._tcp.ForestDnsZones.lfa.ls plfa1.lfa.ls
389 (add)
Successfully obtained Kerberos ticket to DNS/plfa1.lfa.ls as PLFA1$
Failed nsupdate: 2
update(nsupdate): SRV
_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.lfa.ls
plfa1.lfa.ls 389
Calling nsupdate for SRV
_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.lfa.ls
plfa1.lfa.ls 389 (add)
Successfully obtained Kerberos ticket to DNS/plfa1.lfa.ls as PLFA1$
Failed nsupdate: 2
Failed update of 29 entries
##########################################################
The wiki (https://wiki.samba.org/index.php/Samba_Internal_DNS_Back_End)
says that the internal dns of samba does not support shared-key
transaction signature (TSIG)
To be honest, I don't know if TSIG is related to my problem.
Would be really happy about an answer .... and ....
many thanks,
blubberbaer
More information about the samba
mailing list