[Samba] Internal DNS, update of reverse zone fails

kaffeesurrogat kaffeesurrogat at posteo.de
Mon Feb 17 10:01:31 UTC 2020



On 17/02/2020 10:24, Rowland penny via samba wrote:
> On 17/02/2020 08:42, kaffeesurrogat wrote:
>> Dear Rowland,
>>
>> Yes, I did. I'm reading a lot. Docs, books, ... Updates of the
>> dns-server via DHCP is up and running, both for the reverse lookup zone
>> and the forward lookup mechanism. I've set the lease time to a very low
>> value to make shure the dhcp-script has something to do and I can see
>> entries changing.
>> I've tested the entries with nslookup HOSTNAME and nslookup IP. This is
>> working for IPse managed by dhcp. If i give a static ip to my client,
>> nslookup HOSTNAMESTATIC is working. nslookup IPSTATIC does not.
>>
>> That is the thing which is a bit confusing. I'm not using BIND9, i'm
>> using the internal dns of samba.
>>
>> Have fun,
>>
>> blubberbaer
> 
> Sorry, concentrated on the dhcp and missed 'static' :-(
> 
> Yes, this is how it is supposed to be, you are supposed to create the
> static dns records in AD yourself. Also, if you are using dhcp to update
> records, you need to stop your Windows trying to update their own records.
> 
> Rowland
> 
> 

Many thanks Rowland, you know I'm quite a newbie to samba and i'm
working hard on getting it up and running .... ;-)

Can I savely ignore that

samba_dnsupdate --verbose --all-names


fails with

; TSIG error with server: tsig verify failure
Failed nsupdate: 2
update(nsupdate): SRV
_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.lfa.ls
plfa1.lfa.ls 389
Calling nsupdate for SRV
_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.lfa.ls
plfa1.lfa.ls 389 (add)
Successfully obtained Kerberos ticket to DNS/plfa1.lfa.ls as PLFA1$
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.lfa.ls. 900 IN
SRV 0 100 389 plfa1.lfa.ls.

; TSIG error with server: tsig verify failure
Failed nsupdate: 2
Failed update of 29 entries

????

It looks strange for me, since I'm using INTERNAL SAMBA DNS. Why are
there errors about TSIG ? TSIG is not supported, thus I believed
samba_dnsupdate would not use it in the first place .

Using

samba_upgradedns -s /smbaddc/etc/smb.conf --verbose
--dns-backend=SAMBA_INTERNAL

to fix the error doesn't help.

It answers with:

lpcfg_load: refreshing parameters from /smbaddc/etc/smb.conf
Reading domain information
lpcfg_load: refreshing parameters from /smbaddc/etc/smb.conf
DNS accounts already exist
No zone file /smbaddc/bind-dns/dns/LFA.LS.zone
DNS records will be automatically created
DNS partitions already exist
Could not remove /smbaddc/bind-dns/dns.keytab: No such file or directory
Could not remove /smbaddc/bind-dns/named.conf: No such file or directory
Could not remove /smbaddc/bind-dns/named.txt: No such file or directory
Could not delete dir /smbaddc/bind-dns/dns: No such file or directory
Finished upgrading DNS


Because it still looking for bind-dns, I believe the command silently
ignores --dns-backend=SAMBA_INTERNAL.

I guess, this is not the way it supposed to be .....

Awfully sorry for all this questions.


Have fun,

blubberbaer



More information about the samba mailing list