[Samba] Internal DNS, update of reverse zone fails

Rowland penny rpenny at samba.org
Mon Feb 17 10:27:16 UTC 2020


On 17/02/2020 10:01, kaffeesurrogat via samba wrote:
>
> On 17/02/2020 10:24, Rowland penny via samba wrote:
>> On 17/02/2020 08:42, kaffeesurrogat wrote:
>>> Dear Rowland,
>>>
>>> Yes, I did. I'm reading a lot. Docs, books, ... Updates of the
>>> dns-server via DHCP is up and running, both for the reverse lookup zone
>>> and the forward lookup mechanism. I've set the lease time to a very low
>>> value to make shure the dhcp-script has something to do and I can see
>>> entries changing.
>>> I've tested the entries with nslookup HOSTNAME and nslookup IP. This is
>>> working for IPse managed by dhcp. If i give a static ip to my client,
>>> nslookup HOSTNAMESTATIC is working. nslookup IPSTATIC does not.
>>>
>>> That is the thing which is a bit confusing. I'm not using BIND9, i'm
>>> using the internal dns of samba.
>>>
>>> Have fun,
>>>
>>> blubberbaer
>> Sorry, concentrated on the dhcp and missed 'static' :-(
>>
>> Yes, this is how it is supposed to be, you are supposed to create the
>> static dns records in AD yourself. Also, if you are using dhcp to update
>> records, you need to stop your Windows trying to update their own records.
>>
>> Rowland
>>
>>
> Many thanks Rowland, you know I'm quite a newbie to samba and i'm
> working hard on getting it up and running .... ;-)
>
> Can I savely ignore that
>
> samba_dnsupdate --verbose --all-names
>
>
> fails with
>
> ; TSIG error with server: tsig verify failure
> Failed nsupdate: 2
> update(nsupdate): SRV
> _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.lfa.ls
> plfa1.lfa.ls 389
> Calling nsupdate for SRV
> _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.lfa.ls
> plfa1.lfa.ls 389 (add)
> Successfully obtained Kerberos ticket to DNS/plfa1.lfa.ls as PLFA1$
> Outgoing update query:
> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
> ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
> ;; UPDATE SECTION:
> _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.lfa.ls. 900 IN
> SRV 0 100 389 plfa1.lfa.ls.
>
> ; TSIG error with server: tsig verify failure
> Failed nsupdate: 2
> Failed update of 29 entries
>
> ????
>
> It looks strange for me, since I'm using INTERNAL SAMBA DNS. Why are
> there errors about TSIG ? TSIG is not supported, thus I believed
> samba_dnsupdate would not use it in the first place .
Try adding '--use-samba-tool' to the command.
>
> Using
>
> samba_upgradedns -s /smbaddc/etc/smb.conf --verbose
> --dns-backend=SAMBA_INTERNAL
>
> to fix the error doesn't help.
>
> It answers with:
>
> lpcfg_load: refreshing parameters from /smbaddc/etc/smb.conf
> Reading domain information
> lpcfg_load: refreshing parameters from /smbaddc/etc/smb.conf
> DNS accounts already exist
> No zone file /smbaddc/bind-dns/dns/LFA.LS.zone
> DNS records will be automatically created
> DNS partitions already exist
> Could not remove /smbaddc/bind-dns/dns.keytab: No such file or directory
> Could not remove /smbaddc/bind-dns/named.conf: No such file or directory
> Could not remove /smbaddc/bind-dns/named.txt: No such file or directory
> Could not delete dir /smbaddc/bind-dns/dns: No such file or directory
> Finished upgrading DNS
>
>
> Because it still looking for bind-dns, I believe the command silently
> ignores --dns-backend=SAMBA_INTERNAL.
No, it is telling you it cannot find them, because they do not exist.
>
> I guess, this is not the way it supposed to be .....
>
> Awfully sorry for all this questions.

If you don't ask, you never learn ;-)

Just one question (which you may have already answered), Your DC is 
using itself as the first nameserver in /etc/resolv.conf ?

Rowland





More information about the samba mailing list