[Samba] Dynamic DNS updates by the AD member

Rowland penny rpenny at samba.org
Thu Mar 19 09:22:23 UTC 2020

On 19/03/2020 09:06, Shyam Prasad N via samba wrote:
> Hi,
> I'm trying to get my Linux VMs to join the Microsoft AD domian.
> Although I was able to successfully join the domain and the DNS record was
> created successfully, I noticed that the DNS records were not updated when
> the IP address for the Linux member VM changed eventually. In case of a
> Windows member VM, it looks like the DNS record does get updated.
> After many google searches and going through several scattered
> documentation on the internet, it sounds like there are two ways that the
> DNS records are updated. One is where the DHCP server or the DC keeps the
> DNS records for all the domain members updated. Second is where the client
> triggers the DNS record update when there is a change.
> It looks like this is exactly what the dyndns_update feature of sssd is
> meant to be.
> https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/windows_integration_guide/sssd-dyndns
> However, I don't see a similar feature advertised for winbind.
> I did some more digging into this. Downloaded the sssd codebase (
> https://pagure.io/SSSD/sssd.git).
> It looks like a background task is triggered if this config option is set,
> which keeps checking and syncing with the dns server (see ad_dyndns_init).
> However, I don't see a similar behavior in the samba source code. I assume
> that any DNS update in an AD environment goes through net_update_dns() ->
> DoDNSUpdate() path. However, I don't see this being called by anything
> other than the "net ads ..." commands.
> Is there a reason why winbindd cannot do something similar and keep the DNS
> book keeping?
> Or am I missing something here?
> Thanks in advance for the replies.
Finally, welcome to the list ;-)

As you have found, Samba doesn't have the code to do dynamic dns updates 
(patches always welcome), so we use the dhcp server, see here for a way 
of doing this:


There have been reports that it works without Bind9


More information about the samba mailing list