[Samba] Dynamic Updates to Bind DLZ through DHCP have repeated errors in syslog

Rowland penny rpenny at samba.org
Fri Jan 29 19:22:17 UTC 2021 

On 29/01/2021 19:12, ralph strebbing wrote:
> On Fri, Jan 29, 2021 at 1:52 PM Rowland penny via samba
> <samba at lists.samba.org> wrote:
>> On 29/01/2021 18:06, ralph strebbing wrote:
>>> These records specifically are generated by the script from DHCP.
>>> Looking at what it's passing (in the previous log file), I think the
>>> issue is stemming from the script grabbing and passing the MAC, but
>>> not the hostname, which is what Samba-tool uses.
>>
>> If you are adding a record, dhcp should be passing the hostname:
>>
>> Jan 11 15:08:50 dc4 dhcpd[2228]: Commit: IP: 192.168.0.73 DHCID:
>> cc:4e:ec:1f:48:ef Name: HUMAX
>> Jan 11 15:08:50 dc4 dhcpd[2228]: execute_statement argv[0] =
>> /usr/local/bin/dhcp-dyndns.sh
>> Jan 11 15:08:50 dc4 dhcpd[2228]: execute_statement argv[1] = add
>> Jan 11 15:08:50 dc4 dhcpd[2228]: execute_statement argv[2] = 192.168.0.73
>> Jan 11 15:08:50 dc4 dhcpd[2228]: execute_statement argv[3] =
>> cc:4e:ec:1f:48:ef
>> Jan 11 15:08:50 dc4 dhcpd[2228]: execute_statement argv[4] = HUMAX
>>
>> If it isn't, you need to find out why, the script depends on receiving
>> the required data.
>>
>> If you are deleting a record, then the script just requires the IP, the
>> hostname will be found by this:
>>
>> # Exit if no computer name supplied, unless the action is 'delete'
>> if [ -z "${name}" ]; then
>>       if [ "${action}" = "delete" ]; then
>>           name=$(host -t PTR "${ip}" | awk '{print $NF}' | awk -F '.'
>> '{print $1}')
>>       else
>>           usage
>>           exit 1;
>>       fi
>> fi
>>
>> That piece of code should obtain the short hostname from the IP, unless
>> the record does not exist or the wrong data is being returned by the
>> 'host' command.
>>
> Clarifying: adding the record does contain the hostname, it adds it
> successfully.
>
>>> I just tested it manually, and deleting a record in DNS took the following args:
>>> samba-tool dns delete <server> <zone> <name> <Record Type> <record data>
>>>
>>> The example I used and succeeded on manually was: samba-tool dns
>>> delete dc1 domain.com sys-rstrebbing A 10.60.2.35 (My laptop). It ran
>>> fine.
>>> If I understand the logs correctly from your script, this is what it's passing:
>>> samba-tool dns delete dc1 domain.com 0 A 10.60.2.11 <---Example based
>>> on args given in the log file.
>>
>> No, my script isn't 'passing' 10.60.2.11 , it is what is being passed to
>> it by dhcp
>>
>>> So would it even be possible to grab the hostname on an expiring
>>> lease? Looking over the wiki again I noticed this comment on the code
>>> in dhcpd.conf
>>> In the on expiry block:
>>> # cannot get a ClientMac here, apparently this only works when
>>> actually receiving a packet
>>> and
>>> # cannot get a ClientName here, for some reason that always fails
>>
>> This is an artefact of dhcp, the bash script can only use what is passed
>> to it.
>>
>>
>>> By chance has the second one changed? Because otherwise samba doesn't
>>> seem to allow removing the record since the name of the record
>>> (ClientName) almost seems like it's a critical piece of this. Or if
>>> anyone else has come to another solution to get the information
>>> another way while the script runs.
>>
>> The different IP has something to do with your setup and is not
>> something I have ever seen, I cannot fix this, you need to find out why
>> the IP changed.
>>
> So that was on me. It's the correct IP, I just went into the log and
> pulled another instance on my last reply, apologies for the confusion.
> However you've just given me an idea as to what's happening to cause
> the failure on delete.
> Remember how I mentioned that even though the record was being added
> in DNS, the script said it failed?
>
> It's adding the forward A record, but it's failing to create the PTR
> record, hence why when it does the PTR lookup on the delete function
> it just has a 0 in the argument.
>
> So the issue is stemming from it not adding the PTR record on add. The
> thing is, aside from the message stating it failed, there is no other
> indication or other logging to determine what went wrong exactly while
> trying to execute that command.
>
> Ralph


Have you created the reversezone(s) in AD ?

Rowland

More information about the samba mailing list