[Samba] once again reverse DNS - bind_dlz

Mon May 17 19:11:25 UTC 2021

Hi everyone,
test environment based on Debian 10.9 with bind_dlz and van-belle
repositories - a lot of good work.
I've been working on it for two days - without success.

Forward lookup DNS zones are working properly. Added hosts display
correctly in RSAT DNS in forward lookup zones. Everything looks fine except
for two log entries that always show up when updating the zone

*May 17 20:21:48 ad named [453]: client @ 0x7f73400703d0 10/10/10.160 #
56059: update 'TEST.lan / IN' deniedMay 17 20:21:48 ad named [453]:
samba_dlz: canceling transaction on zone TEST.lan*
May 17 20:21:48 ad named [453]: samba_dlz: starting transaction on zone
TEST.lan
May 17 20:21:48 ad named [453]: samba_dlz: allowing update of signer = RSAT
\ $ \ @ TEST.LAN name = rsat.TEST.lan tcpaddr = 10.10.10.160 type = AAAA
key = 1336-ms-7.9 -24efa0.2b809d3a-b737-11eb-ae6f-525400a13ecb / 160/0
May 17 20:21:48 ad named [453]: samba_dlz: allowing update of signer = RSAT
\ $ \ @ TEST.LAN name = rsat.TEST.lan tcpaddr = 10.10.10.160 type = A key =
1336-ms-7.9 -24efa0.2b809d3a-b737-11eb-ae6f-525400a13ecb / 160/0
May 17 20:21:48 ad named [453]: samba_dlz: allowing update of signer = RSAT
\ $ \ @ TEST.LAN name = rsat.TEST.lan tcpaddr = 10.10.10.160 type = A key =
1336-ms-7.9 -24efa0.2b809d3a-b737-11eb-ae6f-525400a13ecb / 160/0
May 17 20:21:48 ad named [453]: client @ 0x7f73480c6ee0 10/10/10.160 #
54323 / key RSAT \ $ \ @ TEST.LAN: updating zone 'TEST.lan / NONE':
deleting rrset at 'rsat.TEST. lan 'AAAA
May 17 20:21:48 ad named [453]: client @ 0x7f73480c6ee0 10/10/10.160 #
54323 / key RSAT \ $ \ @ TEST.LAN: updating zone 'TEST.lan / NONE':
deleting rrset at 'rsat.TEST. lan 'A
May 17 20:21:48 ad named [453]: samba_dlz: subtracted rdataset
rsat.TEST.lan 'rsat.TEST.lan. # 0111200 # 011IN # 011A # 01110.10.10.160'

I added via RSAT to the reverse lookup zone according to the SAMBA4 wiki.
It does not work.

samba-tool dns zonelist 10.10.10.50 -U Administrator

  3 zone (s) found

  pszZoneName: 10.10.10.in-addr.arpa
  Flags: DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE
  ZoneType: DNS_ZONE_TYPE_PRIMARY
  Version: 50
  dwDpFlags: DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED
  pszDpFqdn: DomainDnsZones.TEST.lan

  pszZoneName: TEST.lan
  Flags: DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE
  ZoneType: DNS_ZONE_TYPE_PRIMARY
  Version: 50
  dwDpFlags: DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED
  pszDpFqdn: DomainDnsZones.TEST.lan

  pszZoneName: _msdcs.TEST.lan
  Flags: DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE
  ZoneType: DNS_ZONE_TYPE_PRIMARY
  Version: 50
  dwDpFlags: DNS_DP_AUTOCREATED DNS_DP_FOREST_DEFAULT DNS_DP_ENLISTED
  pszDpFqdn: ForestDnsZones.TEST.lan

where should I look for the problem?

Thanks,
Jan