[Samba] once again reverse DNS - bind_dlz

L.P.H. van Belle belle at bazuin.nl
Thu May 20 13:22:31 UTC 2021 

Reason this happens is most probely that the PC is not the "owner" of the dns A record and that it cant update. Or correct the rights on the dns records, or just remove the A+AAAA and PTR records and reboot the pc. 

But in the end thats all irrelevant, first this. 

Test_Lap << that name. 

https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/naming-conventions-for-computer-domain-site-ou#:~:text=DNS%20names%20can%20contain%20only,components%20of%20domain%20style%20names. 

Quote.. 

Disallowed characters
DNS host names can't contain the following characters:

underscore (_)

So thats one to fix first. 
Make sure you NETBIOS names match with what the DNS allows. 

In characters used/allowed/not allowed 
In Lenghts of hostnames and allowed  etc etc.. 
There more on that. 
Above microsoft link shows all you need to know to setup with a minimal chance on conflicts. 

There are ways to "allow" that underscore 
You can add : check-names ignore; in the bind config, but i DONT recommend it, because debugging will be harder if thats needed. 


Greetz, 

Louis



> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Rowland penny via samba
> Verzonden: donderdag 20 mei 2021 14:34
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] once again reverse DNS - bind_dlz
> 
> On 20/05/2021 13:26, Jan JMPBL via samba wrote:
> > Hi again,
> >
> > dhcp configured as per the SAMBA wiki.
> > Workstations update automatically.
> > generally - almost everything works :)
> >
> > sometimes errors occur:
> >
> > May 20 14:08:37 ad named [8041]: samba_dlz: disallowing 
> update of signer =
> > TEST_LAP \ $ \ @ TEST.LAN name = Test_Lap.test.lan type = 
> AAAA error =
> > insufficient access rights
> > May 20 14:08:37 ad named [8041]: client @ 0x7f11fc021e30 
> 10/10/10.101 #
> > 50217 / key TEST_LAP \ $ \ @ TEST.LAN: updating zone 
> 'test.lan / NONE':
> > update failed: rejected by secure update ( REFUSED)
> 
> 
> You need to stop your Windows clients from trying to update their own 
> records.
> 
> >
> > I added lines to smb.conf:
> >
> > dns update command = / usr / sbin / samba_dnsupdate --use-samba-tool
> > allow dns updates = nonsecure and secure
> >
> > unfortunately it doesn't work
> 
> 
> It wouldn't, those lines have nothing to do with your problem.
> 
> Rowland
> 
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
>

More information about the samba mailing list