[Samba] DNS updates statmenent
Anders Östling
anders.ostling at gmail.com
Mon May 24 09:05:09 UTC 2021
A follow-up question on that. Is the tool samba_dnsupdate supposed to
work on the internal DNS server, or just with BIND9?
Joining a new member server works, but I get the DNS update error on
the member server.
Went to the DC and ran
sudo samba_dnsupdate --verbose --all-names
29 DNS updates and 0 DNS deletes needed
Successfully obtained Kerberos ticket to
DNS/hp-ad1.hoganas-platslagaren.se as HP-AD1$
update(nsupdate): A hp-ad1.hoganas-platslagaren.se 10.0.2.50
Calling nsupdate for A hp-ad1.hoganas-platslagaren.se 10.0.2.50 (add)
Successfully obtained Kerberos ticket to
DNS/hp-ad1.hoganas-platslagaren.se as HP-AD1$
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
hp-ad1.hoganas-platslagaren.se. 900 IN A 10.0.2.50
; TSIG error with server: tsig verify failure
Failed nsupdate: 2
update(nsupdate): CNAME
f6b8a5ba-f04a-4a97-a96e-09e769abe9a7._msdcs.hoganas-platslagaren.se
hp-ad1.hoganas-platslagaren.se
Calling nsupdate for CNAME
f6b8a5ba-f04a-4a97-a96e-09e769abe9a7._msdcs.hoganas-platslagaren.se
hp-ad1.hoganas-platslagaren.se (add)
Successfully obtained Kerberos ticket to
DNS/hp-ad1.hoganas-platslagaren.se as HP-AD1$
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
f6b8a5ba-f04a-4a97-a96e-09e769abe9a7._msdcs.hoganas-platslagaren.se.
900 IN CNAME hp-ad1.hoganas-platslagaren.se.
; TSIG error with server: tsig verify failure
Failed nsupdate: 2
All 29 updates failed with the same error messages. Normal name
resolution with either nslookup or samba-tool dns works as it should
though.
/Anders
On Mon, May 24, 2021 at 9:18 AM Anders Östling <anders.ostling at gmail.com> wrote:
>
> Ok, thanks for the clarification Andrew.
>
> /Anders
>
> On Mon, May 24, 2021 at 8:33 AM Andrew Bartlett <abartlet at samba.org> wrote:
> >
> > On Mon, 2021-05-24 at 08:24 +0200, Anders Östling via samba wrote:
> > > Hi
> > >
> > > I have added the clause "dns allow updates = nonsecure" in the
> > > smb.config file and restarted the samba-ad-dc server. But looking at
> > > the zone, it still says "DNS_ZONE_UPDATE_SECURE". Is this expected or
> > > a glitch (DOM is substituted for the actual domain name)?
> >
> > I don't think the zone option was well understood in the early days of
> > the internal DNS server, so the two are unconnected. Only the smb.conf
> > setting is honoured.
> >
> > Andrew Bartlett
> >
> > --
> > Andrew Bartlett (he/him) https://samba.org/~abartlet/
> > Samba Team Member (since 2001) https://samba.org
> > Samba Team Lead, Catalyst IT https://catalyst.net.nz/services/samba
> >
> > Samba Development and Support, Catalyst IT - Expert Open Source
> > Solutions
> >
>
>
> --
> ------ -------------------- 8 ------------------ ------
> "A wise man once told me - Any idiot can do backups, but it takes a
> genius to successfully restore"
>
> Anders Östling
> +46 768 716 165 (Mobil)
> +46 431 45 56 01 (Hem)
--
------ -------------------- 8 ------------------ ------
"A wise man once told me - Any idiot can do backups, but it takes a
genius to successfully restore"
Anders Östling
+46 768 716 165 (Mobil)
+46 431 45 56 01 (Hem)
More information about the samba
mailing list