[Samba] samba_dlz: add another A record for domain (@ record)

Dario Lesca d.lesca at solinos.it
Sat Mar 12 14:19:00 UTC 2022 

On my network the record A for @ (domain.loc) point to another server
(192.168.1.20), different from my Samba DC (192.168.1.100), the name
server of my lan.

Then on DC I have add the record A of www and also the A record for the
domain.loc (@) to web server with this command:

sudo samba-tool dns add s-addc.domain.loc domain.loc www A
'192.168.1.20'
sudo samba-tool dns add s-addc.domain.loc domain.loc @ A '192.168.1.20'

Then I remove the original and wrong record A for @ with:

sudo samba-tool dns delete s-addc.domain.loc domain.loc @ A 192.168.1.100

But after few minutes the record A for @ with ADDC IP is readded.

mar 12 09:57:38 s-addc.domain.loc named[3365517]: samba_dlz: starting transaction on zone domain.loc
mar 12 09:57:38 s-addc.domain.loc named[3365517]: samba_dlz: allowing update of signer=S-ADDC\$\@DOMAIN.LOC name=domain.loc tcpaddr=192.168.1.100 type=A key=1136067071.sig-s-addc.domain.loc/160/0
mar 12 09:57:38 s-addc.domain.loc named[3365517]: client @0x7f7470ffc6d0 192.168.1.100#49343/key S-ADDC\$\@DOMAIN.LOC: updating zone 'domain.loc/NONE': adding an RR at 'domain.loc' A 192.168.1.100
mar 12 09:57:38 s-addc.domain.loc named[3365517]: samba_dlz: added rdataset domain.loc 'domain.loc.        900        IN        A        192.168.1.100'
mar 12 09:57:38 s-addc.domain.loc named[3365517]: samba_dlz: subtracted rdataset domain.loc 'domain.loc.        3600        IN        SOA        s-addc.domain.loc. hostmaster.domain.loc. 25091 900 600 86400 3600'
mar 12 09:57:38 s-addc.domain.loc named[3365517]: samba_dlz: added rdataset domain.loc 'domain.loc.        3600        IN        SOA        s-addc.domain.loc. hostmaster.domain.loc. 25092 900 600 86400 3600'
mar 12 09:57:38 s-addc.domain.loc named[3365517]: samba_dlz: committed transaction on zone domain.loc
mar 12 09:57:38 s-addc.domain.loc named[3365517]:   validating in-addr.arpa/SOA: got insecure response; parent indicates it should be secure

Why this happened?
it's possible to avoid this automatism? 

Or I must delete it via crond every few-1 minutes this record?

Many thanks

-- 
Dario Lesca
(inviato dal mio Linux Fedora 35 Workstation)

More information about the samba mailing list