DNS updates denied?
Amitay Isaacs
amitay at gmail.com
Wed Jan 25 15:10:37 MST 2012
Hi Charles,
On Thu, Jan 26, 2012 at 6:35 AM, Charles Tryon <charles.tryon at gmail.com> wrote:
> DNS Policy question: I've finally found a way for DHCP on my Samba system
> to securely update the DNS records (bind9.8/DLZ) using a script to get a
> proper Kerberos ticket. The odd part is that the Windows boxes themselves
> are trying to update their own records every time they renew the DHCP
> lease... and they are getting denied. Is that because of the fact that
> they didn't originally *create* the A, AAAA and PTR records?
Windows does update the forward and reverse (if the zone is available) DNS names
when it joins the domain. The issue with DHCP updating the names is which user
is updating the names. If the names are created as dns-admin or administrator,
then windows machines will not be able to update the names, as they will not
have the permissions to update the names created by dns-admins or administrator.
So it might be easier to leave the updates to be handled by windows, as they are
created using the machine account and can be updated by windows. The issue
then would be that if you have any samba servers joining domain, they
will not be
updating the domain as there is no code in samba to update it's own dns entry.
Amitay.
More information about the samba-technical
mailing list