'Re: [Samba] DDNS with Bind'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       samba
Subject:    Re: [Samba] DDNS with Bind
From:       Rowland Penny via samba <samba () lists ! samba ! org>
Date:       2016-12-26 19:33:17
Message-ID: 20161226193317.0bae26ac () devstation ! samdom ! example ! com
[Download RAW message or body]

On Mon, 26 Dec 2016 19:58:26 +0100
Stefan Kania <stefan@kania-online.de> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> 
> 
> Am 26.12.2016 um 19:19 schrieb Rowland Penny via samba:
> > On Mon, 26 Dec 2016 18:24:25 +0100 Stefan Kania via samba
> > <samba@lists.samba.org> wrote:
> > 
> > > -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
> > > 
> > > 
> > > Hello, I try to set up a ADDC with bind9 and dhcp-Server for
> > > dynamic DNS-updates. I followd the wiki: 
> > > https://wiki.samba.org/index.php/Configure_DHCP_to_update_DNS_records
> _wi
> > > 
> > > 
> th_BIND9
> > > 
> > > My problem is, that the PTR Record will not be updated, because
> > > the script is using the wrong reverse-zone: -
> > > --------------------- Dez 26 17:30:05 addc-01 named[512]: client
> > > 192.168.56.200#60564/key dhcpduser\@EXAMPLE.NET: updating zone
> > > '168.192.IN-ADDR.ARPA/IN': update failed: not authoritative for
> > > update zone (NOTAUTH) Dez 26 17:30:05 addc-01 logger[989]:
> > > DHCP-DNS Update failed: 02 Dez 26 17:30:05 addc-01 dhcpd[803]:
> > > execute: /etc/dhcp/bin/dhcp-dyndns.sh exit status 512
> > > 
> > > - --------------------- The zonename should be
> > > "56.168.192.in-addr.arpa" so the "56" is missing. The
> > > forward-zone works.
> > > 
> > > My reverse-zone is: - -------------------- root@addc-01:~#
> > > samba-tool dns zonelist addc-01 3 zone(s) found
> > > 
> > > pszZoneName                 : 56.168.192.in-addr.arpa Flags
> > > > DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE ZoneType
> > > > DNS_ZONE_TYPE_PRIMARY Version                     : 50 
> > > dwDpFlags                   : DNS_DP_AUTOCREATED 
> > > DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED pszDpFqdn
> > > > DomainDnsZones.example.net
> > > 
> > > - -------------------- My dhcpd.conf is a copy from the wiki with
> > > my values: - ------------------- subnet 192.168.56.0 netmask
> > > 255.255.255.0 { option subnet-mask 255.255.255.0; option
> > > broadcast-address 192.168.56.255; option time-offset 0; option
> > > routers 192.168.56.1; option domain-name "example.net"; option
> > > domain-name-servers 192.168.56.200; option netbios-name-servers
> > > 192.168.56.200; option ntp-servers 192.168.0.200; pool { 
> > > max-lease-time 1800; # 30 minutes range 192.168.56.210
> > > 192.168.56.229; } - ------------------- So where do I have to set
> > > up the right reverse-zone?
> > 
> > This is strange, if you follow the script, you will find this:
> > 
> It's strange for me too ;-)
> > ip=$2
> > 
> > later on there is this:
> > 
> > # Set PTR address ptr=$(echo ${ip} | awk -F '.' '{print 
> > $4"."$3"."$2"."$1".in-addr.arpa"}')
> > 
> so the PTR is complet with all 4 octets of the IP-Address. That's why
> I don't understand that the dnsupdate is not working
> > Finally the update of the reverse zone is done with this:
> > 
> > nsupdate -g ${NSUPDFLAGS} << UPDATE server 127.0.0.1 realm
> > ${REALM} update delete ${ptr} 3600 PTR update add ${ptr} 3600 PTR
> > ${name}.${domain} send UPDATE result2=$?
> > 
> > If you restart bind9, do you find lines like these in the syslog:
> > 
> > Dec 26 18:10:23 member1 named[6786]: samba_dlz: started for DN
> > DC=samdom,DC=example,DC=com Dec 26 18:10:23 member1 named[6786]:
> > samba_dlz: starting configure Dec 26 18:10:23 member1 named[6786]:
> > samba_dlz: configured writeable zone '0.168.192.in-addr.arpa' Dec
> > 26 18:10:23 member1 named[6786]: samba_dlz: configured writeable
> > zone 'samdom.example.com' Dec 26 18:10:23 member1 named[6786]:
> > samba_dlz: configured writeable zone '_msdcs.samdom.example.com'
> > 
> > Can you post your named conf files ?
> Yes here it is:
> - -------------------
> Dec 26 19:51:19 addc-01 named[1645]: samba_dlz: started for DN
> DC=example,DC=net
> Dec 26 19:51:19 addc-01 named[1645]: samba_dlz: starting configure
> Dec 26 19:51:19 addc-01 named[1645]: samba_dlz: configured writeable
> zone '56.168.192.in-addr.arpa'
> Dec 26 19:51:19 addc-01 named[1645]: samba_dlz: configured writeable
> zone 'example.net'
> Dec 26 19:51:19 addc-01 named[1645]: samba_dlz: configured writeable
> zone '_msdcs.example.net'
> - -------------------
> As you can see, the reverse-zone is 56.168.192.in-addr.arpa
> 

Never doubted it ;-)

I have have been basically using that script for the last 4 years
(there have been some mods, but not to the actually update part) and I
have never had this problem.

If you read the manpage for nsupdate (this is what the script ultimately
runs), you will find this:

zone {zonename}
           Specifies that all updates are to be made to the zone zonename. If no zone \
statement is provided, nsupdate will attempt determine the correct zone to update \
based on the rest of the input.

Well, for you it obviously it isn't determining the zone, so try adding
it to the script, like this:

nsupdate -g ${NSUPDFLAGS} << UPDATE
server 127.0.0.1
realm ${REALM}
zone 56.168.192.in-addr.arpa
update delete ${ptr} 3600 PTR
update add ${ptr} 3600 PTR ${name}.${domain}
send
UPDATE
result2=$?

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic