-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, I try to set up a ADDC with bind9 and dhcp-Server for dynamic DNS-updates. I followd the wiki: https://wiki.samba.org/index.php/Configure_DHCP_to_update_DNS_records_wi th_BIND9 My problem is, that the PTR Record will not be updated, because the script is using the wrong reverse-zone: - --------------------- Dez 26 17:30:05 addc-01 named[512]: client 192.168.56.200#60564/key dhcpduser\@EXAMPLE.NET: updating zone '168.192.IN-ADDR.ARPA/IN': update failed: not authoritative for update zone (NOTAUTH) Dez 26 17:30:05 addc-01 logger[989]: DHCP-DNS Update failed: 02 Dez 26 17:30:05 addc-01 dhcpd[803]: execute: /etc/dhcp/bin/dhcp-dyndns.sh exit status 512 - --------------------- The zonename should be "56.168.192.in-addr.arpa" so the "56" is missing. The forward-zone works. My reverse-zone is: - -------------------- root at addc-01:~# samba-tool dns zonelist addc-01 3 zone(s) found pszZoneName : 56.168.192.in-addr.arpa Flags : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE ZoneType : DNS_ZONE_TYPE_PRIMARY Version : 50 dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED pszDpFqdn : DomainDnsZones.example.net - -------------------- My dhcpd.conf is a copy from the wiki with my values: - ------------------- subnet 192.168.56.0 netmask 255.255.255.0 { option subnet-mask 255.255.255.0; option broadcast-address 192.168.56.255; option time-offset 0; option routers 192.168.56.1; option domain-name "example.net"; option domain-name-servers 192.168.56.200; option netbios-name-servers 192.168.56.200; option ntp-servers 192.168.0.200; pool { max-lease-time 1800; # 30 minutes range 192.168.56.210 192.168.56.229; } - ------------------- So where do I have to set up the right reverse-zone? -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iEYEARECAAYFAlhhUkkACgkQ2JOGcNAHDTadxACgzCmGBGGGyLye1aGhjlGxxGoD GXMAn0tI2BOH/6f0p5dPpMWltFOx24l2 =maLP -----END PGP SIGNATURE-----
On Mon, 26 Dec 2016 18:24:25 +0100 Stefan Kania via samba <samba at lists.samba.org> wrote:> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > Hello, > I try to set up a ADDC with bind9 and dhcp-Server for dynamic > DNS-updates. I followd the wiki: > https://wiki.samba.org/index.php/Configure_DHCP_to_update_DNS_records_wi > th_BIND9 > > My problem is, that the PTR Record will not be updated, because the > script is using the wrong reverse-zone: > - --------------------- > Dez 26 17:30:05 addc-01 named[512]: client 192.168.56.200#60564/key > dhcpduser\@EXAMPLE.NET: updating zone '168.192.IN-ADDR.ARPA/IN': > update failed: not authoritative for update zone (NOTAUTH) > Dez 26 17:30:05 addc-01 logger[989]: DHCP-DNS Update failed: 02 > Dez 26 17:30:05 addc-01 dhcpd[803]: execute: > /etc/dhcp/bin/dhcp-dyndns.sh exit status 512 > > - --------------------- > The zonename should be "56.168.192.in-addr.arpa" so the "56" is > missing. The forward-zone works. > > My reverse-zone is: > - -------------------- > root at addc-01:~# samba-tool dns zonelist addc-01 > 3 zone(s) found > > pszZoneName : 56.168.192.in-addr.arpa > Flags : DNS_RPC_ZONE_DSINTEGRATED > DNS_RPC_ZONE_UPDATE_SECURE > ZoneType : DNS_ZONE_TYPE_PRIMARY > Version : 50 > dwDpFlags : DNS_DP_AUTOCREATED > DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED > pszDpFqdn : DomainDnsZones.example.net > > - -------------------- > My dhcpd.conf is a copy from the wiki with my values: > - ------------------- > subnet 192.168.56.0 netmask 255.255.255.0 { > option subnet-mask 255.255.255.0; > option broadcast-address 192.168.56.255; > option time-offset 0; > option routers 192.168.56.1; > option domain-name "example.net"; > option domain-name-servers 192.168.56.200; > option netbios-name-servers 192.168.56.200; > option ntp-servers 192.168.0.200; > pool { > max-lease-time 1800; # 30 minutes > range 192.168.56.210 192.168.56.229; > } > - ------------------- > So where do I have to set up the right reverse-zone?This is strange, if you follow the script, you will find this: ip=$2 later on there is this: # Set PTR address ptr=$(echo ${ip} | awk -F '.' '{print $4"."$3"."$2"."$1".in-addr.arpa"}') Finally the update of the reverse zone is done with this: nsupdate -g ${NSUPDFLAGS} << UPDATE server 127.0.0.1 realm ${REALM} update delete ${ptr} 3600 PTR update add ${ptr} 3600 PTR ${name}.${domain} send UPDATE result2=$? If you restart bind9, do you find lines like these in the syslog: Dec 26 18:10:23 member1 named[6786]: samba_dlz: started for DN DC=samdom,DC=example,DC=com Dec 26 18:10:23 member1 named[6786]: samba_dlz: starting configure Dec 26 18:10:23 member1 named[6786]: samba_dlz: configured writeable zone '0.168.192.in-addr.arpa' Dec 26 18:10:23 member1 named[6786]: samba_dlz: configured writeable zone 'samdom.example.com' Dec 26 18:10:23 member1 named[6786]: samba_dlz: configured writeable zone '_msdcs.samdom.example.com' Can you post your named conf files ? Rowland
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Am 26.12.2016 um 18:24 schrieb Stefan Kania via samba:> > Hello, I try to set up a ADDC with bind9 and dhcp-Server for > dynamic DNS-updates. I followd the wiki: > https://wiki.samba.org/index.php/Configure_DHCP_to_update_DNS_records_wi> >th_BIND9> > My problem is, that the PTR Record will not be updated, because > the script is using the wrong reverse-zone: --------------------- > Dez 26 17:30:05 addc-01 named[512]: client > 192.168.56.200#60564/key dhcpduser\@EXAMPLE.NET: updating zone > '168.192.IN-ADDR.ARPA/IN': update failed: not authoritative for > update zone (NOTAUTH) Dez 26 17:30:05 addc-01 logger[989]: DHCP-DNS > Update failed: 02 Dez 26 17:30:05 addc-01 dhcpd[803]: execute: > /etc/dhcp/bin/dhcp-dyndns.sh exit status 512If I ran the script by hand: /etc/dhcp/bin/dhcp-dyndns.sh add 192.168.56.210 08:00:27:13:99:73 chcp-c 1 Everything is working fine: - ---------------- Sending update to 127.0.0.1#53 Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 9096 ;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 2, ADDITIONAL: 1 ;; UPDATE SECTION: 210.56.168.192.in-addr.arpa. 0 ANY PTR 210.56.168.192.in-addr.arpa. 3600 IN PTR chcp-c1.example.net. - ---------------- root at addc-01:~# host 192.168.56.210 210.56.168.192.in-addr.arpa domain name pointer chcp-c1.example.net. Stefan -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iEYEARECAAYFAlhhbkkACgkQ2JOGcNAHDTbnQQCfVftcnUKErgf01/3KDAW9tM26 rEIAn3RYPH3T5iYpE0YX+E/Pi3p3y91i =HAjj -----END PGP SIGNATURE-----
On Mon, 26 Dec 2016 20:23:53 +0100 Stefan Kania via samba <samba at lists.samba.org> wrote:> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Am 26.12.2016 um 18:24 schrieb Stefan Kania via samba: > > > > Hello, I try to set up a ADDC with bind9 and dhcp-Server for > > dynamic DNS-updates. I followd the wiki: > > https://wiki.samba.org/index.php/Configure_DHCP_to_update_DNS_records_ > wi > > > > > th_BIND9 > > > > My problem is, that the PTR Record will not be updated, because > > the script is using the wrong reverse-zone: --------------------- > > Dez 26 17:30:05 addc-01 named[512]: client > > 192.168.56.200#60564/key dhcpduser\@EXAMPLE.NET: updating zone > > '168.192.IN-ADDR.ARPA/IN': update failed: not authoritative for > > update zone (NOTAUTH) Dez 26 17:30:05 addc-01 logger[989]: DHCP-DNS > > Update failed: 02 Dez 26 17:30:05 addc-01 dhcpd[803]: execute: > > /etc/dhcp/bin/dhcp-dyndns.sh exit status 512 > > > If I ran the script by hand: > /etc/dhcp/bin/dhcp-dyndns.sh add 192.168.56.210 08:00:27:13:99:73 > chcp-c 1 > > Everything is working fine: > - ---------------- > Sending update to 127.0.0.1#53 > Outgoing update query: > ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 9096 > ;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 2, ADDITIONAL: 1 > ;; UPDATE SECTION: > 210.56.168.192.in-addr.arpa. 0 ANY PTR > 210.56.168.192.in-addr.arpa. 3600 IN PTR chcp-c1.example.net. > > - ---------------- > root at addc-01:~# host 192.168.56.210 > 210.56.168.192.in-addr.arpa domain name pointer chcp-c1.example.net. > > Stefan > > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2.0.22 (GNU/Linux) > > iEYEARECAAYFAlhhbkkACgkQ2JOGcNAHDTbnQQCfVftcnUKErgf01/3KDAW9tM26 > rEIAn3RYPH3T5iYpE0YX+E/Pi3p3y91i > =HAjj > -----END PGP SIGNATURE----- >AH ;-) What OS is this ? Who does dhcpd run as ? Rowland
On Mon, 26 Dec 2016 19:58:26 +0100 Stefan Kania <stefan at kania-online.de> wrote:> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Am 26.12.2016 um 19:19 schrieb Rowland Penny via samba: > > On Mon, 26 Dec 2016 18:24:25 +0100 Stefan Kania via samba > > <samba at lists.samba.org> wrote: > > > >> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > >> > >> > >> Hello, I try to set up a ADDC with bind9 and dhcp-Server for > >> dynamic DNS-updates. I followd the wiki: > >> https://wiki.samba.org/index.php/Configure_DHCP_to_update_DNS_records > _wi > >> > >> > th_BIND9 > >> > >> My problem is, that the PTR Record will not be updated, because > >> the script is using the wrong reverse-zone: - > >> --------------------- Dez 26 17:30:05 addc-01 named[512]: client > >> 192.168.56.200#60564/key dhcpduser\@EXAMPLE.NET: updating zone > >> '168.192.IN-ADDR.ARPA/IN': update failed: not authoritative for > >> update zone (NOTAUTH) Dez 26 17:30:05 addc-01 logger[989]: > >> DHCP-DNS Update failed: 02 Dez 26 17:30:05 addc-01 dhcpd[803]: > >> execute: /etc/dhcp/bin/dhcp-dyndns.sh exit status 512 > >> > >> - --------------------- The zonename should be > >> "56.168.192.in-addr.arpa" so the "56" is missing. The > >> forward-zone works. > >> > >> My reverse-zone is: - -------------------- root at addc-01:~# > >> samba-tool dns zonelist addc-01 3 zone(s) found > >> > >> pszZoneName : 56.168.192.in-addr.arpa Flags > >> : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE ZoneType > >> : DNS_ZONE_TYPE_PRIMARY Version : 50 > >> dwDpFlags : DNS_DP_AUTOCREATED > >> DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED pszDpFqdn > >> : DomainDnsZones.example.net > >> > >> - -------------------- My dhcpd.conf is a copy from the wiki with > >> my values: - ------------------- subnet 192.168.56.0 netmask > >> 255.255.255.0 { option subnet-mask 255.255.255.0; option > >> broadcast-address 192.168.56.255; option time-offset 0; option > >> routers 192.168.56.1; option domain-name "example.net"; option > >> domain-name-servers 192.168.56.200; option netbios-name-servers > >> 192.168.56.200; option ntp-servers 192.168.0.200; pool { > >> max-lease-time 1800; # 30 minutes range 192.168.56.210 > >> 192.168.56.229; } - ------------------- So where do I have to set > >> up the right reverse-zone? > > > > This is strange, if you follow the script, you will find this: > > > It's strange for me too ;-) > > ip=$2 > > > > later on there is this: > > > > # Set PTR address ptr=$(echo ${ip} | awk -F '.' '{print > > $4"."$3"."$2"."$1".in-addr.arpa"}') > > > so the PTR is complet with all 4 octets of the IP-Address. That's why > I don't understand that the dnsupdate is not working > > Finally the update of the reverse zone is done with this: > > > > nsupdate -g ${NSUPDFLAGS} << UPDATE server 127.0.0.1 realm > > ${REALM} update delete ${ptr} 3600 PTR update add ${ptr} 3600 PTR > > ${name}.${domain} send UPDATE result2=$? > > > > If you restart bind9, do you find lines like these in the syslog: > > > > Dec 26 18:10:23 member1 named[6786]: samba_dlz: started for DN > > DC=samdom,DC=example,DC=com Dec 26 18:10:23 member1 named[6786]: > > samba_dlz: starting configure Dec 26 18:10:23 member1 named[6786]: > > samba_dlz: configured writeable zone '0.168.192.in-addr.arpa' Dec > > 26 18:10:23 member1 named[6786]: samba_dlz: configured writeable > > zone 'samdom.example.com' Dec 26 18:10:23 member1 named[6786]: > > samba_dlz: configured writeable zone '_msdcs.samdom.example.com' > > > > Can you post your named conf files ? > Yes here it is: > - ------------------- > Dec 26 19:51:19 addc-01 named[1645]: samba_dlz: started for DN > DC=example,DC=net > Dec 26 19:51:19 addc-01 named[1645]: samba_dlz: starting configure > Dec 26 19:51:19 addc-01 named[1645]: samba_dlz: configured writeable > zone '56.168.192.in-addr.arpa' > Dec 26 19:51:19 addc-01 named[1645]: samba_dlz: configured writeable > zone 'example.net' > Dec 26 19:51:19 addc-01 named[1645]: samba_dlz: configured writeable > zone '_msdcs.example.net' > - ------------------- > As you can see, the reverse-zone is 56.168.192.in-addr.arpa >Never doubted it ;-) I have have been basically using that script for the last 4 years (there have been some mods, but not to the actually update part) and I have never had this problem. If you read the manpage for nsupdate (this is what the script ultimately runs), you will find this: zone {zonename} Specifies that all updates are to be made to the zone zonename. If no zone statement is provided, nsupdate will attempt determine the correct zone to update based on the rest of the input. Well, for you it obviously it isn't determining the zone, so try adding it to the script, like this: nsupdate -g ${NSUPDFLAGS} << UPDATE server 127.0.0.1 realm ${REALM} zone 56.168.192.in-addr.arpa update delete ${ptr} 3600 PTR update add ${ptr} 3600 PTR ${name}.${domain} send UPDATE result2=$? Rowland
On Mon, 26 Dec 2016 21:09:57 +0100 Stefan Kania <stefan at kania-online.de> wrote:> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi Rowland, > > I think I got it :-) > I think it was a copy&paste Problem. I have rewriten the dhcpd.conf > file, without copy it. Then it worked. I think there was some hidden > character in the file. > strange thing. > > To answer your questions. I did my setup on a debian8 System with the > SerNet 4.5 packages and bind9 and isc-dhcp-server. Both from debian. > > So I think the wiki is ok. Maybe I try it again, to se if the > copy&paste error will be the same. >It should be okay, I wrote it LOL, but if there are errors, let me know and I will fix them. Rowland