samba - Oct 2017 - bind9 and isc-dhcp-Server for dynamic DNS-updates Error

This is my named.conf
options {
                directory "/var/cache/bind";
                notify no;
                empty-zones-enable no;
                auth-nxdomain yes;
                listen-on-v6 { none; };
                forwarders { 192.168.10.3; 10.0.0.3; };
                allow-query { 127.0.0.1/32; 192.168.16.0/24; };
                allow-recursion { 127.0.0.1/32; 192.168.16.0/24; };
                tkey-gssapi-keytab
"/usr/local/samba/private/dns.keytab";
};

I remove the comment sign '#'
NSUPDFLAGS="-d"

But the logs are the same:
Oct  7 17:44:38 samba467 dhcpd: DHCPREQUEST for 192.168.16.38 from
08:00:27:e7:0a:66 (omtest) via eth0
Oct  7 17:44:38 samba467 dhcpd: DHCPACK on 192.168.16.38 to 08:00:27:e7:0a:66
(omtest) via eth0
Oct  7 17:44:55 samba467 dhcpd: Commit: IP: 192.168.16.37 DHCID:
1:0:c:29:e5:43:bf Name: ubuntu
Oct  7 17:44:55 samba467 dhcpd: execute_statement argv[0] =
/etc/dhcp/bin/dhcp-dyndns.sh
Oct  7 17:44:55 samba467 dhcpd: execute_statement argv[1] = add
Oct  7 17:44:55 samba467 dhcpd: execute_statement argv[2] = 192.168.16.37
Oct  7 17:44:55 samba467 dhcpd: execute_statement argv[3] = 1:0:c:29:e5:43:bf
Oct  7 17:44:55 samba467 dhcpd: execute_statement argv[4] = ubuntu
Oct  7 17:44:55 samba467 dhcpd: execute: /etc/dhcp/bin/dhcp-dyndns.sh exit
status 256


----- Mensaje original -----
De: "samba" <samba at lists.samba.org>
Para: "samba" <samba at lists.samba.org>
Enviados: Sábado, 7 de Octubre 2017 17:30:54
Asunto: Re: [Samba] bind9 and isc-dhcp-Server for dynamic DNS-updates Error

On Sat, 7 Oct 2017 16:55:50 -0400 (CDT)
Siovel Rodríguez Morales <siovel at softel.cu> wrote:
> Hello Rolawnd, I followed the wikipage exactly. Bind9 is installed on
> the Samba DC. The Linux-Client should be a member of the Active
> Directory-domain?
> 
It works for printers and I haven't yet found a way to join them to a
domain ;-)

It should work like a normal DHCP server, but it should also update the
Samba AD records.

Two things, can you post your named.conf files and can you find this
line in the /etc/dhcp/bin/dhcp-dyndns.sh :

#NSUPDFLAGS="-d"

remove the comment sign '#' and try again.

You should get a lot more info in the logs.

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

On Sat, 7 Oct 2017 17:51:27 -0400 (CDT)
Siovel Rodríguez Morales <siovel at softel.cu> wrote:
> This is my named.conf
> options {
>                 directory "/var/cache/bind";
>                 notify no;
>                 empty-zones-enable no;
>                 auth-nxdomain yes;
>                 listen-on-v6 { none; };
>                 forwarders { 192.168.10.3; 10.0.0.3; };
>                 allow-query { 127.0.0.1/32; 192.168.16.0/24; };
>                 allow-recursion { 127.0.0.1/32; 192.168.16.0/24; };
>                 tkey-gssapi-keytab
> "/usr/local/samba/private/dns.keytab"; };
> 
> I remove the comment sign '#'
> NSUPDFLAGS="-d"
> 
> But the logs are the same:
> Oct  7 17:44:38 samba467 dhcpd: DHCPREQUEST for 192.168.16.38 from
> 08:00:27:e7:0a:66 (omtest) via eth0 Oct  7 17:44:38 samba467 dhcpd:
> DHCPACK on 192.168.16.38 to 08:00:27:e7:0a:66 (omtest) via eth0 Oct
> 7 17:44:55 samba467 dhcpd: Commit: IP: 192.168.16.37 DHCID:
> 1:0:c:29:e5:43:bf Name: ubuntu Oct  7 17:44:55 samba467 dhcpd:
> execute_statement argv[0] = /etc/dhcp/bin/dhcp-dyndns.sh Oct  7
> 17:44:55 samba467 dhcpd: execute_statement argv[1] = add Oct  7
> 17:44:55 samba467 dhcpd: execute_statement argv[2] = 192.168.16.37
> Oct  7 17:44:55 samba467 dhcpd: execute_statement argv[3] >
1:0:c:29:e5:43:bf Oct  7 17:44:55 samba467 dhcpd: execute_statement
> argv[4] = ubuntu Oct  7 17:44:55 samba467 dhcpd:
> execute: /etc/dhcp/bin/dhcp-dyndns.sh exit status 256
> 
> 
These are my named.conf files:

/etc/bind/named.conf 

include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";

/etc/bind/named.conf.options

options {
        directory "/var/cache/bind";
        notify no;
        empty-zones-enable no;
        allow-query { 127.0.0.1; 192.168.0.0/24; };
        allow-recursion { 192.168.0.0/24;  127.0.0.1/32; };
        forwarders { 8.8.8.8; };
        allow-transfer { none; };
        dnssec-validation no;
        dnssec-enable no;
        listen-on-v6 { none; };
        listen-on port 53 { 192.168.0.2; 127.0.0.1; };
        tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab";
};

/etc/bind/named.conf.local

include "/usr/local/samba/private/named.conf";

/etc/bind/named.conf.default-zones

// prime the server with knowledge of the root servers
zone "." {
        type hint;
        file "/etc/bind/db.root";
};

// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912

zone "localhost" {
        type master;
        file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
        type master;
        file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
        type master;
        file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
        type master;
        file "/etc/bind/db.255";
};

/etc/default/bind9 

# run resolvconf?
RESOLVCONF=no

# startup options for the server
OPTIONS="-u bind -4"

Removing the '#' should make dnsupdate be a lot more verbous, but it
doesn't seem to be outputting anything, when it works correctly you
should see something like this in syslog:

Oct  7 06:36:51 dc1.example.com dhcpd: DHCPREQUEST for 192.168.0.88 from
ec:08:6b:0c:cb:c2 (devstation) via eth0
Oct  7 06:36:51 dc1.example.com dhcpd: DHCPACK on 192.168.0.88 to
ec:08:6b:0c:cb:c2 (devstation) via eth0
Oct  7 06:51:36 dc1.example.com dhcpd: Commit: IP: 192.168.0.88 DHCID:
1:ec:8:6b:c:cb:c2 Name: devstation
Oct  7 06:51:36 dc1.example.com dhcpd: execute_statement argv[0] =
/etc/dhcp/bin/dhcp-dyndns.sh
Oct  7 06:51:36 dc1.example.com dhcpd: execute_statement argv[1] = add
Oct  7 06:51:36 dc1.example.com dhcpd: execute_statement argv[2] = 192.168.0.88
Oct  7 06:51:36 dc1.example.com dhcpd: execute_statement argv[3] =
1:ec:8:6b:c:cb:c2
Oct  7 06:51:36 dc1.example.com dhcpd: execute_statement argv[4] = devstation
Oct  7 06:51:37 dc1.example.com named[26110]: samba_dlz: starting transaction on
zone samdom.example.com
Oct  7 06:51:37 dc1.example.com named[26110]: samba_dlz: allowing update of
signer=dhcpduser\@SAMDOM.EXAMPLE.COM name=devstation.samdom.example.com
tcpaddr=127.0.0.1 type=A
key=3046387417.sig-dc1.example.com.samdom.example.com/160/0
Oct  7 06:51:37 dc1.example.com named[26110]: samba_dlz: allowing update of
signer=dhcpduser\@SAMDOM.EXAMPLE.COM name=devstation.samdom.example.com
tcpaddr=127.0.0.1 type=A
key=3046387417.sig-dc1.example.com.samdom.example.com/160/0
Oct  7 06:51:37 dc1.example.com named[26110]: client 127.0.0.1#44121/key
dhcpduser\@SAMDOM.EXAMPLE.COM: updating zone 'samdom.example.com/NONE':
deleting rrset at 'devstation.samdom.example.com' A
Oct  7 06:51:37 dc1.example.com named[26110]: samba_dlz: subtracted rdataset
devstation.samdom.example.com
'devstation.samdom.example.com.#0113600#011IN#011A#011192.168.0.88'
Oct  7 06:51:37 dc1.example.com named[26110]: client 127.0.0.1#44121/key
dhcpduser\@SAMDOM.EXAMPLE.COM: updating zone 'samdom.example.com/NONE':
adding an RR at 'devstation.samdom.example.com' A
Oct  7 06:51:37 dc1.example.com named[26110]: samba_dlz: added rdataset
devstation.samdom.example.com
'devstation.samdom.example.com.#0113600#011IN#011A#011192.168.0.88'
Oct  7 06:51:37 dc1.example.com named[26110]: samba_dlz: committed transaction
on zone samdom.example.com
Oct  7 06:51:37 dc1.example.com named[26110]: samba_dlz: starting transaction on
zone 0.168.192.in-addr.arpa
Oct  7 06:51:37 dc1.example.com named[26110]: samba_dlz: allowing update of
signer=dhcpduser\@SAMDOM.EXAMPLE.COM name=88.0.168.192.in-addr.arpa
tcpaddr=127.0.0.1 type=PTR
key=1661100354.sig-dc1.example.com.samdom.example.com/160/0
Oct  7 06:51:37 dc1.example.com named[26110]: samba_dlz: allowing update of
signer=dhcpduser\@SAMDOM.EXAMPLE.COM name=88.0.168.192.in-addr.arpa
tcpaddr=127.0.0.1 type=PTR
key=1661100354.sig-dc1.example.com.samdom.example.com/160/0
Oct  7 06:51:37 dc1.example.com named[26110]: client 127.0.0.1#36142/key
dhcpduser\@SAMDOM.EXAMPLE.COM: updating zone
'0.168.192.in-addr.arpa/NONE': deleting rrset at
'88.0.168.192.in-addr.arpa' PTR
Oct  7 06:51:37 dc1.example.com named[26110]: samba_dlz: subtracted rdataset
88.0.168.192.in-addr.arpa
'88.0.168.192.in-addr.arpa.#0113600#011IN#011PTR#011devstation.samdom.example.com.'
Oct  7 06:51:37 dc1.example.com named[26110]: client 127.0.0.1#36142/key
dhcpduser\@SAMDOM.EXAMPLE.COM: updating zone
'0.168.192.in-addr.arpa/NONE': adding an RR at
'88.0.168.192.in-addr.arpa' PTR
Oct  7 06:51:37 dc1.example.com named[26110]: samba_dlz: added rdataset
88.0.168.192.in-addr.arpa
'88.0.168.192.in-addr.arpa.#0113600#011IN#011PTR#011devstation.samdom.example.com.'
Oct  7 06:51:37 dc1.example.com named[26110]: samba_dlz: committed transaction
on zone 0.168.192.in-addr.arpa
Oct  7 06:51:37 dc1.example.com root: DHCP-DNS Update succeeded

Just another thought, there isn't another dhcp server on the same
network is there ?

and yet another thought, the clients name seems to be 'ubuntu' , have
you turned of dnsmasq in Network-Manager ?

Rowland

Hi Rowland, I have not another dhcp server. dnsmasq is not configured.

I think the problem may be permissions. Which distribution linux do you use,
Ubuntu?
I was tracing the script code dhcp-dyndns.sh, when the execution on the first
line fails

Is correct this instructions in Debian:
 chown root:root  /etc/dhcp/dhcpduser.keytab
 chmod 400  /etc/dhcp/dhcpduser.keytab


----- Mensaje original -----
De: "samba" <samba at lists.samba.org>
Para: "samba" <samba at lists.samba.org>
Enviados: Sábado, 7 de Octubre 2017 18:19:59
Asunto: Re: [Samba] bind9 and isc-dhcp-Server for dynamic DNS-updates Error

On Sat, 7 Oct 2017 17:51:27 -0400 (CDT)
Siovel Rodríguez Morales <siovel at softel.cu> wrote:
> This is my named.conf
> options {
>                 directory "/var/cache/bind";
>                 notify no;
>                 empty-zones-enable no;
>                 auth-nxdomain yes;
>                 listen-on-v6 { none; };
>                 forwarders { 192.168.10.3; 10.0.0.3; };
>                 allow-query { 127.0.0.1/32; 192.168.16.0/24; };
>                 allow-recursion { 127.0.0.1/32; 192.168.16.0/24; };
>                 tkey-gssapi-keytab
> "/usr/local/samba/private/dns.keytab"; };
> 
> I remove the comment sign '#'
> NSUPDFLAGS="-d"
> 
> But the logs are the same:
> Oct  7 17:44:38 samba467 dhcpd: DHCPREQUEST for 192.168.16.38 from
> 08:00:27:e7:0a:66 (omtest) via eth0 Oct  7 17:44:38 samba467 dhcpd:
> DHCPACK on 192.168.16.38 to 08:00:27:e7:0a:66 (omtest) via eth0 Oct
> 7 17:44:55 samba467 dhcpd: Commit: IP: 192.168.16.37 DHCID:
> 1:0:c:29:e5:43:bf Name: ubuntu Oct  7 17:44:55 samba467 dhcpd:
> execute_statement argv[0] = /etc/dhcp/bin/dhcp-dyndns.sh Oct  7
> 17:44:55 samba467 dhcpd: execute_statement argv[1] = add Oct  7
> 17:44:55 samba467 dhcpd: execute_statement argv[2] = 192.168.16.37
> Oct  7 17:44:55 samba467 dhcpd: execute_statement argv[3] >
1:0:c:29:e5:43:bf Oct  7 17:44:55 samba467 dhcpd: execute_statement
> argv[4] = ubuntu Oct  7 17:44:55 samba467 dhcpd:
> execute: /etc/dhcp/bin/dhcp-dyndns.sh exit status 256
> 
> 
These are my named.conf files:

/etc/bind/named.conf 

include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";

/etc/bind/named.conf.options

options {
        directory "/var/cache/bind";
        notify no;
        empty-zones-enable no;
        allow-query { 127.0.0.1; 192.168.0.0/24; };
        allow-recursion { 192.168.0.0/24;  127.0.0.1/32; };
        forwarders { 8.8.8.8; };
        allow-transfer { none; };
        dnssec-validation no;
        dnssec-enable no;
        listen-on-v6 { none; };
        listen-on port 53 { 192.168.0.2; 127.0.0.1; };
        tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab";
};

/etc/bind/named.conf.local

include "/usr/local/samba/private/named.conf";

/etc/bind/named.conf.default-zones

// prime the server with knowledge of the root servers
zone "." {
        type hint;
        file "/etc/bind/db.root";
};

// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912

zone "localhost" {
        type master;
        file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
        type master;
        file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
        type master;
        file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
        type master;
        file "/etc/bind/db.255";
};

/etc/default/bind9 

# run resolvconf?
RESOLVCONF=no

# startup options for the server
OPTIONS="-u bind -4"

Removing the '#' should make dnsupdate be a lot more verbous, but it
doesn't seem to be outputting anything, when it works correctly you
should see something like this in syslog:

Oct  7 06:36:51 dc1.example.com dhcpd: DHCPREQUEST for 192.168.0.88 from
ec:08:6b:0c:cb:c2 (devstation) via eth0
Oct  7 06:36:51 dc1.example.com dhcpd: DHCPACK on 192.168.0.88 to
ec:08:6b:0c:cb:c2 (devstation) via eth0
Oct  7 06:51:36 dc1.example.com dhcpd: Commit: IP: 192.168.0.88 DHCID:
1:ec:8:6b:c:cb:c2 Name: devstation
Oct  7 06:51:36 dc1.example.com dhcpd: execute_statement argv[0] =
/etc/dhcp/bin/dhcp-dyndns.sh
Oct  7 06:51:36 dc1.example.com dhcpd: execute_statement argv[1] = add
Oct  7 06:51:36 dc1.example.com dhcpd: execute_statement argv[2] = 192.168.0.88
Oct  7 06:51:36 dc1.example.com dhcpd: execute_statement argv[3] =
1:ec:8:6b:c:cb:c2
Oct  7 06:51:36 dc1.example.com dhcpd: execute_statement argv[4] = devstation
Oct  7 06:51:37 dc1.example.com named[26110]: samba_dlz: starting transaction on
zone samdom.example.com
Oct  7 06:51:37 dc1.example.com named[26110]: samba_dlz: allowing update of
signer=dhcpduser\@SAMDOM.EXAMPLE.COM name=devstation.samdom.example.com
tcpaddr=127.0.0.1 type=A
key=3046387417.sig-dc1.example.com.samdom.example.com/160/0
Oct  7 06:51:37 dc1.example.com named[26110]: samba_dlz: allowing update of
signer=dhcpduser\@SAMDOM.EXAMPLE.COM name=devstation.samdom.example.com
tcpaddr=127.0.0.1 type=A
key=3046387417.sig-dc1.example.com.samdom.example.com/160/0
Oct  7 06:51:37 dc1.example.com named[26110]: client 127.0.0.1#44121/key
dhcpduser\@SAMDOM.EXAMPLE.COM: updating zone 'samdom.example.com/NONE':
deleting rrset at 'devstation.samdom.example.com' A
Oct  7 06:51:37 dc1.example.com named[26110]: samba_dlz: subtracted rdataset
devstation.samdom.example.com
'devstation.samdom.example.com.#0113600#011IN#011A#011192.168.0.88'
Oct  7 06:51:37 dc1.example.com named[26110]: client 127.0.0.1#44121/key
dhcpduser\@SAMDOM.EXAMPLE.COM: updating zone 'samdom.example.com/NONE':
adding an RR at 'devstation.samdom.example.com' A
Oct  7 06:51:37 dc1.example.com named[26110]: samba_dlz: added rdataset
devstation.samdom.example.com
'devstation.samdom.example.com.#0113600#011IN#011A#011192.168.0.88'
Oct  7 06:51:37 dc1.example.com named[26110]: samba_dlz: committed transaction
on zone samdom.example.com
Oct  7 06:51:37 dc1.example.com named[26110]: samba_dlz: starting transaction on
zone 0.168.192.in-addr.arpa
Oct  7 06:51:37 dc1.example.com named[26110]: samba_dlz: allowing update of
signer=dhcpduser\@SAMDOM.EXAMPLE.COM name=88.0.168.192.in-addr.arpa
tcpaddr=127.0.0.1 type=PTR
key=1661100354.sig-dc1.example.com.samdom.example.com/160/0
Oct  7 06:51:37 dc1.example.com named[26110]: samba_dlz: allowing update of
signer=dhcpduser\@SAMDOM.EXAMPLE.COM name=88.0.168.192.in-addr.arpa
tcpaddr=127.0.0.1 type=PTR
key=1661100354.sig-dc1.example.com.samdom.example.com/160/0
Oct  7 06:51:37 dc1.example.com named[26110]: client 127.0.0.1#36142/key
dhcpduser\@SAMDOM.EXAMPLE.COM: updating zone
'0.168.192.in-addr.arpa/NONE': deleting rrset at
'88.0.168.192.in-addr.arpa' PTR
Oct  7 06:51:37 dc1.example.com named[26110]: samba_dlz: subtracted rdataset
88.0.168.192.in-addr.arpa
'88.0.168.192.in-addr.arpa.#0113600#011IN#011PTR#011devstation.samdom.example.com.'
Oct  7 06:51:37 dc1.example.com named[26110]: client 127.0.0.1#36142/key
dhcpduser\@SAMDOM.EXAMPLE.COM: updating zone
'0.168.192.in-addr.arpa/NONE': adding an RR at
'88.0.168.192.in-addr.arpa' PTR
Oct  7 06:51:37 dc1.example.com named[26110]: samba_dlz: added rdataset
88.0.168.192.in-addr.arpa
'88.0.168.192.in-addr.arpa.#0113600#011IN#011PTR#011devstation.samdom.example.com.'
Oct  7 06:51:37 dc1.example.com named[26110]: samba_dlz: committed transaction
on zone 0.168.192.in-addr.arpa
Oct  7 06:51:37 dc1.example.com root: DHCP-DNS Update succeeded

Just another thought, there isn't another dhcp server on the same
network is there ?

and yet another thought, the clients name seems to be 'ubuntu' , have
you turned of dnsmasq in Network-Manager ?

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba