samba - Jan 2021 - Dynamic Updates to Bind DLZ through DHCP have repeated errors in syslog

So I'm upgrading our current NT4 domain to Samba AD with Bind9 DNS. Our
current DHCP/DNS setup is on one server, separate from the Domain server.
With Samba AD, we'll be using Samba's tools to manage the DNS, thus
allowing use of things like the Windows Server Admin Tool suite (DNS, AD
Users & Groups, etc.). So Bind9, isc-dhcp-server, and Samba is all going to
be on the same machine for the new setup.

The new domain runs on domain.com, not ad.domain.com, this is intentional.
The entire org runs on this domain.com domain, including full resolution of
hostname through DNS. Our current setup syncs the records through rndc_key
(Seems similar to this guide:
http://www.debianadmin.com/howto-setup-dhcp-server-and-dynamic-dns-with-bind-in-debian.html),
though this was setup by my predecessor.

Following Samba's Guide (
https://wiki.samba.org/index.php/Configure_DHCP_to_update_DNS_records_with_BIND9
) on how to set this up, I noticed some glaring issues in /var/log/syslog once
we started passing some traffic to this server. Most notably being various
uncaught exceptions from leases expiring/DHCP renewals. Looking deeper,
this is caused from the script not having all of the required args that
samba-tool requires to delete an entry in DNS, specifically the Record name
(e.g if the record was my-pc.domain.com, it isn't passing the my-pc piece).

Below are my configurations of BIND and DHCP, as well as some log snippets:

BIND Configuration files:
named.conf.options
http://haste.thegamingcorner.net/yawevezozi.cs
named.conf.local
include "/var/lib/samba/bind-dns/named.conf";

DHCP Configuration files:
http://haste.thegamingcorner.net/rowukatuge.cpp

/var/log/syslog snippets (multiple haste links):
This one shows a lease expiration and renewal, but unsuccessful on the DNS
script run: http://haste.thegamingcorner.net/ibixayefek.sql

This one is showing that when the lease expires, the script provided from
the above guide isn't using the required arguments from samba-tool, causing
a fail condition on the dhcp-dyndns script:
http://haste.thegamingcorner.net/ewinedeyos.sql

My question boils down to: Is this the best way to handle DHCP updating
non-domain bound devices (e.g IP Phones, independent PCs, etc.)  in AD's
DNS? Have there been any revisions to the script/the hooks in dhcpd.conf to
allow for these args to be pulled? We have a need for all devices on the
network to be added to DNS once DHCP issues a lease for remote support, so
it's critical that this piece be working correctly before moving this to
production.

Let me know if there's anything else needed to help answer this, and I
appreciate any help given!

Regards,
Ralph

A quick update to what I was testing: It's also erroring on actual
release, as well as expire (See log below):
http://haste.thegamingcorner.net/aropiroyuv.sql

On Wed, Jan 27, 2021 at 3:43 PM ralph strebbing
<blackbirdralph at gmail.com> wrote:
>
> So I'm upgrading our current NT4 domain to Samba AD with Bind9 DNS. Our
current DHCP/DNS setup is on one server, separate from the Domain server. With
Samba AD, we'll be using Samba's tools to manage the DNS, thus allowing
use of things like [snip]

On 27/01/2021 20:43, ralph strebbing via samba wrote:
> So I'm upgrading our current NT4 domain to Samba AD with Bind9 DNS. Our
> current DHCP/DNS setup is on one server, separate from the Domain server.
> With Samba AD, we'll be using Samba's tools to manage the DNS, thus
> allowing use of things like the Windows Server Admin Tool suite (DNS, AD
> Users & Groups, etc.). So Bind9, isc-dhcp-server, and Samba is all
going to
> be on the same machine for the new setup.
>
OK, you have identified a problem with the script ?

However, this error has nothing to do with the script:

ERROR(runtime): uncaught exception - (9711, 
'WERR_DNS_ERROR_RECORD_ALREADY_EXISTS')

This is being caused by a bug in the 'samba-tool dns' code and was fixed
in early 2020, so you need to upgrade Samba to 4.13.x

I will have a look at the dhcp update script and get back to you.

You also shouldn't need the 'rndc.key'

Rowland