samba - Dec 2024 - Error when joining new DC

I really would like to do that. That's exactly why I'm asking if DNS
update can be allowed for DCs only and denied for all other clients. I looked
into it a few years ago but did not find a (simple) solution to this.

Br

________________________________
From: samba <samba-bounces at lists.samba.org> on behalf of Rowland Penny
via samba <samba at lists.samba.org>
Sent: Monday, December 16, 2024 5:10:09 PM
To: samba at lists.samba.org <samba at lists.samba.org>
Cc: Rowland Penny <rpenny at samba.org>
Subject: Re: [Samba] Error when joining new DC

On Mon, 16 Dec 2024 15:58:30 +0000
Peter Mittermayer via samba <samba at lists.samba.org> wrote:
> I know this file. But IP and HOSTNAME  are static in our case. So it
> just needs to run once when the new DC is joined.
>
No it doesn't, what happens if someone deletes the DCs dns records ?
The file is checked every 10 minutes on a Samba AD DC and if required,
any missing dns records are created. Also what if you move the
PDC_Emulator FSMO role to another DC, what will create the new dns
record ?

Please just uncomment the 'tkey' line.

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

On Mon, 16 Dec 2024 17:42:33 +0000
Peter Mittermayer via samba <samba at lists.samba.org> wrote:
> I really would like to do that. That's exactly why I'm asking if
DNS
> update can be allowed for DCs only and denied for all other clients.
> I looked into it a few years ago but did not find a (simple) solution
> to this.
> 
> Br
> 
You seem to be conflating the requirement with using the 'tkey' line
and the clients updating their dns records.

By default, Unix clients will not even attempt to update their dns
records and you can stop Windows clients from doing so.

You need the 'tkey' line, I suggest you use it.

Rowland