Olivier BILHAUT
2013-Apr-09 08:09 UTC
[Samba] (D)DNS Updates with GNU/Linux clients in a samba 4 AD environment (BIND_DLZ)
Hi ! I bounce on the Mr Sloop's post ([Samba] DDNS / DHCPd && Internal DNS or BIND_DLZ) to ask what's the easiest way to allow Linux clients to update themself their DNS record in the Samba4 AD server (with BIND_DLZ Dns server). It works well with windows clients, but with Linux clients joined to the domain, with a valid Kerberos ticket, the client receive a error "ERROR_DNS_INVALID_MESSAGE" and the famous "DNS update failed!" message. Is there a hack ? Thanks in advance. -- Olivier Le 08/04/2013 20:00, samba-request at lists.samba.org a ?crit :> Summary: If your clients are Windows clients, just leave things as > is... they will handle updating DNS records in EITHER the internal DNS or > BIND_DLZ server without any special hacks or scripts to handle it. > > If you have a large mix of clients and need the non-windows clients to > update DNS via DHCPD, then using the script found in the following > link might be useful. > > http://blog.michael.kuron-germany.de/2011/02/isc-dhcpd-dynamic-dns-updates-against-secure-microsoft-dns/
Andreas Oster
2013-Apr-09 08:49 UTC
[Samba] (D)DNS Updates with GNU/Linux clients in a samba 4 AD environment (BIND_DLZ)
Am 09.04.2013 10:09, schrieb Olivier BILHAUT:> Hi ! > > I bounce on the Mr Sloop's post ([Samba] DDNS / DHCPd && Internal DNS or > BIND_DLZ) to ask what's the easiest way to allow Linux clients to update > themself their DNS record in the Samba4 AD server (with BIND_DLZ Dns > server). > > It works well with windows clients, but with Linux clients joined to the > domain, with a valid Kerberos ticket, the client receive a error > "ERROR_DNS_INVALID_MESSAGE" and the famous "DNS update failed!" message. > > Is there a hack ? Thanks in advance. > -- > Olivier > > > Le 08/04/2013 20:00, samba-request at lists.samba.org a ?crit : >> Summary: If your clients are Windows clients, just leave things as >> is... they will handle updating DNS records in EITHER the internal DNS or >> BIND_DLZ server without any special hacks or scripts to handle it. >> >> If you have a large mix of clients and need the non-windows clients to >> update DNS via DHCPD, then using the script found in the following >> link might be useful. >> >> http://blog.michael.kuron-germany.de/2011/02/isc-dhcpd-dynamic-dns-updates-against-secure-microsoft-dns/ >> >Hi Oliver, I am using the modified by Charles Tryon which you find here: http://blog.michael.kuron-germany.de/2011/02/isc-dhcpd-dynamic-dns-updates-against-secure-microsoft-dns/ To prevent those DNS update failures I have split my IP range into several smaller pieces and made sure that Windows machines, which do their own DNS updates, get IPs from a different IP range than other machines (Linux, Android, IP-Phones ...). I also changed the script a little to prevent ddns updates by the DHCP daemon for the Windows PCs. In our case this is not a problem as our Windows PCs have distinct names and I could easily create classes in dhcpd.conf using those names. best regards Andreas