samba - May 2013 - Samba 4 ADDC. Dynamic DNS updates from Windows clients.

I'm currently testing samba 4, and I've come across a problem which I
can't
seem to find an answer for.

I have one samba 4 ADDC running on a Centos 6 container, compiled from the
latest stable source release and setup as per the samba wiki. I'm running
the internal DNS server.

DHCP is provided to the network by an openwrt router. The router is
configured to hand out the DNS server details of the ADDC.

I have joined a windows 8 virtual machine to the domain, it gets an IP
address from the router, but internal DNS running on the ADDC doesn't seem
to add an A record for my windows client.

I've tried running ipconfig /registerdns on the win client but get an
unable to update DNS error.

I'm sure I'm missing something here. Can anybody help?

Thanks in advance,

Chris

Figured it out.

It seems that OOTB the security permissions on the Internal DNS server
don't allow domain-joined clients to update records.

As a test I gave a client 'Full Control' access to the forward lookup
zone
for my test domain and it was able to update its own record.

I'll now find the appropriate security permissions for doing this.

Cheers,

Chris

So I gave 'Domain Computers' group the READ and CREATE ALL CHILD OBJECTS
permission on the forward lookup zone.

Doing an ipconfig /renew on Windows 8 does not create an A record. Doing an
ipconfig /registerdns does however create a new record. Hooray. I wonder if
I just need to turn on dynamic updates in Group Policy to force this
behaviour at interface renew/boot etc? Will experiment later after sorting
out the various other problems!

I then attempted to change the IP Address on the Win 8 client and re-ran
ipconfig /registerdns. This time it did not update the DNS A record.
#FacePalm.

The Windows Event logs shows

EventID 8016
The system failed to register host resource records for network adapter
with settings...

The reason the system could not register these RRs was because the DNS
server failed the update request. The most likely cause of this is that the
authoritative DNS server required to process this update request has a lock
in place on the zone, probably because a zone transfer is in progress.

I'm going to have to stop hammering away at this problem for a while
because I've had enough! Hopefully somebody here will be able to give me
some inspiring advice. :-)

Should setting up dynamic DNS updates for Windows clients be this hard?
Have I done something completely wrong?

Cheers,

Chris

> I then attempted to change the IP Address on the Win 8 client and re-ran
>
> ipconfig /registerdns. This time it did not update the DNS A record.
>
> #FacePalm.
This looks like bug 9559. Here's the link to the Bugzilla report.
https://bugzilla.samba.org/show_bug.cgi?id=9559
I'm not sure when it'll be addressed, but there's a few people
(including
me) that have the same issue. There's a few options available to get around
this, but thats if you don't mind using BIND.