samba - Nov 2013 - samba4.1 RODC with BIND as DNS backend

OK, further to my previous message I've configured BIND, but when I try 
to run samba_dnsupdate I get the following:

Nov 18 16:19:23 sles-shire named[6112]: samba b9_putrr: unhandled record 
type 0
Nov 18 16:19:24 sles-shire named[6112]: samba_dlz: starting transaction 
on zone _msdcs.main.adlab.netdirect.ca
Nov 18 16:19:24 sles-shire named[6112]: samba_dlz: disallowing update of 
signer=SLES-SHIRE\$\@MAIN.ADLAB.NETDIRECT.CA 
name=gc._msdcs.main.adlab.netdirect.ca type=A error=insufficient access 
rights
Nov 18 16:19:24 sles-shire named[6112]: client 10.0.3.11#33090/key 
SLES-SHIRE\$\@MAIN.ADLAB.NETDIRECT.CA: updating zone 
'_msdcs.main.adlab.netdirect.ca/NONE': update failed: rejected by secure
update (REFUSED)
Nov 18 16:19:24 sles-shire named[6112]: samba_dlz: cancelling 
transaction on zone _msdcs.main.adlab.netdirect.ca

I'm guessing that this may have to do with the fact that this is an RODC?

M.

-- 
Michael Brown               | `One of the main causes of the fall of
Systems Consultant          | the Roman Empire was that, lacking zero,
Net Direct Inc.             | they had no way to indicate successful
?: +1 519 883 1172 x5106    | termination of their C programs.' - Firth

On 13-11-18 04:38 PM, Michael Brown wrote:
> I'm guessing that this may have to do with the fact that this is an
RODC?
Looks like I'm probably right.

I just dcpromo'ed a Windows RODC into the environment and it didn't add 
entries into gc._msdcs.

If I comment out:
#A gc._msdcs.${DNSFOREST} $IP
#AAAA gc._msdcs.${DNSFOREST} $IP

then it works, though I still get an error if I don't specify --all-names:

# samba_dnsupdate --all-names
Nov 18 17:21:53 sles-shire named[6112]: samba_dlz: starting transaction 
on zone main.adlab.netdirect.ca
Nov 18 17:21:53 sles-shire named[6112]: samba_dlz: allowing update of 
signer=SLES-SHIRE\$\@MAIN.ADLAB.NETDIRECT.CA 
name=sles-shire.main.adlab.netdirect.ca tcpaddr=10.0.3.11 type=A 
key=3713785057.sig-sles-shire.main.adlab.netdirect.ca/160/0
Nov 18 17:21:53 sles-shire named[6112]: client 10.0.3.11#36010/key 
SLES-SHIRE\$\@MAIN.ADLAB.NETDIRECT.CA: updating zone 
'main.adlab.netdirect.ca/NONE': adding an RR at 
'sles-shire.main.adlab.netdirect.ca' A
Nov 18 17:21:53 sles-shire named[6112]: samba_dlz: committed transaction 
on zone main.adlab.netdirect.ca

# samba_dnsupdate
Nov 18 17:22:21 sles-shire named[6112]: samba b9_putrr: unhandled record 
type 0

What should I do about the b9_putrr error?

M.

-- 
Michael Brown               | `One of the main causes of the fall of
Systems Consultant          | the Roman Empire was that, lacking zero,
Net Direct Inc.             | they had no way to indicate successful
?: +1 519 883 1172 x5106    | termination of their C programs.' - Firth