Hi, I have two samba 4.1.14 DCs (two sites) using Bind9.8.2 (DLZ). I'm having problems with DDNS updates. I already confirmed permissions for named on related files/folders and also the firewall. My named.conf looks like these: < options { listen-on port 53 { 127.0.0.1; 10.1.1.150; }; directory "/var/named"; allow-query { any; }; recursion yes; forwarders { 10.1.1.129; }; allow-transfer { "none"; }; allow-update { key ufp.pt; }; bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab"; }; zone "." IN { type hint; file "named.ca"; }; #include "/var/lib/samba/private/named.conf.update"; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key"; include "/var/lib/samba/private/named.conf"; < I have the include for named.conf.update commented because named don't start if it's included (update-policy error). On my smb.conf I already tried to use the lines (without success): < allow dns updates = nonsecure and secure nsupdate command = /usr/bin/nsupdate -g < When I run, via windows, "ipconfig /registerdns" the named.log outputs that the update is denied. Then I create a GPO to force windows hosts to do dynamic updates securely. After that, the denied message don't appear on named.log, but the record is not registered either. I also tested named with these options: < dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto; < Without success. Does anyone have the some, or similar, problem? Regards, Bruno Andrade.