Hi,
I have two samba 4.1.14 DCs (two sites) using Bind9.8.2 (DLZ).
I'm having problems with DDNS updates.
I already confirmed permissions for named on related files/folders and
also the firewall.
My named.conf looks like these:
<
options {
listen-on port 53 { 127.0.0.1; 10.1.1.150; };
directory "/var/named";
allow-query { any; };
recursion yes;
forwarders { 10.1.1.129; };
allow-transfer { "none"; };
allow-update { key ufp.pt; };
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
};
zone "." IN {
type hint;
file "named.ca";
};
#include "/var/lib/samba/private/named.conf.update";
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
include "/var/lib/samba/private/named.conf";
<
I have the include for named.conf.update commented because named don't
start if it's included (update-policy error).
On my smb.conf I already tried to use the lines (without success):
<
allow dns updates = nonsecure and secure
nsupdate command = /usr/bin/nsupdate -g
<
When I run, via windows, "ipconfig /registerdns" the named.log outputs
that the update is denied.
Then I create a GPO to force windows hosts to do dynamic updates
securely. After that, the denied message don't appear on named.log, but
the record is not registered either.
I also tested named with these options:
<
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
<
Without success.
Does anyone have the some, or similar, problem?
Regards,
Bruno Andrade.
