(please reply to the list)
If the record does not exist, then you have an other problem.
Because samba does support this :
cat /var/lib/samba/private/named.conf.update
/* this file is auto-generated - do not edit */
update-policy {
grant INTERNAL.DOMAIN.TLD ms-self * A AAAA;
grant Administrator at INTERNAL.DOMAIN.TLD wildcard * A AAAA SRV CNAME;
grant DC1$@internal.domain.tld wildcard * A AAAA SRV CNAME;
grant DC2$@internal.domain.tld wildcard * A AAAA SRV CNAME;
};
> -----Oorspronkelijk bericht-----
> Van: Aki Tuomi [mailto:cmouse at cmouse.fi]
> Verzonden: dinsdag 8 september 2015 9:59
> Aan: L.P.H. van Belle
> Onderwerp: Re: [Samba] Problem with dynamic DNS
>
> Unfortunately that DNS record does not exist.
>
> Aki
>
> On Tue, Sep 08, 2015 at 09:53:45AM +0200, L.P.H. van Belle wrote:
> > What happens if you remove the dns records and you restart your pc.
> > That solved this problem for me.
> >
> > Greetz,
> >
> > Louis
> >
> >
> >
> > > -----Oorspronkelijk bericht-----
> > > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Aki
Tuomi
> > > Verzonden: dinsdag 8 september 2015 9:33
> > > Aan: samba at lists.samba.org
> > > Onderwerp: [Samba] Problem with dynamic DNS
> > >
> > > Hi!
> > >
> > > We are facing problems with Windows 10 and dynamic DNS. The
problem is
> > > that
> > > samba_dlz prevents AAAA deletion. Can we permit AAAA somehow or
fix
> this?
> > >
> > > Disabling IPv6 and removing IPv6 driver from interface made no
> difference
> > > whatsoever. This works on Windows 7 just fine.
> > >
> > > Samba version: 4.1.6-Ubuntu
> > >
> > > We see the following with wireshark:
> > >
> > > Domain Name System (query)
> > > Transaction ID: 0x8aa4
> > > Flags: 0x2800 Dynamic update
> > > 0... .... .... .... = Response: Message is a query
> > > .010 1... .... .... = Opcode: Dynamic update (5)
> > > .... ..0. .... .... = Truncated: Message is not truncated
> > > .... ...0 .... .... = Recursion desired: Don't do
query
> > > recursively
> > > .... .... .0.. .... = Z: reserved (0)
> > > .... .... ...0 .... = Non-authenticated data:
Unacceptable
> > > Zones: 1
> > > Prerequisites: 1
> > > Updates: 3
> > > Additional RRs: 1
> > > Zone
> > > gwad.fi: type SOA, class IN
> > > Name: gwad.fi
> > > Type: SOA (Start of zone of authority)
> > > Class: IN (0x0001)
> > > Prerequisites
> > > GW-PC03.gwad.fi: type CNAME, class NONE
> > > Name: GW-PC03.gwad.fi
> > > Type: CNAME (Canonical name for an alias)
> > > Class: NONE (0x00fe)
> > > Time to live: 0 seconds
> > > Data length: 0
> > > Updates
> > > GW-PC03.gwad.fi: type AAAA, class ANY
> > > Name: GW-PC03.gwad.fi
> > > Type: AAAA (IPv6 address)
> > > Class: ANY (0x00ff)
> > > Time to live: 0 seconds
> > > Data length: 0
> > > GW-PC03.gwad.fi: type A, class ANY
> > > Name: GW-PC03.gwad.fi
> > > Type: A (Host address)
> > > Class: ANY (0x00ff)
> > > Time to live: 0 seconds
> > > Data length: 0
> > > GW-PC03.gwad.fi: type A, class IN, addr 10.132.2.103
> > > Name: GW-PC03.gwad.fi
> > > Type: A (Host address)
> > > Class: IN (0x0001)
> > > Time to live: 20 minutes
> > > Data length: 4
> > > Addr: 10.132.2.103 (10.132.2.103)
> > > Additional records
> > > 1180-ms-7.2-3c5a3.9620e2ee-55f9-11e5-d29b-14dae91532dd:
type
> TSIG,
> > > class ANY
> > > Name: 1180-ms-7.2-3c5a3.9620e2ee-55f9-11e5-d29b-
> 14dae91532dd
> > > Type: TSIG (Transaction Signature)
> > > Class: ANY (0x00ff)
> > > Time to live: 0 seconds
> > > Data length: 54
> > > Algorithm Name: gss-tsig
> > > Time signed: Sep 8, 2015 10:23:18.000000000 EEST
> > > Fudge: 36000
> > > MAC Size: 28
> > > MAC
> > > No dissector for algorithm:gss-tsig
> > > Original Id: 35492
> > > Error: No error (0)
> > > Other Len: 0
> > >
> > >
> > > And this in syslog:
> > >
> > > Sep 8 10:24:57 gw-dc01 named[14101]: samba_dlz: starting
transaction
> on
> > > zone gwad.fi
> > > Sep 8 10:24:57 gw-dc01 named[14101]: samba_dlz: disallowing
update of
> > > signer=gw-pc03\$\@GWAD.FI name=GW-PC03.gwad.fi type=AAAA
> > > error=insufficient access rights
> > > Sep 8 10:24:57 gw-dc01 named[14101]: client
10.132.2.103#49508/key
> gw-
> > > pc03\$\@GWAD.FI: updating zone 'gwad.fi/NONE': update
failed: rejected
> by
> > > secure update (REFUSED)
> > > Sep 8 10:24:57 gw-dc01 named[14101]: samba_dlz: cancelling
> transaction on
> > > zone gwad.fi
> > >
> > > Kind regards
> > > Aki Tuomi
> > >
> > > --
> > > To unsubscribe from this list go to the following URL and read
the
> > > instructions: https://lists.samba.org/mailman/options/samba
> >
> >
Yeah. I have that setting, but for some reason samba refuses to accept the AAAA *deletion* request (probably because it does not exist). It differs from Win7 which only sends A delete + add. And as I said, the windows 7 workstation has no issues with this. Aki On Tue, Sep 08, 2015 at 10:03:56AM +0200, L.P.H. van Belle wrote:> (please reply to the list) > > If the record does not exist, then you have an other problem. > > Because samba does support this : > > cat /var/lib/samba/private/named.conf.update > /* this file is auto-generated - do not edit */ > update-policy { > grant INTERNAL.DOMAIN.TLD ms-self * A AAAA; > grant Administrator at INTERNAL.DOMAIN.TLD wildcard * A AAAA SRV CNAME; > grant DC1$@internal.domain.tld wildcard * A AAAA SRV CNAME; > grant DC2$@internal.domain.tld wildcard * A AAAA SRV CNAME; > }; >
Did you add the user that adds the dns setting in the dnsadmins group in the ad?> -----Oorspronkelijk bericht----- > Van: Aki Tuomi [mailto:cmouse at cmouse.fi] > Verzonden: dinsdag 8 september 2015 10:08 > Aan: L.P.H. van Belle > CC: samba at lists.samba.org > Onderwerp: Re: [Samba] Problem with dynamic DNS > > Yeah. I have that setting, but for some reason samba refuses to accept the > AAAA *deletion* request (probably because it does not exist). > > It differs from Win7 which only sends A delete + add. And as I said, the > windows 7 > workstation has no issues with this. > > Aki > > On Tue, Sep 08, 2015 at 10:03:56AM +0200, L.P.H. van Belle wrote: > > (please reply to the list) > > > > If the record does not exist, then you have an other problem. > > > > Because samba does support this : > > > > cat /var/lib/samba/private/named.conf.update > > /* this file is auto-generated - do not edit */ > > update-policy { > > grant INTERNAL.DOMAIN.TLD ms-self * A AAAA; > > grant Administrator at INTERNAL.DOMAIN.TLD wildcard * A AAAA SRV > CNAME; > > grant DC1$@internal.domain.tld wildcard * A AAAA SRV CNAME; > > grant DC2$@internal.domain.tld wildcard * A AAAA SRV CNAME; > > }; > >
Why would I do that? This is a *computer* not *user* adding the record. It is supposed to match the "grant INTERNAL.DOMAIN.TLD ms-self * A AAAA;" rule but it does not. For some mystical reason. Aki On Tue, Sep 08, 2015 at 10:18:03AM +0200, L.P.H. van Belle wrote:> Did you add the user that adds the dns setting in the dnsadmins group in the ad? > > > > > -----Oorspronkelijk bericht----- > > Van: Aki Tuomi [mailto:cmouse at cmouse.fi] > > Verzonden: dinsdag 8 september 2015 10:08 > > Aan: L.P.H. van Belle > > CC: samba at lists.samba.org > > Onderwerp: Re: [Samba] Problem with dynamic DNS > > > > Yeah. I have that setting, but for some reason samba refuses to accept the > > AAAA *deletion* request (probably because it does not exist). > > > > It differs from Win7 which only sends A delete + add. And as I said, the > > windows 7 > > workstation has no issues with this. > > > > Aki > > > > On Tue, Sep 08, 2015 at 10:03:56AM +0200, L.P.H. van Belle wrote: > > > (please reply to the list) > > > > > > If the record does not exist, then you have an other problem. > > > > > > Because samba does support this : > > > > > > cat /var/lib/samba/private/named.conf.update > > > /* this file is auto-generated - do not edit */ > > > update-policy { > > > grant INTERNAL.DOMAIN.TLD ms-self * A AAAA; > > > grant Administrator at INTERNAL.DOMAIN.TLD wildcard * A AAAA SRV > > CNAME; > > > grant DC1$@internal.domain.tld wildcard * A AAAA SRV CNAME; > > > grant DC2$@internal.domain.tld wildcard * A AAAA SRV CNAME; > > > }; > > > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
On 09/08/2015 04:03 AM, L.P.H. van Belle wrote:> (please reply to the list) > > If the record does not exist, then you have an other problem. > > Because samba does support this : > > cat /var/lib/samba/private/named.conf.update > /* this file is auto-generated - do not edit */ > update-policy { > grant INTERNAL.DOMAIN.TLD ms-self * A AAAA; > grant Administrator at INTERNAL.DOMAIN.TLD wildcard * A AAAA SRV CNAME; > grant DC1$@internal.domain.tld wildcard * A AAAA SRV CNAME; > grant DC2$@internal.domain.tld wildcard * A AAAA SRV CNAME; > };I am reading the wiki that this is only used with Bind 9.7. As I have Bind 9.9, I do not use this. Correct? Just proofreading the wiki here. ;)
On 08/09/15 14:15, Robert Moskowitz wrote:> > > On 09/08/2015 04:03 AM, L.P.H. van Belle wrote: >> (please reply to the list) >> >> If the record does not exist, then you have an other problem. >> >> Because samba does support this : >> >> cat /var/lib/samba/private/named.conf.update >> /* this file is auto-generated - do not edit */ >> update-policy { >> grant INTERNAL.DOMAIN.TLD ms-self * A AAAA; >> grant Administrator at INTERNAL.DOMAIN.TLD wildcard * A AAAA >> SRV CNAME; >> grant DC1$@internal.domain.tld wildcard * A AAAA SRV CNAME; >> grant DC2$@internal.domain.tld wildcard * A AAAA SRV CNAME; >> }; > > I am reading the wiki that this is only used with Bind 9.7. As I have > Bind 9.9, I do not use this. > > Correct? > > Just proofreading the wiki here. ;) > > >Correct to both Rowland