I'm trying to troubleshoot why our workstations have stopped dynamically registering their ip addresses in our AD using bind_dlz setup. It worked for a couple of months and now does not. I realized I have a basic question about how it is supposed to work. Do the workstations (after getting a dynamic address from the dhcpd server) contact the AD DC directly with the information? Or does dhcpd register the address with bind and then bind notifies the DC? If it is dhcpd -> bind -> DC, then can someone show a sample dhcpd.conf file? This is samba 4.4.5 and bind 9.9. Thanks,
On Mon, 19 Dec 2016 12:25:29 -0800 Mark Nienberg via samba <samba at lists.samba.org> wrote:> I'm trying to troubleshoot why our workstations have stopped > dynamically registering their ip addresses in our AD using bind_dlz > setup. It worked for a couple of months and now does not. I realized > I have a basic question about how it is supposed to work. > > Do the workstations (after getting a dynamic address from the dhcpd > server) contact the AD DC directly with the information? Or does > dhcpd register the address with bind and then bind notifies the DC? > > If it is dhcpd -> bind -> DC, then can someone show a sample > dhcpd.conf file? > > This is samba 4.4.5 and bind 9.9. > > Thanks,It could be either ;-) Unless you have set up dhcp to do it for you and Samba AD, bind and dhcp are running on the same DC, it will be your clients that try to update their own records. Try looking in the logs.
Hi Mark, Am 19.12.2016 um 21:25 schrieb Mark Nienberg via samba:> I'm trying to troubleshoot why our workstations have stopped dynamically > registering their ip addresses in our AD using bind_dlz setup. It worked > for a couple of months and now does not. I realized I have a basic question > about how it is supposed to work. > > Do the workstations (after getting a dynamic address from the dhcpd server) > contact the AD DC directly with the information? Or does dhcpd register the > address with bind and then bind notifies the DC? > > If it is dhcpd -> bind -> DC, then can someone show a sample dhcpd.conf > file?The Windows default is that the client tries to register itself in the AD DNS zone. If you haven't disabled the setting on your Windows domain members, it should work. To verify, see: https://wiki.samba.org/index.php/Testing_Dynamic_DNS_Updates Let me know if you have a different problem that is not described in our troubleshooting section and that is not solvable by: https://wiki.samba.org/index.php/BIND9_DLZ_DNS_Back_End#Reconfiguring_the_BIND9_DLZ_Back_End Apart from that, you can configure dhcpd to register the client in the AD DNS zone - but this is not part of Samba and thus not part of our documentation. Regards, Marc
On Mon, 19 Dec 2016 22:21:56 +0100 Marc Muehlfeld via samba <samba at lists.samba.org> wrote:> Hi Mark, > > Am 19.12.2016 um 21:25 schrieb Mark Nienberg via samba: > > I'm trying to troubleshoot why our workstations have stopped > > dynamically registering their ip addresses in our AD using bind_dlz > > setup. It worked for a couple of months and now does not. I > > realized I have a basic question about how it is supposed to work. > > > > Do the workstations (after getting a dynamic address from the dhcpd > > server) contact the AD DC directly with the information? Or does > > dhcpd register the address with bind and then bind notifies the DC? > > > > If it is dhcpd -> bind -> DC, then can someone show a sample > > dhcpd.conf file? > > The Windows default is that the client tries to register itself in the > AD DNS zone. If you haven't disabled the setting on your Windows > domain members, it should work. To verify, see: > https://wiki.samba.org/index.php/Testing_Dynamic_DNS_Updates > > Let me know if you have a different problem that is not described in > our troubleshooting section and that is not solvable by: > https://wiki.samba.org/index.php/BIND9_DLZ_DNS_Back_End#Reconfiguring_the_BIND9_DLZ_Back_End > > Apart from that, you can configure dhcpd to register the client in the > AD DNS zone - but this is not part of Samba and thus not part of our > documentation.You might want to reconsider that statement ;-) Rowland
On Mon, Dec 19, 2016 at 1:21 PM, Marc Muehlfeld <mmuehlfeld at samba.org> wrote:> The Windows default is that the client tries to register itself in the > AD DNS zone. If you haven't disabled the setting on your Windows domain > members, it should work. To verify, see: > https://wiki.samba.org/index.php/Testing_Dynamic_DNS_Updates > >Oh, it doesn't work like either of my ideas! I think I get it now. The dhcpd service is not involved at all. It does not have to be configured for ddns. Rather, the windows workstation notifies the samba server, which in turn runs nsupdate to push the update through bind to the samba ldb files.> Let me know if you have a different problem that is not described in our > troubleshooting section and that is not solvable by: > https://wiki.samba.org/index.php/BIND9_DLZ_DNS_Back_End# > Reconfiguring_the_BIND9_DLZ_Back_End >My tests showed the NOTAUTH problem. My configuration was all fine, so I finally ran "samba_dnsupdate" again as suggested in the wiki, and that fixed it. If I understand correctly, I should also be able to get reverse records to update dynamically if I set up a GPO for it. I'll have a look at that next. Thanks very much for your help,
Reasonably Related Threads
- Dynamic DNS and bind_dlz
- (D)DNS Updates with GNU/Linux clients in a samba 4 AD environment (BIND_DLZ)
- how to allow ISC dhcpd to add/update entries to bind9 with bind_dlz (samba4)
- DNS Update not working after update to 4.5.3
- Internal DNS, update of reverse zone fails