What's the recommended method for handling dynamic DNS updates? via Kerberos, DHCP scripts, or both? I'm currently doing both (I think), but Windows 2012R2 clients sometimes complain about not being able to update since it's been done by the DHCP script (and the DNS record is owned by the DHCP user). However, a bigger issue is that I've seen the scripts REMOVE an entry upon update, but not add it back. I'd like to have Clients update their own records, especially since I have some static Windows machines. But I'd also like to have other network devices in DNS (UPS/Printers, etc.). Any tips to make this happen? Thanks, -Kris Kris Lou klou at themusiclink.net
On Tue, 1 Jan 2019 01:02:48 -0800 Kris Lou via samba <samba at lists.samba.org> wrote:> What's the recommended method for handling dynamic DNS updates? via > Kerberos, DHCP scripts, or both? > > I'm currently doing both (I think), but Windows 2012R2 clients > sometimes complain about not being able to update since it's been > done by the DHCP script (and the DNS record is owned by the DHCP > user). However, a bigger issue is that I've seen the scripts REMOVE > an entry upon update, but not add it back. > > I'd like to have Clients update their own records, especially since I > have some static Windows machines. But I'd also like to have other > network devices in DNS (UPS/Printers, etc.). Any tips to make this > happen? >If you want your clients to update their own records, then let them, but be aware that any Unix clients will not even try. Static dns records are just that, static and they usually do not get updated, they are also usually outside the dhcp pool. I do not know what dhcp script you are using, but, if you are using a script, you must stop windows clients trying to update their own records. Rowland
Nico Kadel-Garcia
2019-Jan-01 14:50 UTC
[Samba] Dynamic DNS tips? (Samba 4.8.x + Bind9_DLZ)
On Tue, Jan 1, 2019 at 4:19 AM Rowland Penny via samba <samba at lists.samba.org> wrote:> > On Tue, 1 Jan 2019 01:02:48 -0800 > Kris Lou via samba <samba at lists.samba.org> wrote: > > > What's the recommended method for handling dynamic DNS updates? via > > Kerberos, DHCP scripts, or both? > > > > I'm currently doing both (I think), but Windows 2012R2 clients > > sometimes complain about not being able to update since it's been > > done by the DHCP script (and the DNS record is owned by the DHCP > > user). However, a bigger issue is that I've seen the scripts REMOVE > > an entry upon update, but not add it back. > > > > I'd like to have Clients update their own records, especially since I > > have some static Windows machines. But I'd also like to have other > > network devices in DNS (UPS/Printers, etc.). Any tips to make this > > happen? > >DHCP reservations are my friend. Get the MAC address of the devices, load them for particular IP addresses in your local DHCP servers, and publish DNS records to go with them. Devices that are not registered get into a much smaller DHCP pool, which can be audited for unregistered devices and notify our faithful narrator to hunt them down and identify them.> If you want your clients to update their own records, then let them, > but be aware that any Unix clients will not even try.Well, they can try. It takes some configuration and thought to do so reliably and securely.> Static dns records are just that, static and they usually do not get > updated, they are also usually outside the dhcp pool. > > I do not know what dhcp script you are using, but, if you are using a > script, you must stop windows clients trying to update their own > records. > > Rowland > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba