samba - Jan 2019 - samba_dnsupdate options: --use-samba-tool vs. --use-nsupdate, and dhcpd dynamic updates

PRIOR THREAD: https://lists.samba.org/archive/samba/2019-January/220292.html

In the  referenced prior thread, I had an issue of samba_dnsupdate --verbose
--all-names causing a dns_tkey_gssnegotiate: TKEY is unacceptable error.

Ultimately, the solution kindly provided by Rowland was to insert dns update
command = /usr/local/samba/sbin/samba_dnsupdate --use-samba-tool into the
[global] section of the smb.conf file.

I am now having a similar issue with dhcpd dynamic updates, though. In addition
to solving that problem, however, and at least suspecting some relationship
between the two, I am first curious about the prior solution.

Why was it necessary to select the --use-samba-tool vs. --use-nsupdate option,
and what is happening as a result of this selection? (I looked at the dns-update
script, but promise that I am too dense to figure this all out in the time I
have left to get these servers running -- yes, the secondary DC is right behind
this mess.)

As to the current issue, I am attemting to configure DHCP to update DNS records
with BIND9, as outlined in the Samba Wiki (with correction of a couple errors in
the "on release" and "on expiry" sections of the example
dhcpd.conf file).

As some background, the following script and configuration was working fine in
the prior incarnation of the DC. In that version, however, the Kerberos
enablement of the nambed.conf file wrongly included:

tkey-gssapi-keytab "/usr/local/samba/bind-dns/dns.keytab";

as opposed to:

tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab";

This change precipitated the prior issue, and I would guess should be
considered, in addition to the smb.conf change, in addressing the current
issue.==================================  CURRENT SMB.CONF
  /usr/local/samba/etc/smb.conf
==================================[global]
        bind interfaces only = Yes
        interfaces = lo eno1
        netbios name = DC01
        realm = CORP.<DOMAIN>.COM
        server role = active directory domain controller
        server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
winbindd, ntp_signd, kcc, dnsupdate
        workgroup = CORP
        idmap_ldb:use rfc2307 = yes
        dns update command = /usr/local/samba/sbin/samba_dnsupdate
--use-samba-tool
[netlogon]
        path = /usr/local/samba/var/locks/sysvol/corp.<DOMAIN>.com/scripts
        read only = No
[sysvol]
        path = /usr/local/samba/var/locks/sysvol
        read only = No

==================================  CURRENT DHCPD.CONF
  /etc/dhcp/dhcpd.conf
==================================authoritative;
ddns-update-style none;
option domain-name "corp.<DOMAIN>.com";
option domain-name-servers 172.20.10.130;
option ntp-servers 172.20.10.130;
option broadcast-address 172.20.10.255;
option routers 172.20.10.129;
option netbios-name-servers 172.20.10.130;
option time-offset 0;

subnet 172.20.10.128 netmask 255.255.255.128 {
  option subnet-mask 255.255.255.128;
  pool {
    range 172.20.10.165 172.20.10.229;
    default-lease-time 43200;
    max-lease-time 86400;
  }
}
on commit {
set noname = concat("dhcp-", binary-to-ascii(10, 8, "-",
leased-address));
set ClientIP = binary-to-ascii(10, 8, ".", leased-address);
set ClientDHCID = binary-to-ascii(16, 8, ":", hardware);
set ClientName = pick-first-value(option host-name, config-option-host-name,
client-name, noname);
log(concat("Commit: IP: ", ClientIP, " DHCID: ",
ClientDHCID, " Name: ", ClientName));
execute("/usr/local/bin/dhcp-dyndns.sh", "add", ClientIP,
ClientDHCID, ClientName);
}
on release {
set ClientIP = binary-to-ascii(10, 8, ".", leased-address);
set ClientDHCID = binary-to-ascii(16, 8, ":", hardware);
log(concat("Release: IP: ", ClientIP));
execute("/usr/local/bin/dhcp-dyndns.sh", "delete", ClientIP,
ClientDHCID, "");
}
on expiry {
set ClientIP = binary-to-ascii(10, 8, ".", leased-address);
log(concat("Expired: IP: ", ClientIP));
execute("/usr/local/bin/dhcp-dyndns.sh", "delete", ClientIP,
"0", "");
}
==================================  CURRENT DHCP-DYNDNS.SH
  /usr/local/bin/dhcp-dyndns.sh
==================================#!/bin/bash
# /usr/local/bin/dhcp-dyndns.sh
# Additional nsupdate flags (-g already applied), e.g. "-d" for debug
NSUPDFLAGS="-d"
# krbcc ticket cache
export KRB5CCNAME="/tmp/dhcp-dyndns.cc"
# Variables supplied by dhcpd.conf
action=$1
ip=$2
DHCID=$3
name=${4%%.*}
# Check for valid kerberos ticket

_KERBEROS () {

klist -c /tmp/dhcp-dyndns.cc -s
if [ "$?" != "0" ]; then
    kinit -F -k -t /etc/dhcpduser.keytab -c /tmp/dhcp-dyndns.cc "dhcpduser
at CORP.<DOMAIN>.COM"
    if [ "$?" != "0" ]; then
        exit 1;
    fi
fi
}
# Exit if no ip address or mac-address
if [ -z "${ip}" ] || [ -z "${DHCID}" ]; then
    exit 1;
fi
# Exit if no computer name supplied, unless the action is 'delete'
if [ "${name}" = "" ]; then
    if [ "${action}" = "delete" ]; then
        name=$(host -t PTR "${ip}" | awk '{print $NF}' | awk
-F '.' '{print $1}')
    else
        exit 1;
    fi
fi
# Set PTR address
ptr=$(echo ${ip} | awk -F '.' '{print
$4"."$3"."$2"."$1".in-addr.arpa"}')
## nsupdate ##

case "${action}" in
add)
_KERBEROS
nsupdate -g ${NSUPDFLAGS} << UPDATE
server 127.0.0.1
realm CORP.<DOMAIN>.COM
update delete ${name}.corp.<DOMAIN>.com 3600 A
update add ${name}.corp.<DOMAIN>.com 3600 A ${ip}
send
UPDATE
nsupdate -g ${NSUPDFLAGS} << UPDATE
server 127.0.0.1
realm CORP.<DOMAIN>.COM
update delete ${ptr} 3600 PTR
update add ${ptr} 3600 PTR ${name}.corp.<DOMAIN>.com
send
UPDATE
;;
delete)
_KERBEROS
nsupdate -g ${NSUPDFLAGS} << UPDATE
server 127.0.0.1
realm CORP.<DOMAIN>.COM
update delete ${name}.corp.<DOMAIN>.com 3600 A
send
UPDATE
nsupdate -g ${NSUPDFLAGS} << UPDATE
server 127.0.0.1
realm CORP.<DOMAIN>.COM
update delete ${ptr} 3600 PTR
send
UPDATE
;;
*)

exit 1

;;
esac
exit 0
==================================  THE DCHP DNS UPDATE USER
==================================Create update user
  $ sudo samba-tool user create dhcpduser --description="Unprivileged user
for TSIG-GSSAPI DNS updates via ISC DHCP server" --random-password
    User 'dhcpduser' created successfully
Set dhcpduser account to never expire:
  $ sudo samba-tool user setexpiry --noexpiry dhcpduser
    Expiry for user 'dhcpduser' disabled.
Add dhcpduser user to the DnsAdmins group
  $ sudo samba-tool group addmembers DnsAdmins dhcpduser
    Added members to group DnsAdmins
Export the required keytab
  Determine dhcpd user and group
    $ ps aux | grep dhcpd
      USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
      dhcpd     1280  0.0  0.0  45148 15612 ?        Ss   16:16   0:00 dhcpd
-user dhcpd -group dhcpd -f -4 -pf /run/dhcp-server/dhcpd.pid -cf
/etc/dhcp/dhcpd.conf
  Export keytab
    $ sudo samba-tool domain exportkeytab --principal=dhcpduser at
CORP.<DOMAIN>.COM /etc/dhcpduser.keytab
      Export one principal to /etc/dhcpduser.keytab
  Set permissions
    $ sudo chown dhcpd:dhcpd  /etc/dhcpduser.keytab
    $ sudo chmod 400 /etc/dhcpduser.keytab    $ sudo ls -la
/etc/dhcpduser.keytab      -r-------- 1 dhcpd dhcpd 347 Jan  9 16:20
/etc/dhcpduser.keytab
==================================  ERRORS
==================================Jan 10 12:41:45 dc01 dhcpd[5099]: Commit: IP:
172.20.10.165 DHCID: 1:d4:be:d9:22:9f:7d Name: mgmt01
Jan 10 12:41:45 dc01 dhcpd[5099]: execute_statement argv[0] =
/usr/local/bin/dhcp-dyndns.sh
Jan 10 12:41:45 dc01 dhcpd[5099]: execute_statement argv[1] = add
Jan 10 12:41:45 dc01 dhcpd[5099]: execute_statement argv[2] = 172.20.10.165
Jan 10 12:41:45 dc01 dhcpd[5099]: execute_statement argv[3] =
1:d4:be:d9:22:9f:7d
Jan 10 12:41:45 dc01 dhcpd[5099]: execute_statement argv[4] = mgmt01
Jan 10 12:41:45 dc01 sh[5099]: Reply from SOA query:
Jan 10 12:41:45 dc01 sh[5099]: ;; ->>HEADER<<- opcode: QUERY,
status: NXDOMAIN, id:  14904
Jan 10 12:41:45 dc01 sh[5099]: ;; flags: qr aa ra; QUESTION: 1, ANSWER: 0,
AUTHORITY: 1, ADDITIONAL: 0
Jan 10 12:41:45 dc01 sh[5099]: ;; QUESTION SECTION:
Jan 10 12:41:45 dc01 sh[5099]: ;mgmt01.corp.<DOMAIN>.com.               
IN        SOA
Jan 10 12:41:45 dc01 sh[5099]: ;; AUTHORITY SECTION:
Jan 10 12:41:45 dc01 sh[5099]: corp.<DOMAIN>.com.                0       
IN        SOA        dc01.corp.<DOMAIN>.com.
hostmaster.corp.<DOMAIN>.com. 38 900 600 86400 3600
Jan 10 12:41:45 dc01 sh[5099]: Found zone name: corp.<DOMAIN>.com
Jan 10 12:41:45 dc01 sh[5099]: The master is: dc01.corp.<DOMAIN>.com
Jan 10 12:41:45 dc01 sh[5099]: start_gssrequest
Jan 10 12:41:45 dc01 sh[5099]: send_gssrequest
Jan 10 12:41:45 dc01 sh[5099]: Outgoing update query:
Jan 10 12:41:45 dc01 sh[5099]: ;; ->>HEADER<<- opcode: QUERY,
status: NOERROR, id:  37508
Jan 10 12:41:45 dc01 sh[5099]: ;; flags:; QUESTION: 1, ANSWER: 0, AUTHORITY: 0,
ADDITIONAL: 1
Jan 10 12:41:45 dc01 sh[5099]: ;; QUESTION SECTION:
Jan 10 12:41:45 dc01 sh[5099]: ;2880862545.sig-dc01.corp.<DOMAIN>.com.
ANY        TKEY
Jan 10 12:41:45 dc01 sh[5099]: ;; ADDITIONAL SECTION:
Jan 10 12:41:45 dc01 sh[5099]: 2880862545.sig-dc01.corp.<DOMAIN>.com. 0
ANY TKEY        gss-tsig. 1547145705 1547145705 3 NOERROR 1397
YIIFcQYGKwYBBQUCoIIFZTCCBWGgDTALBgkqhkiG9xIBAgKiggVOBIIF
SmCCBUYGCSqGSIb3EgECAgEAboIFNTCCBTGgAwIBBaEDAgEOo
Jan 10 12:41:45 dc01 sh[5099]: recvmsg reply from GSS-TSIG query
Jan 10 12:41:45 dc01 sh[5099]: ;; ->>HEADER<<- opcode: QUERY,
status: NOERROR, id:  37508
Jan 10 12:41:45 dc01 sh[5099]: ;; flags: qr ra; QUESTION: 1, ANSWER: 1,
AUTHORITY: 0, ADDITIONAL: 0
Jan 10 12:41:45 dc01 sh[5099]: ;; QUESTION SECTION:
Jan 10 12:41:45 dc01 sh[5099]: ;2880862545.sig-dc01.corp.<DOMAIN>.com.
ANY        TKEY
Jan 10 12:41:45 dc01 sh[5099]: ;; ANSWER SECTION:
Jan 10 12:41:45 dc01 sh[5099]: 2880862545.sig-dc01.corp.<DOMAIN>.com. 0
ANY TKEY        gss-tsig. 0 0 3 BADKEY 0  0
Jan 10 12:41:45 dc01 sh[5099]: dns_tkey_gssnegotiate: TKEY is unacceptable
Jan 10 12:41:45 dc01 sh[5099]: Reply from SOA query:
Jan 10 12:41:45 dc01 sh[5099]: ;; ->>HEADER<<- opcode: QUERY,
status: NXDOMAIN, id:  48142
Jan 10 12:41:45 dc01 sh[5099]: ;; flags: qr aa ra; QUESTION: 1, ANSWER: 0,
AUTHORITY: 1, ADDITIONAL: 0
Jan 10 12:41:45 dc01 sh[5099]: ;; QUESTION SECTION:
Jan 10 12:41:45 dc01 sh[5099]: ;165.10.20.172.in-addr.arpa.        IN        SOA
Jan 10 12:41:45 dc01 sh[5099]: ;; AUTHORITY SECTION:
Jan 10 12:41:45 dc01 sh[5099]: 10.20.172.in-addr.arpa.        0        IN       
SOA        dc01.corp.<DOMAIN>.com. hostmaster.corp.<DOMAIN>.com. 2
900 600 86400 3600
Jan 10 12:41:45 dc01 sh[5099]: Found zone name: 10.20.172.in-addr.arpa
Jan 10 12:41:45 dc01 sh[5099]: The master is: dc01.corp.<DOMAIN>.com
Jan 10 12:41:45 dc01 sh[5099]: start_gssrequest
Jan 10 12:41:45 dc01 sh[5099]: send_gssrequest
Jan 10 12:41:45 dc01 sh[5099]: Outgoing update query:
Jan 10 12:41:45 dc01 sh[5099]: ;; ->>HEADER<<- opcode: QUERY,
status: NOERROR, id:  39103
Jan 10 12:41:45 dc01 sh[5099]: ;; flags:; QUESTION: 1, ANSWER: 0, AUTHORITY: 0,
ADDITIONAL: 1
Jan 10 12:41:45 dc01 sh[5099]: ;; QUESTION SECTION:
Jan 10 12:41:45 dc01 sh[5099]: ;3162717331.sig-dc01.corp.<DOMAIN>.com.
ANY        TKEY
Jan 10 12:41:45 dc01 sh[5099]: ;; ADDITIONAL SECTION:
Jan 10 12:41:45 dc01 sh[5099]: 3162717331.sig-dc01.corp.<DOMAIN>.com. 0
ANY TKEY        gss-tsig. 1547145705 1547145705 3 NOERROR 1397
YIIFcQYGKwYBBQUCoIIFZTCCBWGgDTALBgkqhkiG9xIBAgKiggVOBIIF
SmCCBUYGCSqGSIb3EgECAgEAboIFNTCCBTGgAwIBBaEDAgEOo
Jan 10 12:41:45 dc01 sh[5099]: recvmsg reply from GSS-TSIG query
Jan 10 12:41:45 dc01 sh[5099]: ;; ->>HEADER<<- opcode: QUERY,
status: NOERROR, id:  39103
Jan 10 12:41:45 dc01 sh[5099]: ;; flags: qr ra; QUESTION: 1, ANSWER: 1,
AUTHORITY: 0, ADDITIONAL: 0
Jan 10 12:41:45 dc01 sh[5099]: ;; QUESTION SECTION:
Jan 10 12:41:45 dc01 sh[5099]: ;3162717331.sig-dc01.corp.<DOMAIN>.com.
ANY        TKEY
Jan 10 12:41:45 dc01 sh[5099]: ;; ANSWER SECTION:
Jan 10 12:41:45 dc01 sh[5099]: 3162717331.sig-dc01.corp.<DOMAIN>.com. 0
ANY TKEY        gss-tsig. 0 0 3 BADKEY 0  0
Jan 10 12:41:45 dc01 sh[5099]: dns_tkey_gssnegotiate: TKEY is unacceptable
Jan 10 12:41:45 dc01 dhcpd[5099]: DHCPREQUEST for 172.20.10.165 from
d4:be:d9:22:9f:7d via eno1
Jan 10 12:41:45 dc01 dhcpd[5099]: DHCPACK on 172.20.10.165 to d4:be:d9:22:9f:7d
(mgmt01) via eno1

On Thu, 10 Jan 2019 19:09:01 +0000 (UTC)
Billy Bob via samba <samba at lists.samba.org> wrote:
> I am now having a similar issue with dhcpd dynamic updates, though.
> In addition to solving that problem, however, and at least suspecting
> some relationship between the two, I am first curious about the prior
> solution.
There is no connection.
> 
> Why was it necessary to select the --use-samba-tool vs.
> --use-nsupdate option, and what is happening as a result of this
> selection? (I looked at the dns-update script, but promise that I am
> too dense to figure this all out in the time I have left to get these
> servers running -- yes, the secondary DC is right behind this mess.)
If you use samba-tool it does the update over RPC instead of DNS
> 
> As to the current issue, I am attemting to configure DHCP to update
> DNS records with BIND9, as outlined in the Samba Wiki (with
> correction of a couple errors in the "on release" and "on
expiry"
> sections of the example dhcpd.conf file).
What errors ?
> 
> As some background, the following script and configuration was
> working fine in the prior incarnation of the DC. In that version,
> however, the Kerberos enablement of the nambed.conf file wrongly
> included:
> 
> tkey-gssapi-keytab "/usr/local/samba/bind-dns/dns.keytab";
> 
> as opposed to:
> 
> tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab";
That keytab isn't used when updating the dns records via the dhcp
script.
 
> ==================================>   CURRENT DHCPD.CONF
>   /etc/dhcp/dhcpd.conf
> ==================================> authoritative;
> ddns-update-style none;
> option domain-name "corp.<DOMAIN>.com";
> option domain-name-servers 172.20.10.130;
> option ntp-servers 172.20.10.130;
> option broadcast-address 172.20.10.255;
> option routers 172.20.10.129;
> option netbios-name-servers 172.20.10.130;
> option time-offset 0;
> 
> subnet 172.20.10.128 netmask 255.255.255.128 {
>   option subnet-mask 255.255.255.128;
>   pool {
>     range 172.20.10.165 172.20.10.229;
>     default-lease-time 43200;
>     max-lease-time 86400;
>   }
> }
> on commit {
> set noname = concat("dhcp-", binary-to-ascii(10, 8,
"-",
> leased-address)); set ClientIP = binary-to-ascii(10, 8, ".",
> leased-address); set ClientDHCID = binary-to-ascii(16, 8, ":",
> hardware); set ClientName = pick-first-value(option host-name,
> config-option-host-name, client-name, noname); log(concat("Commit:
> IP: ", ClientIP, " DHCID: ", ClientDHCID, " Name:
", ClientName));
> execute("/usr/local/bin/dhcp-dyndns.sh", "add",
ClientIP,
> ClientDHCID, ClientName); } on release {
> set ClientIP = binary-to-ascii(10, 8, ".", leased-address);
> set ClientDHCID = binary-to-ascii(16, 8, ":", hardware);
> log(concat("Release: IP: ", ClientIP));
> execute("/usr/local/bin/dhcp-dyndns.sh", "delete",
ClientIP,
> ClientDHCID, ""); }
> on expiry {
> set ClientIP = binary-to-ascii(10, 8, ".", leased-address);
> log(concat("Expired: IP: ", ClientIP));
> execute("/usr/local/bin/dhcp-dyndns.sh", "delete",
ClientIP, "0", "");
> }
> ==================================>   CURRENT DHCP-DYNDNS.SH
>   /usr/local/bin/dhcp-dyndns.sh
> ==================================> #!/bin/bash
> # /usr/local/bin/dhcp-dyndns.sh
> # Additional nsupdate flags (-g already applied), e.g. "-d" for
debug
> NSUPDFLAGS="-d"
> # krbcc ticket cache
> export KRB5CCNAME="/tmp/dhcp-dyndns.cc"
> # Variables supplied by dhcpd.conf
> action=$1
> ip=$2
> DHCID=$3
> name=${4%%.*}
> # Check for valid kerberos ticket
> 
> _KERBEROS () {
> 
> klist -c /tmp/dhcp-dyndns.cc -s
> if [ "$?" != "0" ]; then
>     kinit -F -k -t /etc/dhcpduser.keytab -c /tmp/dhcp-dyndns.cc
> "dhcpduser at CORP.<DOMAIN>.COM" if [ "$?" !=
"0" ]; then
>         exit 1;
>     fi
> fi
> }
> # Exit if no ip address or mac-address
> if [ -z "${ip}" ] || [ -z "${DHCID}" ]; then
>     exit 1;
> fi
> # Exit if no computer name supplied, unless the action is 'delete'
> if [ "${name}" = "" ]; then
>     if [ "${action}" = "delete" ]; then
>         name=$(host -t PTR "${ip}" | awk '{print $NF}' |
awk -F '.'
> '{print $1}') else
>         exit 1;
>     fi
> fi
> # Set PTR address
> ptr=$(echo ${ip} | awk -F '.' '{print
>
$4"."$3"."$2"."$1".in-addr.arpa"}')
## nsupdate ##
> 
> case "${action}" in
> add)
> _KERBEROS
> nsupdate -g ${NSUPDFLAGS} << UPDATE
> server 127.0.0.1
> realm CORP.<DOMAIN>.COM
> update delete ${name}.corp.<DOMAIN>.com 3600 A
> update add ${name}.corp.<DOMAIN>.com 3600 A ${ip}
> send
> UPDATE
> nsupdate -g ${NSUPDFLAGS} << UPDATE
> server 127.0.0.1
> realm CORP.<DOMAIN>.COM
> update delete ${ptr} 3600 PTR
> update add ${ptr} 3600 PTR ${name}.corp.<DOMAIN>.com
> send
> UPDATE
> ;;
> delete)
> _KERBEROS
> nsupdate -g ${NSUPDFLAGS} << UPDATE
> server 127.0.0.1
> realm CORP.<DOMAIN>.COM
> update delete ${name}.corp.<DOMAIN>.com 3600 A
> send
> UPDATE
> nsupdate -g ${NSUPDFLAGS} << UPDATE
> server 127.0.0.1
> realm CORP.<DOMAIN>.COM
> update delete ${ptr} 3600 PTR
> send
> UPDATE
> ;;
> *)
> 
> exit 1
> 
> ;;
> esac
> exit 0
Do you want to change your scripts to match my scripts as found on the
wiki ?
I know they work, well they have for me for the last 6 years.
> =================================== ERRORS
It is supposed to look like this:

Jan 10 19:36:41 dc4 dhcpd[2093]: Commit: IP: 192.168.0.55 DHCID:
1:b8:27:eb:d3:31:81 Name: devuan
Jan 10 19:36:41 dc4 dhcpd[2093]: execute_statement argv[0] =
/usr/local/bin/dhcp-dyndns.sh
Jan 10 19:36:41 dc4 dhcpd[2093]: execute_statement argv[1] = add
Jan 10 19:36:41 dc4 dhcpd[2093]: execute_statement argv[2] = 192.168.0.55
Jan 10 19:36:41 dc4 dhcpd[2093]: execute_statement argv[3] = 1:b8:27:eb:d3:31:81
Jan 10 19:36:41 dc4 dhcpd[2093]: execute_statement argv[4] = devuan
Jan 10 19:36:41 dc4 named[2336]: samba_dlz: starting transaction on zone
samdom.example.com
Jan 10 19:36:42 dc4 named[2336]: samba_dlz: allowing update of
signer=dhcpduser\@SAMDOM.EXAMPLE.COM name=devuan.samdom.example.com
tcpaddr=127.0.0.1 type=A key=4044813655.sig-dc4.samdom.example.com/160/0
Jan 10 19:36:42 dc4 named[2336]: samba_dlz: allowing update of
signer=dhcpduser\@SAMDOM.EXAMPLE.COM name=devuan.samdom.example.com
tcpaddr=127.0.0.1 type=A key=4044813655.sig-dc4.samdom.example.com/160/0
Jan 10 19:36:42 dc4 named[2336]: client 127.0.0.1#55675/key
dhcpduser\@SAMDOM.EXAMPLE.COM: updating zone 'samdom.example.com/NONE':
deleting rrset at 'devuan.samdom.example.com' A
Jan 10 19:36:42 dc4 named[2336]: samba_dlz: subtracted rdataset
devuan.samdom.example.com
'devuan.samdom.example.com.#0113600#011IN#011A#011192.168.0.55'
Jan 10 19:36:42 dc4 named[2336]: client 127.0.0.1#55675/key
dhcpduser\@SAMDOM.EXAMPLE.COM: updating zone 'samdom.example.com/NONE':
adding an RR at 'devuan.samdom.example.com' A 192.168.0.55
Jan 10 19:36:42 dc4 named[2336]: samba_dlz: added rdataset
devuan.samdom.example.com
'devuan.samdom.example.com.#0113600#011IN#011A#011192.168.0.55'
Jan 10 19:36:42 dc4 named[2336]: samba_dlz: committed transaction on zone
samdom.example.com
Jan 10 19:36:42 dc4 named[2336]: samba_dlz: starting transaction on zone
0.168.192.in-addr.arpa
Jan 10 19:36:42 dc4 named[2336]: samba_dlz: allowing update of
signer=dhcpduser\@SAMDOM.EXAMPLE.COM name=55.0.168.192.in-addr.arpa
tcpaddr=127.0.0.1 type=PTR key=4072256449.sig-dc4.samdom.example.com/160/0
Jan 10 19:36:42 dc4 named[2336]: samba_dlz: allowing update of
signer=dhcpduser\@SAMDOM.EXAMPLE.COM name=55.0.168.192.in-addr.arpa
tcpaddr=127.0.0.1 type=PTR key=4072256449.sig-dc4.samdom.example.com/160/0
Jan 10 19:36:42 dc4 named[2336]: client 127.0.0.1#46009/key
dhcpduser\@SAMDOM.EXAMPLE.COM: updating zone
'0.168.192.in-addr.arpa/NONE': deleting rrset at
'55.0.168.192.in-addr.arpa' PTR
Jan 10 19:36:42 dc4 named[2336]: samba_dlz: subtracted rdataset
55.0.168.192.in-addr.arpa
'55.0.168.192.in-addr.arpa.#0113600#011IN#011PTR#011devuan.samdom.example.com.'
Jan 10 19:36:42 dc4 named[2336]: client 127.0.0.1#46009/key
dhcpduser\@SAMDOM.EXAMPLE.COM: updating zone
'0.168.192.in-addr.arpa/NONE': adding an RR at
'55.0.168.192.in-addr.arpa' PTR devuan.samdom.example.com.
Jan 10 19:36:42 dc4 named[2336]: samba_dlz: added rdataset
55.0.168.192.in-addr.arpa
'55.0.168.192.in-addr.arpa.#0113600#011IN#011PTR#011devuan.samdom.example.com.'
Jan 10 19:36:42 dc4 named[2336]: samba_dlz: committed transaction on zone
0.168.192.in-addr.arpa
Jan 10 19:36:42 dc4 root: DHCP-DNS Update succeeded
Jan 10 19:36:42 dc4 dhcpd[2093]: DHCPREQUEST for 192.168.0.55 from
b8:27:eb:d3:31:81 (devuan) via eth0
Jan 10 19:36:42 dc4 dhcpd[2093]: DHCPACK on 192.168.0.55 to b8:27:eb:d3:31:81
(devuan) via eth0

Yours looks nothing like that

Rowland