On 17/02/2020 10:24, Rowland penny via samba wrote:> On 17/02/2020 08:42, kaffeesurrogat wrote: >> Dear Rowland, >> >> Yes, I did. I'm reading a lot. Docs, books, ... Updates of the >> dns-server via DHCP is up and running, both for the reverse lookup zone >> and the forward lookup mechanism. I've set the lease time to a very low >> value to make shure the dhcp-script has something to do and I can see >> entries changing. >> I've tested the entries with nslookup HOSTNAME and nslookup IP. This is >> working for IPse managed by dhcp. If i give a static ip to my client, >> nslookup HOSTNAMESTATIC is working. nslookup IPSTATIC does not. >> >> That is the thing which is a bit confusing. I'm not using BIND9, i'm >> using the internal dns of samba. >> >> Have fun, >> >> blubberbaer > > Sorry, concentrated on the dhcp and missed 'static' :-( > > Yes, this is how it is supposed to be, you are supposed to create the > static dns records in AD yourself. Also, if you are using dhcp to update > records, you need to stop your Windows trying to update their own records. > > Rowland > >Many thanks Rowland, you know I'm quite a newbie to samba and i'm working hard on getting it up and running .... ;-) Can I savely ignore that samba_dnsupdate --verbose --all-names fails with ; TSIG error with server: tsig verify failure Failed nsupdate: 2 update(nsupdate): SRV _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.lfa.ls plfa1.lfa.ls 389 Calling nsupdate for SRV _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.lfa.ls plfa1.lfa.ls 389 (add) Successfully obtained Kerberos ticket to DNS/plfa1.lfa.ls as PLFA1$ Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.lfa.ls. 900 IN SRV 0 100 389 plfa1.lfa.ls. ; TSIG error with server: tsig verify failure Failed nsupdate: 2 Failed update of 29 entries ???? It looks strange for me, since I'm using INTERNAL SAMBA DNS. Why are there errors about TSIG ? TSIG is not supported, thus I believed samba_dnsupdate would not use it in the first place . Using samba_upgradedns -s /smbaddc/etc/smb.conf --verbose --dns-backend=SAMBA_INTERNAL to fix the error doesn't help. It answers with: lpcfg_load: refreshing parameters from /smbaddc/etc/smb.conf Reading domain information lpcfg_load: refreshing parameters from /smbaddc/etc/smb.conf DNS accounts already exist No zone file /smbaddc/bind-dns/dns/LFA.LS.zone DNS records will be automatically created DNS partitions already exist Could not remove /smbaddc/bind-dns/dns.keytab: No such file or directory Could not remove /smbaddc/bind-dns/named.conf: No such file or directory Could not remove /smbaddc/bind-dns/named.txt: No such file or directory Could not delete dir /smbaddc/bind-dns/dns: No such file or directory Finished upgrading DNS Because it still looking for bind-dns, I believe the command silently ignores --dns-backend=SAMBA_INTERNAL. I guess, this is not the way it supposed to be ..... Awfully sorry for all this questions. Have fun, blubberbaer
On 17/02/2020 10:01, kaffeesurrogat via samba wrote:> > On 17/02/2020 10:24, Rowland penny via samba wrote: >> On 17/02/2020 08:42, kaffeesurrogat wrote: >>> Dear Rowland, >>> >>> Yes, I did. I'm reading a lot. Docs, books, ... Updates of the >>> dns-server via DHCP is up and running, both for the reverse lookup zone >>> and the forward lookup mechanism. I've set the lease time to a very low >>> value to make shure the dhcp-script has something to do and I can see >>> entries changing. >>> I've tested the entries with nslookup HOSTNAME and nslookup IP. This is >>> working for IPse managed by dhcp. If i give a static ip to my client, >>> nslookup HOSTNAMESTATIC is working. nslookup IPSTATIC does not. >>> >>> That is the thing which is a bit confusing. I'm not using BIND9, i'm >>> using the internal dns of samba. >>> >>> Have fun, >>> >>> blubberbaer >> Sorry, concentrated on the dhcp and missed 'static' :-( >> >> Yes, this is how it is supposed to be, you are supposed to create the >> static dns records in AD yourself. Also, if you are using dhcp to update >> records, you need to stop your Windows trying to update their own records. >> >> Rowland >> >> > Many thanks Rowland, you know I'm quite a newbie to samba and i'm > working hard on getting it up and running .... ;-) > > Can I savely ignore that > > samba_dnsupdate --verbose --all-names > > > fails with > > ; TSIG error with server: tsig verify failure > Failed nsupdate: 2 > update(nsupdate): SRV > _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.lfa.ls > plfa1.lfa.ls 389 > Calling nsupdate for SRV > _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.lfa.ls > plfa1.lfa.ls 389 (add) > Successfully obtained Kerberos ticket to DNS/plfa1.lfa.ls as PLFA1$ > Outgoing update query: > ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0 > ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 > ;; UPDATE SECTION: > _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.lfa.ls. 900 IN > SRV 0 100 389 plfa1.lfa.ls. > > ; TSIG error with server: tsig verify failure > Failed nsupdate: 2 > Failed update of 29 entries > > ???? > > It looks strange for me, since I'm using INTERNAL SAMBA DNS. Why are > there errors about TSIG ? TSIG is not supported, thus I believed > samba_dnsupdate would not use it in the first place .Try adding '--use-samba-tool' to the command.> > Using > > samba_upgradedns -s /smbaddc/etc/smb.conf --verbose > --dns-backend=SAMBA_INTERNAL > > to fix the error doesn't help. > > It answers with: > > lpcfg_load: refreshing parameters from /smbaddc/etc/smb.conf > Reading domain information > lpcfg_load: refreshing parameters from /smbaddc/etc/smb.conf > DNS accounts already exist > No zone file /smbaddc/bind-dns/dns/LFA.LS.zone > DNS records will be automatically created > DNS partitions already exist > Could not remove /smbaddc/bind-dns/dns.keytab: No such file or directory > Could not remove /smbaddc/bind-dns/named.conf: No such file or directory > Could not remove /smbaddc/bind-dns/named.txt: No such file or directory > Could not delete dir /smbaddc/bind-dns/dns: No such file or directory > Finished upgrading DNS > > > Because it still looking for bind-dns, I believe the command silently > ignores --dns-backend=SAMBA_INTERNAL.No, it is telling you it cannot find them, because they do not exist.> > I guess, this is not the way it supposed to be ..... > > Awfully sorry for all this questions.If you don't ask, you never learn ;-) Just one question (which you may have already answered), Your DC is using itself as the first nameserver in /etc/resolv.conf ? Rowland
>> Awfully sorry for all this questions. > > If you don't ask, you never learn ;-) > > Just one question (which you may have already answered), Your DC is > using itself as the first nameserver in /etc/resolv.conf ? > > Rowland > > >I guess so .... my entries: domain xxx.yy nameserver 10.20.30.1
Apparently Analagous Threads
- Internal DNS, update of reverse zone fails
- Internal DNS, update of reverse zone fails
- Default Group Policies and Default Domain Controller Policy are empty
- Default Group Policies and Default Domain Controller Policy are empty
- AD DC and file server on a virtual machine