samba - Jan 2021 - Dynamic Updates to Bind DLZ through DHCP have repeated errors in syslog

On 29/01/2021 16:16, ralph strebbing wrote:
> On Fri, Jan 29, 2021 at 11:05 AM Rowland penny via samba
> <samba at lists.samba.org> wrote:
>
>> The script was designed to take output from the dhcp server and use
that
>> to update the Samba AD DC dns records in AD. You, by your own
admission,
>> are letting it do that, but then trample all over it by changing
IP's
>> manually. If you require the computer to have a different IP when in
>> production, then I would suggest you set it up with a fixed IP in the
>> first place and not use dhcp at all.
> Understood, and that will be handled appropriately as we encounter it
> moving forward, I appreciate the professional advice on this more than
> I'm likely expressing.
> My only continuing issue using this script (and I believe my last
> comment on this thread before today) is why the script completes its
> task (correctly from what i can tell), but still reports that it
> failed according to it's result codes that you gather for the check?
>
> Also, as I continued to test how well it will work with regards to
> expiring leases as they happen naturally (shortened lease time to 10
> min), the delete function fails as it can't find the records with the
> given args (Log link below):
> http://haste.thegamingcorner.net/zunivocivo.sql
>
> Thanks Again,
> Ralph
The update is failing because, for some reason, the record does not 
exist. This has nothing to do with the script, unless it is because the 
script never created it in the first place, but then surely there would 
be something in the logs about this.

As I said, the script is run with the output of DHCP, this can succeed 
or fail, but it would be logged, at the same time, dhcp does its thing 
and this usually works. The script can fail, but dhcp work, the only 
thing that connects them is that dhcp runs the script with the required 
arguments (or not)

Rowland

On Fri, Jan 29, 2021 at 11:34 AM Rowland penny via samba
<samba at lists.samba.org> wrote:
>
> The update is failing because, for some reason, the record does not
> exist. This has nothing to do with the script, unless it is because the
> script never created it in the first place, but then surely there would
> be something in the logs about this.
>
>
> As I said, the script is run with the output of DHCP, this can succeed
> or fail, but it would be logged, at the same time, dhcp does its thing
> and this usually works. The script can fail, but dhcp work, the only
> thing that connects them is that dhcp runs the script with the required
> arguments (or not)
These records specifically are generated by the script from DHCP.
Looking at what it's passing (in the previous log file), I think the
issue is stemming from the script grabbing and passing the MAC, but
not the hostname, which is what Samba-tool uses.
I just tested it manually, and deleting a record in DNS took the following args:
samba-tool dns delete <server> <zone> <name> <Record
Type> <record data>

The example I used and succeeded on manually was: samba-tool dns
delete dc1 domain.com sys-rstrebbing A 10.60.2.35 (My laptop). It ran
fine.
If I understand the logs correctly from your script, this is what it's
passing:
samba-tool dns delete dc1 domain.com 0 A 10.60.2.11 <---Example based
on args given in the log file.
So would it even be possible to grab the hostname on an expiring
lease? Looking over the wiki again I noticed this comment on the code
in dhcpd.conf
In the on expiry block:
# cannot get a ClientMac here, apparently this only works when
actually receiving a packet
and
# cannot get a ClientName here, for some reason that always fails
By chance has the second one changed? Because otherwise samba doesn't
seem to allow removing the record since the name of the record
(ClientName) almost seems like it's a critical piece of this. Or if
anyone else has come to another solution to get the information
another way while the script runs.

Ralph