samba - May 2021 - once again reverse DNS - bind_dlz

Hi everyone,
test environment based on Debian 10.9 with bind_dlz and van-belle
repositories - a lot of good work.
I've been working on it for two days - without success.

Forward lookup DNS zones are working properly. Added hosts display
correctly in RSAT DNS in forward lookup zones. Everything looks fine except
for two log entries that always show up when updating the zone


*May 17 20:21:48 ad named [453]: client @ 0x7f73400703d0 10/10/10.160 #
56059: update 'TEST.lan / IN' deniedMay 17 20:21:48 ad named [453]:
samba_dlz: canceling transaction on zone TEST.lan*
May 17 20:21:48 ad named [453]: samba_dlz: starting transaction on zone
TEST.lan
May 17 20:21:48 ad named [453]: samba_dlz: allowing update of signer = RSAT
\ $ \ @ TEST.LAN name = rsat.TEST.lan tcpaddr = 10.10.10.160 type = AAAA
key = 1336-ms-7.9 -24efa0.2b809d3a-b737-11eb-ae6f-525400a13ecb / 160/0
May 17 20:21:48 ad named [453]: samba_dlz: allowing update of signer = RSAT
\ $ \ @ TEST.LAN name = rsat.TEST.lan tcpaddr = 10.10.10.160 type = A key
1336-ms-7.9 -24efa0.2b809d3a-b737-11eb-ae6f-525400a13ecb / 160/0
May 17 20:21:48 ad named [453]: samba_dlz: allowing update of signer = RSAT
\ $ \ @ TEST.LAN name = rsat.TEST.lan tcpaddr = 10.10.10.160 type = A key
1336-ms-7.9 -24efa0.2b809d3a-b737-11eb-ae6f-525400a13ecb / 160/0
May 17 20:21:48 ad named [453]: client @ 0x7f73480c6ee0 10/10/10.160 #
54323 / key RSAT \ $ \ @ TEST.LAN: updating zone 'TEST.lan / NONE':
deleting rrset at 'rsat.TEST. lan 'AAAA
May 17 20:21:48 ad named [453]: client @ 0x7f73480c6ee0 10/10/10.160 #
54323 / key RSAT \ $ \ @ TEST.LAN: updating zone 'TEST.lan / NONE':
deleting rrset at 'rsat.TEST. lan 'A
May 17 20:21:48 ad named [453]: samba_dlz: subtracted rdataset
rsat.TEST.lan 'rsat.TEST.lan. # 0111200 # 011IN # 011A #
01110.10.10.160'

I added via RSAT to the reverse lookup zone according to the SAMBA4 wiki.
It does not work.

samba-tool dns zonelist 10.10.10.50 -U Administrator

  3 zone (s) found

  pszZoneName: 10.10.10.in-addr.arpa
  Flags: DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE
  ZoneType: DNS_ZONE_TYPE_PRIMARY
  Version: 50
  dwDpFlags: DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED
  pszDpFqdn: DomainDnsZones.TEST.lan

  pszZoneName: TEST.lan
  Flags: DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE
  ZoneType: DNS_ZONE_TYPE_PRIMARY
  Version: 50
  dwDpFlags: DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED
  pszDpFqdn: DomainDnsZones.TEST.lan

  pszZoneName: _msdcs.TEST.lan
  Flags: DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE
  ZoneType: DNS_ZONE_TYPE_PRIMARY
  Version: 50
  dwDpFlags: DNS_DP_AUTOCREATED DNS_DP_FOREST_DEFAULT DNS_DP_ENLISTED
  pszDpFqdn: ForestDnsZones.TEST.lan

where should I look for the problem?

Thanks,
Jan

On 17/05/2021 20:11, Jan JMPBL via samba wrote:
> Hi everyone,
> test environment based on Debian 10.9 with bind_dlz and van-belle
> repositories - a lot of good work.
> I've been working on it for two days - without success.
>
> Forward lookup DNS zones are working properly. Added hosts display
> correctly in RSAT DNS in forward lookup zones. Everything looks fine except
> for two log entries that always show up when updating the zone
>
>
> *May 17 20:21:48 ad named [453]: client @ 0x7f73400703d0 10/10/10.160 #
> 56059: update 'TEST.lan / IN' deniedMay 17 20:21:48 ad named [453]:
> samba_dlz: canceling transaction on zone TEST.lan*
> May 17 20:21:48 ad named [453]: samba_dlz: starting transaction on zone
> TEST.lan
> May 17 20:21:48 ad named [453]: samba_dlz: allowing update of signer = RSAT
> \ $ \ @ TEST.LAN name = rsat.TEST.lan tcpaddr = 10.10.10.160 type = AAAA
> key = 1336-ms-7.9 -24efa0.2b809d3a-b737-11eb-ae6f-525400a13ecb / 160/0
> May 17 20:21:48 ad named [453]: samba_dlz: allowing update of signer = RSAT
> \ $ \ @ TEST.LAN name = rsat.TEST.lan tcpaddr = 10.10.10.160 type = A key
> 1336-ms-7.9 -24efa0.2b809d3a-b737-11eb-ae6f-525400a13ecb / 160/0
> May 17 20:21:48 ad named [453]: samba_dlz: allowing update of signer = RSAT
> \ $ \ @ TEST.LAN name = rsat.TEST.lan tcpaddr = 10.10.10.160 type = A key
> 1336-ms-7.9 -24efa0.2b809d3a-b737-11eb-ae6f-525400a13ecb / 160/0
> May 17 20:21:48 ad named [453]: client @ 0x7f73480c6ee0 10/10/10.160 #
> 54323 / key RSAT \ $ \ @ TEST.LAN: updating zone 'TEST.lan / NONE':
> deleting rrset at 'rsat.TEST. lan 'AAAA
> May 17 20:21:48 ad named [453]: client @ 0x7f73480c6ee0 10/10/10.160 #
> 54323 / key RSAT \ $ \ @ TEST.LAN: updating zone 'TEST.lan / NONE':
> deleting rrset at 'rsat.TEST. lan 'A
> May 17 20:21:48 ad named [453]: samba_dlz: subtracted rdataset
> rsat.TEST.lan 'rsat.TEST.lan. # 0111200 # 011IN # 011A #
01110.10.10.160'
>
> I added via RSAT to the reverse lookup zone according to the SAMBA4 wiki.
> It does not work.
>
> samba-tool dns zonelist 10.10.10.50 -U Administrator
>
>    3 zone (s) found
>
>    pszZoneName: 10.10.10.in-addr.arpa
>    Flags: DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE
>    ZoneType: DNS_ZONE_TYPE_PRIMARY
>    Version: 50
>    dwDpFlags: DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED
>    pszDpFqdn: DomainDnsZones.TEST.lan
>
>    pszZoneName: TEST.lan
>    Flags: DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE
>    ZoneType: DNS_ZONE_TYPE_PRIMARY
>    Version: 50
>    dwDpFlags: DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED
>    pszDpFqdn: DomainDnsZones.TEST.lan
>
>    pszZoneName: _msdcs.TEST.lan
>    Flags: DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE
>    ZoneType: DNS_ZONE_TYPE_PRIMARY
>    Version: 50
>    dwDpFlags: DNS_DP_AUTOCREATED DNS_DP_FOREST_DEFAULT DNS_DP_ENLISTED
>    pszDpFqdn: ForestDnsZones.TEST.lan
>
> where should I look for the problem?
>
> Thanks,
> Jan

Please go here: 
https://github.com/thctlo/samba4/blob/master/samba-collect-debug-info.sh

Download the script and run it on the DC, post the output (sanitised if 
required) into a reply to this, do not attach it, this list strips 
attachments.

Rowland