samba - Dec 2024 - Error when joining new DC

On Mon, 16 Dec 2024 17:42:33 +0000
Peter Mittermayer via samba <samba at lists.samba.org> wrote:
> I really would like to do that. That's exactly why I'm asking if
DNS
> update can be allowed for DCs only and denied for all other clients.
> I looked into it a few years ago but did not find a (simple) solution
> to this.
> 
> Br
> 
You seem to be conflating the requirement with using the 'tkey' line
and the clients updating their dns records.

By default, Unix clients will not even attempt to update their dns
records and you can stop Windows clients from doing so.

You need the 'tkey' line, I suggest you use it.

Rowland

AFAIK sssd on RHEL is by default doing dyndny updates and it needs to be
disabled in the config. Same for a Windows.

Instead of client configuration which can be changed by any sysadmin I prefer to
deny DNS updates centrally, where I have control.

Br

________________________________
From: samba <samba-bounces at lists.samba.org> on behalf of Rowland Penny
via samba <samba at lists.samba.org>
Sent: Monday, December 16, 2024 6:53:34 PM
To: samba at lists.samba.org <samba at lists.samba.org>
Cc: Rowland Penny <rpenny at samba.org>
Subject: Re: [Samba] Error when joining new DC

On Mon, 16 Dec 2024 17:42:33 +0000
Peter Mittermayer via samba <samba at lists.samba.org> wrote:
> I really would like to do that. That's exactly why I'm asking if
DNS
> update can be allowed for DCs only and denied for all other clients.
> I looked into it a few years ago but did not find a (simple) solution
> to this.
>
> Br
>
You seem to be conflating the requirement with using the 'tkey' line
and the clients updating their dns records.

By default, Unix clients will not even attempt to update their dns
records and you can stop Windows clients from doing so.

You need the 'tkey' line, I suggest you use it.

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba