Author Topic: [SOLVED] Samba won't update dns (still)  (Read 20511 times)

christian

  • Guest
Re: Incorrect or no forward dns for Windows clients on domain with dyanmic IP
« Reply #30 on: February 24, 2013, 11:03:11 pm »
Finally ipconfig /all from the windows xp box (

So we do no look at this machine at 103 (xpbox) but now at newboy... correct ?  why not but we should rather focus on only one, for the time being.

Why do you also configure 10.53.19.1 as secondary DNS ?
Can't you make it simple (at least at the beginning) and use only Zentyal (.20) ?

christian

  • Guest
Re: Incorrect or no forward dns for Windows clients on domain with dyanmic IP
« Reply #31 on: February 24, 2013, 11:07:16 pm »
and I would also suggest that, at least for the time being, during investigation:
- you do not enable transparent DNS cache
- you do not use DNS forwarder

my $0.02  8)

fatbob

  • Zen Warrior
  • ***
  • Posts: 102
  • Karma: +1/-0
    • View Profile
Re: Incorrect or no forward dns for Windows clients on domain with dyanmic IP
« Reply #32 on: February 24, 2013, 11:11:11 pm »
Ah sorry I grabbed the closet machine that was representative of the issue. The windows network config on mumsoldgit (103 which is actually 197) and the output of the config aquired from dhcp looks like the attached file.

Im still not clear what you need from me sorry :( Are you looking for the output of the dialogue between the dhcp server and the windows box. I don't really know how to get that ? any ideas?



fatbob

  • Zen Warrior
  • ***
  • Posts: 102
  • Karma: +1/-0
    • View Profile
Re: Incorrect or no forward dns for Windows clients on domain with dyanmic IP
« Reply #33 on: February 24, 2013, 11:15:37 pm »
Ok ii'll disable the transparent dns cache, removed the forwarders + the router as a secondary dns and reboot.

The reson I had that set up was because I was using the windows boxes to download stuff (some automated scripted stuff) that I wanted them to carry on with whilst I messed about with the server. The basic router (10.53.19.1) can answer dns querys for the internet but has no specific dns functionality in regards to the lan.


christian

  • Guest
Re: Incorrect or no forward dns for Windows clients on domain with dyanmic IP
« Reply #34 on: February 24, 2013, 11:17:59 pm »
OK, this last file confirms that IP address retrieved from Zentyal server (DHCP) that is configured as dynamic is not registered in Zentyal DNS.
Basically what you explained but this way this is much clearer.
BTW, DNS doesn't contain any entry for "newboy" at ".100"

So there is something wrong here (nothing to do yet with Windows domain  ;))

Have you tried to restart DNS and DHCP services on Zentyal then force DHCP lease renewal on one workstation.
Once done, check DNS content again.

fatbob

  • Zen Warrior
  • ***
  • Posts: 102
  • Karma: +1/-0
    • View Profile
Re: Incorrect or no forward dns for Windows clients on domain with dyanmic IP
« Reply #35 on: February 24, 2013, 11:38:43 pm »
ok so I took your advice on board - don't get excited same old behaviour so far:

so on zentyal - removed the DNS forwarders, disabled the transparent dns cache, and removed the 10.53.19.1 secondary dns server from the dhcp config

Rebooted the server

Rebooted newboy and once rebooted did a ipconfig /release followed by ipconfig /renew

P.S using newboy as it doesn't have any "complicated" behaviour it just gets a reverse lookup but no forward lookup unlike the other thing with it's odd 103 address. Lets try and sort out the lack of forward lookup first ;). That problem is consistent across all boxes at least.

same story again. 10.53.19.100 resolves to newboy but newboy doesn't resolve to anything when using nslookup on windows and on the zentyal box

And still running dig on the zentyal box gives no results for newboy / 10.53.19.100 when running dig oilmovements.lan AXFR


fatbob

  • Zen Warrior
  • ***
  • Posts: 102
  • Karma: +1/-0
    • View Profile
Re: Incorrect or no forward dns for Windows clients on domain with dyanmic IP
« Reply #36 on: February 24, 2013, 11:42:58 pm »
Oh by the way thanks for all the effort !! : ) very much appreciated!

fatbob

  • Zen Warrior
  • ***
  • Posts: 102
  • Karma: +1/-0
    • View Profile
Re: Incorrect or no forward dns for Windows clients on domain with dyanmic IP
« Reply #37 on: February 25, 2013, 01:20:46 am »
Well this is looking more like a bug: Had a look in /var/log/zentyal/error.log and see the following lines repeating;

Text::DHCPLeases::Object::parse Error: Statement not recognized: set ddns-client-fqdn = "mumsoldgit.oilmovements.lan";
 at /usr/share/perl5/Text/DHCPLeases.pm line 148
Text::DHCPLeases::Object::parse Error: Statement not recognized: set ddns-client-fqdn = "newboy.oilmovements.lan";
 at /usr/share/perl5/Text/DHCPLeases.pm line 148
Text::DHCPLeases::Object::parse Error: Statement not recognized: set ddns-client-fqdn = "mumsoldgit.oilmovements.lan";
 at /usr/share/perl5/Text/DHCPLeases.pm line 148

christian

  • Guest
Re: Incorrect or no forward dns for Windows clients on domain with dynamic IP
« Reply #38 on: February 25, 2013, 06:05:31 am »
At least you have found something reliable to create a ticket so that Zentyal team can investigate  :)

fatbob

  • Zen Warrior
  • ***
  • Posts: 102
  • Karma: +1/-0
    • View Profile
Re: Incorrect or no forward dns for Windows clients on domain with dynamic IP
« Reply #39 on: February 26, 2013, 02:11:25 am »
After further investigation and a bit of log trawling I have raised ticket #6217

fatbob

  • Zen Warrior
  • ***
  • Posts: 102
  • Karma: +1/-0
    • View Profile
I received the following update to the case today. Haven't tested it yet - if it works I'll update you



 Hello,

we maintain patched versions of bind and samba4 to allow dhcp dynamic updates on the zones stored into samba LDAP. You should have the following package versions (some of them to be released today):

root@precise64 ~ # dpkg -l | grep zentyal
ii  bind9                                1:9.8.1.dfsg.P1-4ubuntu0.5+zentyal1 Internet Domain Name Server
ii  bind9-host                           1:9.8.1.dfsg.P1-4ubuntu0.5+zentyal1 Version of 'host' bundled with BIND 9.X
ii  bind9utils                           1:9.8.1.dfsg.P1-4ubuntu0.5+zentyal1 Utilities for BIND
ii  dnsutils                             1:9.8.1.dfsg.P1-4ubuntu0.5+zentyal1 Clients provided with BIND
ii  iptables                             1.4.12-1ubuntu4+zentyal1            administration tools for packet filtering and NAT
ii  libbind9-80                          1:9.8.1.dfsg.P1-4ubuntu0.5+zentyal1 BIND9 Shared Library used by BIND
ii  libdns81                             1:9.8.1.dfsg.P1-4ubuntu0.5+zentyal1 DNS Shared Library used by BIND
ii  libisc83                             1:9.8.1.dfsg.P1-4ubuntu0.5+zentyal1 ISC Shared Library used by BIND
ii  libisccc80                           1:9.8.1.dfsg.P1-4ubuntu0.5+zentyal1 Command Channel Library used by BIND
ii  libisccfg82                          1:9.8.1.dfsg.P1-4ubuntu0.5+zentyal1 Config File Handling Library used by BIND
ii  liblwres80                           1:9.8.1.dfsg.P1-4ubuntu0.5+zentyal1 Lightweight Resolver Library used by BIND
ii  samba4                               4.0.3-zentyal7                      SMB/CIFS file, NT domain and active directory server (version 4)
ii  zentyal-common                       3.0.7                               Zentyal - Common Library
ii  zentyal-core                         3.0.14                              Zentyal - Core
ii  zentyal-dhcp                         3.0.3                               Zentyal - DHCP Service
ii  zentyal-dns                          3.0.6                               Zentyal - DNS Service
ii  zentyal-firewall                     3.0.2                               Zentyal - Firewall
ii  zentyal-network                      3.0.3                               Zentyal - Network Configuration
ii  zentyal-ntp                          3.0                                 Zentyal - NTP Service
ii  zentyal-objects                      3.0                                 Zentyal - Network Objects
ii  zentyal-samba                        3.0.14                              Zentyal - File Sharing and Domain Services
ii  zentyal-services                     3.0.2                               Zentyal - Network Services
ii  zentyal-users                        3.0.10                              Zentyal - Users and Groups

We improved the DHCP and DNS reverse zones generation in  https://github.com/Zentyal/zentyal/pull/184, and after testing with the latest packages the direct and reverse zones are updated.

I also had a problem updating the direct zone (DLZ disallowing the update), fixed following the instructions here  http://lists.samba.org/archive/samba-technical/2012-July/085388.html, just FYI. In my case the host name was wxp1 and the domain kernevil.lan, so the command was

ldbdel -H /opt/samba4/private/sam.ldb "DC=wxp1,DC=Kernevil.lan,CN=MicrosoftDNS,DC=Kernevil,DC=lan"
« Last Edit: March 04, 2013, 04:29:45 pm by fatbob »

fatbob

  • Zen Warrior
  • ***
  • Posts: 102
  • Karma: +1/-0
    • View Profile
The update did nothing to remedy the issue and the comand simply returned an error stating that it did not find the host.

fatbob

  • Zen Warrior
  • ***
  • Posts: 102
  • Karma: +1/-0
    • View Profile
The solution to this was to issue the following command and reboot

sudo samba_upgradedns --dns-backend=BIND9_DLZ

fatbob

  • Zen Warrior
  • ***
  • Posts: 102
  • Karma: +1/-0
    • View Profile
Re: [SOLVED] No forward dns for Windows clients on domain with dynamic IP
« Reply #43 on: March 24, 2013, 11:35:29 pm »
Unfortunately this still isn't working for one Vista SP2 box

fatbob

  • Zen Warrior
  • ***
  • Posts: 102
  • Karma: +1/-0
    • View Profile
Re: No forward dns for Windows clients on domain with dynamic IP
« Reply #44 on: April 13, 2013, 01:10:46 am »
Right this is nowhere near solved

I managed to get 2 machines working as described previously

Since then it hasn't worked for any machine

Apr 13 00:05:32 vmhost named[30147]: samba_dlz: starting transaction on zone oilmovements.lan
Apr 13 00:05:32 vmhost named[30147]: client 10.53.19.205#52039: update 'oilmovements.lan/IN' denied
Apr 13 00:05:32 vmhost named[30147]: samba_dlz: cancelling transaction on zone oilmovements.lan
Apr 13 00:05:32 vmhost named[30147]: samba_dlz: starting transaction on zone oilmovements.lan
Apr 13 00:05:32 vmhost named[30147]: samba_dlz: disallowing update of signer=newboywin7\$\@OILMOVEMENTS.LAN name=newboywin7.oilmovements.lan type=AAAA error=insufficient access rights
Apr 13 00:05:32 vmhost named[30147]: client 10.53.19.205#53549: updating zone 'oilmovements.lan/NONE': update failed: rejected by secure update (REFUSED)
Apr 13 00:05:32 vmhost named[30147]: samba_dlz: cancelling transaction on zone oilmovements.lan
Apr 13 00:05:35 vmhost named[30147]: samba_dlz: starting transaction on zone oilmovements.lan
Apr 13 00:05:35 vmhost named[30147]: client 10.53.19.205#65521: update 'oilmovements.lan/IN' denied
Apr 13 00:05:35 vmhost named[30147]: samba_dlz: cancelling transaction on zone oilmovements.lan
Apr 13 00:05:35 vmhost named[30147]: samba_dlz: starting transaction on zone oilmovements.lan
Apr 13 00:05:35 vmhost named[30147]: samba_dlz: disallowing update of signer=newboywin7\$\@OILMOVEMENTS.LAN name=newboywin7.oilmovements.lan type=AAAA error=insufficient access rights