Author Topic: DNS reverse lookup is not setup - update <domain>/IN denied  (Read 2282 times)

shahdivy

  • Zen Apprentice
  • *
  • Posts: 21
  • Karma: +1/-0
    • View Profile
DNS reverse lookup is not setup - update <domain>/IN denied
« on: February 28, 2017, 07:52:27 pm »
I have Zentyal PDC and 2 Additional DC servers running Development version 5.0 ( upgraded to 5.0.7)

Configuration: - Site A - PDC and ADC ( 2 servers)
                     - Site B - ADC ( 1 server)

DNS is working by name (forward lookup) but reverse lookup by IP is not working.

In syslog, following messages show up:

Mar  1 00:19:57 amddc01 named[1541]: samba_dlz: starting transaction on zone bksd.com
Mar  1 00:19:57 amddc01 named[1541]: client 172.16.16.73#60108: update 'bksd.com/IN' denied
Mar  1 00:19:57 amddc01 named[1541]: samba_dlz: cancelling transaction on zone bksd.com

Do not see any reverse lookup files setup in /etc/bind directory.  I thought its suppose to be automatically setup.  Any suggestion if this needs to be setup manually? 

Using RSAT tools on windows 10 client to manage adding DNS A records  which seems to be working and replicating to all servers correctly.

azharoth71

  • Zen Apprentice
  • *
  • Posts: 13
  • Karma: +0/-0
    • View Profile
Re: DNS reverse lookup is not setup - update <domain>/IN denied
« Reply #1 on: March 24, 2017, 12:24:23 pm »
Same Problem,
it seems that the problem happen when you have 2 or more dns
The reverse dns try to write dato on the first (ina alphabeticcaly order) zone in DNS

in my case : alex.int, alex.net, everithing is working fine
but if the zones are :
aaa.at, alex.int, alex.net, reverse dns try to write data on aaa.at

My friends in zentyal are still working on it

shahdivy

  • Zen Apprentice
  • *
  • Posts: 21
  • Karma: +1/-0
    • View Profile
Re: DNS reverse lookup is not setup - update <domain>/IN denied
« Reply #2 on: March 24, 2017, 07:48:30 pm »
Hopefully we will see a fix for it. 

We have created reverse lookup zones manually and started to add entries manually - specially for servers.

Clients are still failing with the same failure message.