Hi,
DHCP module is not even installed in our Zentyal. The DHCP server in our network is another server (OPNSense).
We have detected two major issues with DNS and Zentyal right now:
1) Zentyal doesn't update DNS records for domain clients. There are clients with Windows 7 and clients with Windows 10. There are clients that where in the old domain (from which we do not restore anything)and there are clients that are completely new machines.
2) Many clients have a DNS error when browse to Youtube. Apparently this error is random. Sometimes Youtube work well, sometimes don't. It only happens in domain clients. When this error is happening, if I change the primary DNS to everything else, the problem disappears... and return if I put Zentyal as primary DNS resolver again. I tried with rdnc flush" and reload commands you suggested in the other topic, but if it works, it doen't last long. I read about "forward only;" parameter in Bind instead "forward first;" but I don't know how that will affect Zentyal or the domain.
In /var/log/syslog I can see this:
Dec 19 12:47:15 zserver named[1517]: samba_dlz: starting transaction on zone XXXXXXXXXX.lan
Dec 19 12:47:15 zserver named[1517]: client @0x7f296804f880 10.0.7.191#65371: update 'XXXXXXXXX.lan/IN' denied
Dec 19 12:47:15 zserver named[1517]: samba_dlz: cancelling transaction on zone XXXXXXXXXXXX.lan
And some others like this:
Dec 19 13:12:40 zserver named[1517]: samba_dlz: starting transaction on zone XXXXXXXX.lan
Dec 19 13:12:40 zserver named[1517]: samba_dlz: disallowing update of signer=XXXXX\$\@XXXXXXX.LAN name=XXXXX.XXXXXX.lan type=AAAA error=insufficient access rights
Dec 19 13:12:40 zserver named[1517]: client @0x7f296c04cfa0 10.0.3.62#64916/key XXXXXX\$\@XXXXXXXXX.LAN: updating zone 'XXXXXXXXX.lan/NONE': update failed: rejected by secure update (REFUSED)
Dec 19 13:12:40 zserver named[1517]: samba_dlz: cancelling transaction on zone XXXXXXXXX.lan
I don't know where to look. As I said before, we don't configure nothing rare or advanced. The configuration is quiet simple: just a domain controller, set from scratch last summer with a clean Zentyal 6.0 image. Now, updated to 6.1.2.
Thanks