Zentyal Forum, Linux Small Business Server

Zentyal Server => Installation and Upgrades => Topic started by: fatbob on February 24, 2013, 02:33:45 am

Title: [SOLVED] Samba won't update dns (still)
Post by: fatbob on February 24, 2013, 02:33:45 am
NB have simplified the issue further down in the history of this post


Hi I have Zentyal Community box (Core version 3.0.13 )

It runs the dhcp service and is configured to do dynamic domain updates. It is also running as a Windows domain controller and file server.

One of the windows XP clients keeps appearing to get two leases. These show up on the dashboard and in /var/lib/dhcp/dhcp.leases

The result is that the reverse lookup (by ip) matches the IP address handed out by the DHCP server on the zentyal box. The forward look up of the name comes up with a different IP.  :o

Interestingly if the machine is dropped out of the domain the dynamic IP address seems to work with both forward and revers lookups correct. If it's added back in to the domain then the problem reoccurs

I've tried changing the name of the windows box and manually hacking the dhcp.leases file and the forward lookup file for bind in /var/lib/bind (having stopped bind and deleted the journal.

At the moment the machine appears to work ok on the domain but it is annoying.

Anybody got any ideas?
Title: Re: Incorrect forward dns for Windows XP client on domain with dyanmic IP
Post by: christian on February 24, 2013, 06:43:18 am
I can't really see the link between domain concept and DNS.
Even if your machine doesn't take part of your Windows domain, if you have set up DHCP and DNS so that new DNS record is created when new lease is issued (i.e. dynamic DNS), if, for some reason, 2 leases are issued, you will end-up with 2 DNS entries isn't it?

BTW, what is your lease duration ?
Title: Re: Incorrect forward dns for Windows XP client on domain with dyanmic IP
Post by: fatbob on February 24, 2013, 11:38:45 am
Hi Christian

To answer your question first the lease is 30 minutes, max lease is 2 hours and the problem still exits after the machine has been disconnected for 6 (overnight) (Ie it will happen again when the machine is powered up.

Firstly disregarding the involvement of the windows domain there are 2 questions raised by this

Now coming back to the windows domain issue. The domain certainly has a dependancy on dns and I'm begining to suspect it actually has an impact on it too,

Let me explain the full details of what's happened leading up to this.

I'm switching from an old SuSE 11 server to a new Zentyal server, In fact it's the same machine I just have new set of hard drive with the zentyal build on them. I'll refer to them as if they are separate machines here for conveniece but  they would never both be connected to the same network simultaneously  ;)

Both servers are configured in a similar manner. Both have the same names, both were windows file server / domain controllers and both had dhcp that dynamically updated the dns server. Both handed out IP address in the same range (this is probably the important point). On the suse server the forward and revers records were added to the dns by the dhcp server. Both managed a windows domain of the same name

I had my old suse server running and the windows XP machine that is the source of the issue was connected to it. It had been leased an IP address by the suse server ending in 103. I dropped the XP machine off the old domain.

I powerd down the suse server and powered up the zentyal server. I then tried to connect the XP machine to the new domain. This resulted in the error "network path not found". At this point the XP machine still had the 103 address leased by the old suse server that was now powered down. The error occured because the zentyal dns server had no reverse dns entry for the XP machine and could not resolve the 103 address to the xp machines host name, since it had not leased that address out. This illustrates the dependancy on dns of the windows domain.

I executed an ipconfig /release followed by and ipconfig /renew on the XP machine and it was leased an IP address ending in 197. The reverse dns entry was created on the Zentyl server and this IP address successfully resolved to the XP machines host name. I then connected the XP machine to the domain successfully.

However having done this I made the following observersions


One final note on this. I believe I was once told that when a windows machine connects to a (conventional windows server run) windows domain that it updates the DNS records with it's host name / IP address. As supposed to the scenario I had on the suse box where the dhcp server did that. i wonder if there is some similar process in effect here as I know samba 4 has some dns support in order for it to perform in a manner expected by windows clients.
Title: Re: Incorrect forward dns for Windows XP client on domain with dyanmic IP
Post by: fatbob on February 24, 2013, 03:48:13 pm
I now have another windows xp that doesn't get a forward lookup at all. The forward and reverse lookups for both machines function fine when not connected to the domain.
Title: Re: Incorrect forward dns for Windows XP client on domain with dyanmic IP
Post by: christian on February 24, 2013, 04:24:49 pm
Sorry, this is far above my knowledge  :-[

My understanding stops at DNS and /etc/hosts when it comes to resolve names.
I also understand that DHCP can update DNS based on valid leases.

All the "Windows domain" stuff that could impact above behaviour is not something I can understand (except if you involve WINS and Netbios but this is another story). I'm not saying you're wrong but I can't help  :-\

In a pure Microsoft world, this is different because they decided to, on purpose, mix everything: deploying PDC is the magic answer to everything as it provides DHCP, DNS, PKI, Kerberos, file sharing.... well, everything so you can easily mix up, it doesn't matter.

This said, you are testing something in a rather weird environment: you get lease from one DHCP server, then stop this server, start a new one as similar as possible (but nevertheless indeed different) and then try to use it as if nothing happened  ::)
This is making the (wrong) assumption that there is no DNS cache. I think this is the main reason why you have strange behaviour here and there.
Title: Re: Incorrect forward dns for Windows XP client on domain with dyanmic IP
Post by: fatbob on February 24, 2013, 06:09:27 pm
Hi Christian

Yes it was my mistake to not reboot the XP box in between switching servers. However after further experimentation with another XP machine and a windows 7 machine I can simplify the problem a bit to the following


I think that points the finger squarely at samba. But I have NO idea about what it's doing. Like you I only know isc dhcp and bind. :( Anyone else got any ideas:

Zentyal module versions
Zentyal Core: 3.0.13
Zentyal Samba: 3.0.13
Zentyal DNS: 3.0.5
Zentyal DHCP: 3.0.2

These are the latest as far as i can see

Title: Re: Incorrect forward dns for Windows XP client on domain with dyanmic IP
Post by: christian on February 24, 2013, 06:23:20 pm
So we are somewhat converging.
One "control" question: how to you perform this "forward lookup"? (just curious)
Title: Re: Incorrect forward dns for Windows XP client on domain with dyanmic IP
Post by: fatbob on February 24, 2013, 06:41:16 pm
Yeah no worries

EG:
windows host name: xpbox
windows IP; 10.56.19.134

nslookup 10.53.19.134
gives name = xpbox.mydomain.lan

nslookup xpbox gives not found on any windows machine
using FQDN:
nslookup xpbox.mydomain.lan gives not found on any machine

nslookup xpbox on zentyal gives one slightly odd response which is :

Non-authoritative answer:
Name:   xpbox
Address: 67.215.65.132

this resolves to hit-nxdomain.opendns.com. I use opendns as my forwarders and if you try to resolve an unknown host in a web browser for example this "trick" forwards you to there search page.

Other then that not found


Title: Re: Incorrect forward dns for Windows XP client on domain with dyanmic IP
Post by: fatbob on February 24, 2013, 06:47:03 pm
tried dig with similar results. Also tried dig for my one xp machine that has the incorrect forward lookup. The result is definately coming from dns on the local box.

;; ANSWER SECTION:
xpbox.mydomain.lan. 900 IN   A   10.53.19.103 <--This is total boll*x it's .197

;; AUTHORITY SECTION:
mydomain.lan.   900   IN   NS   myserver.mydomain.lan.
Title: Re: Incorrect forward dns for Windows XP client on domain with dyanmic IP
Post by: christian on February 24, 2013, 06:56:41 pm
first comment:
nslookup on Windows if definitely strange as
it should return something like:
Code: [Select]
nslookup 10.56.19.134
server: your Zentyal server
address: your zentyal server IP#53

143.19.56.10.in-addr.arpa   name=xpbox.mydomain.lan.

notice the tailing dot  ;)

second comment linked to above:
you should thus try
Code: [Select]
nslookup xpbox.mydomain.lan.(notice the tailing dot here again)

Third comment:
it would be interesting to understand better whenever you push DNS, domain, and search domain to DHCP clients and what is your DNS configuration on Zentyal. with tailing dot, such request should not be forwarded BTW.
Title: Re: Incorrect forward dns for Windows XP client on domain with dyanmic IP
Post by: christian on February 24, 2013, 07:06:05 pm
;; ANSWER SECTION:
xpbox.mydomain.lan. 900 IN   A   10.53.19.103 <--This is total boll*x it's .197

;; AUTHORITY SECTION:
mydomain.lan.   900   IN   NS   myserver.mydomain.lan.

This one is interesting: your DNS, according to dig (see authority section) does contain 103 as IP address. This said, how many DNS are running on Zentyal 3.0 ? is it like LDAP, meaning we have one standard DNS for Zentyal and one dedicated to Samba ? 5I'm nit sure any more but it looks like this)
So perhaps there is a side effect with some DNS synchro or not refreshed zone or whatever else like this . I can't help about this because I'm not running 3.0.
Rather ask Zentyal team to help here  ;)
Title: Re: Incorrect or no forward dns for Windows clients on domain with dyanmic IP
Post by: fatbob on February 24, 2013, 08:59:33 pm
Hi there

In relation to your first point nslookup on windows always seems to give output without the trailing dot ie
eg nslookup 91.189.94.156 gives:

Name: vostok.cannonical.com
Address: 91,189.94.156

in relation to your second point I tried with the trailing . ie nslookup xpbox.mydomain.lan. and had the same result nothing found. The request only gets sent to the forwarder if you request nslookup xpbox, if you use the FQDN then it never gets forwarded

In any case dispite your efforts I'm no closser to finding out why my forward lookups for windows domain pc's don't work (other then there is no dns entry for some reason)
Title: Re: Incorrect or no forward dns for Windows clients on domain with dyanmic IP
Post by: christian on February 24, 2013, 09:17:14 pm
still your additional post about wrong IP (using dig) is very strange.

what if you type:
Code: [Select]
dig mydomain.lan AXFR
Title: Re: Incorrect or no forward dns for Windows clients on domain with dyanmic IP
Post by: fatbob on February 24, 2013, 09:28:27 pm
I've attached the output of your command to this post.

Interstingly I saw this in the log ---

24/02/2013 20:20:17   myserver   named[15927]   client 10.53.19.197#53332: updating zone 'mydomain.lan/NONE': update failed: rejected by secure update (REFUSED)

Now I wonder if this is the windows client trying to update the zone.
Title: Re: Incorrect or no forward dns for Windows clients on domain with dyanmic IP
Post by: fatbob on February 24, 2013, 09:32:24 pm
And yet more - it would seem samba is trying to update the zone but being rejected:

24/02/2013 20:30:14   vmhost   named[15927]   samba_dlz: starting transaction on zone oilmovements.lan
24/02/2013 20:30:14   vmhost   named[15927]   client 10.53.19.100#62149: update 'oilmovements.lan/IN' denied
24/02/2013 20:30:14   vmhost   named[15927]   samba_dlz: cancelling transaction on zone oilmovements.lan
24/02/2013 20:30:14   vmhost   named[15927]   samba_dlz: starting transaction on zone oilmovements.lan
24/02/2013 20:30:14   vmhost   named[15927]   samba_dlz: disallowing update of signer=newboy\$\@OILMOVEMENTS.LAN name=newboy.oilmovements.lan type=A error=insufficient access rights
24/02/2013 20:30:14   vmhost   named[15927]   client 10.53.19.100#49186: updating zone 'oilmovements.lan/NONE': update failed: rejected by secure update (REFUSED)
24/02/2013 20:30:14   vmhost   named[15927]   samba_dlz: cancelling transaction on zone oilmovements.lan
Title: Re: Incorrect or no forward dns for Windows clients on domain with dyanmic IP
Post by: christian on February 24, 2013, 09:42:21 pm
I've removed the attachment. No need to expose your DNS here  ;)
Let me have a look at it.
Title: Re: Incorrect or no forward dns for Windows clients on domain with dyanmic IP
Post by: christian on February 24, 2013, 09:45:36 pm
your host is indeed registered at 103 (I suppose we discuss about mumsoldgit isn't it  ???)
Did you try to renew DHCP lease already ?
Title: Re: Incorrect or no forward dns for Windows clients on domain with dyanmic IP
Post by: fatbob on February 24, 2013, 09:47:56 pm
:) Old home machines I'm using for testing hehe. My folks and I seem to collect em

Yeah have tried ipconfig /release /renew cycle - no joy
Title: Re: Incorrect or no forward dns for Windows clients on domain with dyanmic IP
Post by: christian on February 24, 2013, 09:55:57 pm
you have a strange network  :-X
- modem at 192.168.100.1 ? Really ? I hope you have somewhere route to this network.
- I can't find 10.53.19.100 in your DNS, meaning you have somewhere on your network one machine that is unknown from your DNS but trying to update zone (BTW, is it the one from where you launched dig AXFR command ?)
- something wrong with the "Samba DNS" ?

If you have renewed your lease, you should see, in DNS, one entry matching workstation IP.
If not, stop looking elsewhere, there is already something wrong at this stage.
Once this one is solved, we can look further but not before.
Title: Re: Incorrect or no forward dns for Windows clients on domain with dyanmic IP
Post by: fatbob on February 24, 2013, 10:06:22 pm
Modem is odd it has a 192.168.100.1 address that is only accessible to the lan side - it's an adsl thing sits the other side of the firewall - accessable via the default route.

Yeah it's just getting even more odd

dig on 10.53.19.100 returns nothing

but nslookup returns: 100.19.53.10.in-addr.arpa   name = newboy.oilmovements.lan.

and nslookup newboy.oilmovements.lan. returns nothing (with or without the trailing .)
Title: Re: Incorrect or no forward dns for Windows clients on domain with dyanmic IP
Post by: christian on February 24, 2013, 10:13:49 pm
nslookup answer should also contain address of DNS server answering to your request. is it 10.53.19.20 ?
Are you sure you don't have another DHCP active server elsewhere  :o
Title: Re: Incorrect or no forward dns for Windows clients on domain with dyanmic IP
Post by: fatbob on February 24, 2013, 10:18:06 pm
In aswer to the question from your previous post about where I ran dig, all the investigation is being run on the zentyal box itself. dig was run on there as was my lasted nslookup command

The server identified by nslookup was:
Server:      127.0.0.1
Address:   127.0.0.1#53

There are only 3 machines and the server on my test lan nothing else. There all windows boxes and none of them has any sort of dns server on them - unless they've been hacked by some mysterious dns mugger :)
Title: Re: Incorrect or no forward dns for Windows clients on domain with dyanmic IP
Post by: christian on February 24, 2013, 10:32:08 pm
Could you please post here screen copy of network settings for you Windows workstation ?
Could you also check that your DNS is still configured as dynamic ?

Again, until we can successfully see record in DNS once DHCP lease is issued, any other investigation is useless except if you have an idea of what could be wrong.

I also start to understand that you are using Zentyal with multiple interfaces and multiple LANs (one being 10.53.19.0/?? (24?) another being 192.168.100.0/24). Am I correct ?
Title: Re: Incorrect or no forward dns for Windows clients on domain with dyanmic IP
Post by: fatbob on February 24, 2013, 10:41:03 pm
Will get you config from windoze

No there's one lan 10.53.19.20
Default route is 10.53.19.1

ignore the 192.168.100.1 address it's the modem

Its like this

[ vmhost (zentyal server) ]                [router       ]        [modem         ]
[ 10.53.19.20                  ] ------------> [10.53.19.1]------>[192.168.100.1] ----------> Global interweb -----> zentyal form :)
Title: Re: Incorrect or no forward dns for Windows clients on domain with dyanmic IP
Post by: fatbob on February 24, 2013, 10:55:35 pm
windows lan config
Title: Re: Incorrect or no forward dns for Windows clients on domain with dyanmic IP
Post by: fatbob on February 24, 2013, 10:56:10 pm
dhcp config 1 - basic dhcp settings
Title: Re: Incorrect or no forward dns for Windows clients on domain with dyanmic IP
Post by: fatbob on February 24, 2013, 10:56:34 pm
dhcp config 2 --> dyamic dns
Title: Re: Incorrect or no forward dns for Windows clients on domain with dyanmic IP
Post by: fatbob on February 24, 2013, 10:57:16 pm
dns config including check box indicating a dyanamic dns domain
Title: Re: Incorrect or no forward dns for Windows clients on domain with dyanmic IP
Post by: fatbob on February 24, 2013, 10:58:08 pm
Finally ipconfig /all from the windows xp box (

Title: Re: Incorrect or no forward dns for Windows clients on domain with dyanmic IP
Post by: christian on February 24, 2013, 10:59:13 pm
windows lan config

Thank you but the expectation was (sorry if I was not clear) what you REALLY get from your DHCP server, meaning settings "connection details"
Title: Re: Incorrect or no forward dns for Windows clients on domain with dyanmic IP
Post by: christian on February 24, 2013, 11:03:11 pm
Finally ipconfig /all from the windows xp box (

So we do no look at this machine at 103 (xpbox) but now at newboy... correct ?  why not but we should rather focus on only one, for the time being.

Why do you also configure 10.53.19.1 as secondary DNS ?
Can't you make it simple (at least at the beginning) and use only Zentyal (.20) ?
Title: Re: Incorrect or no forward dns for Windows clients on domain with dyanmic IP
Post by: christian on February 24, 2013, 11:07:16 pm
and I would also suggest that, at least for the time being, during investigation:
- you do not enable transparent DNS cache
- you do not use DNS forwarder

my $0.02  8)
Title: Re: Incorrect or no forward dns for Windows clients on domain with dyanmic IP
Post by: fatbob on February 24, 2013, 11:11:11 pm
Ah sorry I grabbed the closet machine that was representative of the issue. The windows network config on mumsoldgit (103 which is actually 197) and the output of the config aquired from dhcp looks like the attached file.

Im still not clear what you need from me sorry :( Are you looking for the output of the dialogue between the dhcp server and the windows box. I don't really know how to get that ? any ideas?


Title: Re: Incorrect or no forward dns for Windows clients on domain with dyanmic IP
Post by: fatbob on February 24, 2013, 11:15:37 pm
Ok ii'll disable the transparent dns cache, removed the forwarders + the router as a secondary dns and reboot.

The reson I had that set up was because I was using the windows boxes to download stuff (some automated scripted stuff) that I wanted them to carry on with whilst I messed about with the server. The basic router (10.53.19.1) can answer dns querys for the internet but has no specific dns functionality in regards to the lan.

Title: Re: Incorrect or no forward dns for Windows clients on domain with dyanmic IP
Post by: christian on February 24, 2013, 11:17:59 pm
OK, this last file confirms that IP address retrieved from Zentyal server (DHCP) that is configured as dynamic is not registered in Zentyal DNS.
Basically what you explained but this way this is much clearer.
BTW, DNS doesn't contain any entry for "newboy" at ".100"

So there is something wrong here (nothing to do yet with Windows domain  ;))

Have you tried to restart DNS and DHCP services on Zentyal then force DHCP lease renewal on one workstation.
Once done, check DNS content again.
Title: Re: Incorrect or no forward dns for Windows clients on domain with dyanmic IP
Post by: fatbob on February 24, 2013, 11:38:43 pm
ok so I took your advice on board - don't get excited same old behaviour so far:

so on zentyal - removed the DNS forwarders, disabled the transparent dns cache, and removed the 10.53.19.1 secondary dns server from the dhcp config

Rebooted the server

Rebooted newboy and once rebooted did a ipconfig /release followed by ipconfig /renew

P.S using newboy as it doesn't have any "complicated" behaviour it just gets a reverse lookup but no forward lookup unlike the other thing with it's odd 103 address. Lets try and sort out the lack of forward lookup first ;). That problem is consistent across all boxes at least.

same story again. 10.53.19.100 resolves to newboy but newboy doesn't resolve to anything when using nslookup on windows and on the zentyal box

And still running dig on the zentyal box gives no results for newboy / 10.53.19.100 when running dig oilmovements.lan AXFR

Title: Re: Incorrect or no forward dns for Windows clients on domain with dyanmic IP
Post by: fatbob on February 24, 2013, 11:42:58 pm
Oh by the way thanks for all the effort !! : ) very much appreciated!
Title: Re: Incorrect or no forward dns for Windows clients on domain with dyanmic IP
Post by: fatbob on February 25, 2013, 01:20:46 am
Well this is looking more like a bug: Had a look in /var/log/zentyal/error.log and see the following lines repeating;

Text::DHCPLeases::Object::parse Error: Statement not recognized: set ddns-client-fqdn = "mumsoldgit.oilmovements.lan";
 at /usr/share/perl5/Text/DHCPLeases.pm line 148
Text::DHCPLeases::Object::parse Error: Statement not recognized: set ddns-client-fqdn = "newboy.oilmovements.lan";
 at /usr/share/perl5/Text/DHCPLeases.pm line 148
Text::DHCPLeases::Object::parse Error: Statement not recognized: set ddns-client-fqdn = "mumsoldgit.oilmovements.lan";
 at /usr/share/perl5/Text/DHCPLeases.pm line 148
Title: Re: Incorrect or no forward dns for Windows clients on domain with dynamic IP
Post by: christian on February 25, 2013, 06:05:31 am
At least you have found something reliable to create a ticket so that Zentyal team can investigate  :)
Title: Re: Incorrect or no forward dns for Windows clients on domain with dynamic IP
Post by: fatbob on February 26, 2013, 02:11:25 am
After further investigation and a bit of log trawling I have raised ticket #6217
Title: Re: Incorrect or no forward dns for Windows clients on domain with dynamic IP
Post by: fatbob on March 01, 2013, 04:59:02 pm
I received the following update to the case today. Haven't tested it yet - if it works I'll update you



 Hello,

we maintain patched versions of bind and samba4 to allow dhcp dynamic updates on the zones stored into samba LDAP. You should have the following package versions (some of them to be released today):

root@precise64 ~ # dpkg -l | grep zentyal
ii  bind9                                1:9.8.1.dfsg.P1-4ubuntu0.5+zentyal1 Internet Domain Name Server
ii  bind9-host                           1:9.8.1.dfsg.P1-4ubuntu0.5+zentyal1 Version of 'host' bundled with BIND 9.X
ii  bind9utils                           1:9.8.1.dfsg.P1-4ubuntu0.5+zentyal1 Utilities for BIND
ii  dnsutils                             1:9.8.1.dfsg.P1-4ubuntu0.5+zentyal1 Clients provided with BIND
ii  iptables                             1.4.12-1ubuntu4+zentyal1            administration tools for packet filtering and NAT
ii  libbind9-80                          1:9.8.1.dfsg.P1-4ubuntu0.5+zentyal1 BIND9 Shared Library used by BIND
ii  libdns81                             1:9.8.1.dfsg.P1-4ubuntu0.5+zentyal1 DNS Shared Library used by BIND
ii  libisc83                             1:9.8.1.dfsg.P1-4ubuntu0.5+zentyal1 ISC Shared Library used by BIND
ii  libisccc80                           1:9.8.1.dfsg.P1-4ubuntu0.5+zentyal1 Command Channel Library used by BIND
ii  libisccfg82                          1:9.8.1.dfsg.P1-4ubuntu0.5+zentyal1 Config File Handling Library used by BIND
ii  liblwres80                           1:9.8.1.dfsg.P1-4ubuntu0.5+zentyal1 Lightweight Resolver Library used by BIND
ii  samba4                               4.0.3-zentyal7                      SMB/CIFS file, NT domain and active directory server (version 4)
ii  zentyal-common                       3.0.7                               Zentyal - Common Library
ii  zentyal-core                         3.0.14                              Zentyal - Core
ii  zentyal-dhcp                         3.0.3                               Zentyal - DHCP Service
ii  zentyal-dns                          3.0.6                               Zentyal - DNS Service
ii  zentyal-firewall                     3.0.2                               Zentyal - Firewall
ii  zentyal-network                      3.0.3                               Zentyal - Network Configuration
ii  zentyal-ntp                          3.0                                 Zentyal - NTP Service
ii  zentyal-objects                      3.0                                 Zentyal - Network Objects
ii  zentyal-samba                        3.0.14                              Zentyal - File Sharing and Domain Services
ii  zentyal-services                     3.0.2                               Zentyal - Network Services
ii  zentyal-users                        3.0.10                              Zentyal - Users and Groups

We improved the DHCP and DNS reverse zones generation in  https://github.com/Zentyal/zentyal/pull/184, and after testing with the latest packages the direct and reverse zones are updated.

I also had a problem updating the direct zone (DLZ disallowing the update), fixed following the instructions here  http://lists.samba.org/archive/samba-technical/2012-July/085388.html, just FYI. In my case the host name was wxp1 and the domain kernevil.lan, so the command was

ldbdel -H /opt/samba4/private/sam.ldb "DC=wxp1,DC=Kernevil.lan,CN=MicrosoftDNS,DC=Kernevil,DC=lan"
Title: Re: Incorrect or no forward dns for Windows clients on domain with dynamic IP
Post by: fatbob on March 01, 2013, 10:35:36 pm
The update did nothing to remedy the issue and the comand simply returned an error stating that it did not find the host.
Title: [Re: Incorrect or no forward dns for Windows clients on domain with dynamic IP
Post by: fatbob on March 22, 2013, 08:42:45 pm
The solution to this was to issue the following command and reboot

sudo samba_upgradedns --dns-backend=BIND9_DLZ
Title: Re: [SOLVED] No forward dns for Windows clients on domain with dynamic IP
Post by: fatbob on March 24, 2013, 11:35:29 pm
Unfortunately this still isn't working for one Vista SP2 box
Title: Re: No forward dns for Windows clients on domain with dynamic IP
Post by: fatbob on April 13, 2013, 01:10:46 am
Right this is nowhere near solved

I managed to get 2 machines working as described previously

Since then it hasn't worked for any machine

Apr 13 00:05:32 vmhost named[30147]: samba_dlz: starting transaction on zone oilmovements.lan
Apr 13 00:05:32 vmhost named[30147]: client 10.53.19.205#52039: update 'oilmovements.lan/IN' denied
Apr 13 00:05:32 vmhost named[30147]: samba_dlz: cancelling transaction on zone oilmovements.lan
Apr 13 00:05:32 vmhost named[30147]: samba_dlz: starting transaction on zone oilmovements.lan
Apr 13 00:05:32 vmhost named[30147]: samba_dlz: disallowing update of signer=newboywin7\$\@OILMOVEMENTS.LAN name=newboywin7.oilmovements.lan type=AAAA error=insufficient access rights
Apr 13 00:05:32 vmhost named[30147]: client 10.53.19.205#53549: updating zone 'oilmovements.lan/NONE': update failed: rejected by secure update (REFUSED)
Apr 13 00:05:32 vmhost named[30147]: samba_dlz: cancelling transaction on zone oilmovements.lan
Apr 13 00:05:35 vmhost named[30147]: samba_dlz: starting transaction on zone oilmovements.lan
Apr 13 00:05:35 vmhost named[30147]: client 10.53.19.205#65521: update 'oilmovements.lan/IN' denied
Apr 13 00:05:35 vmhost named[30147]: samba_dlz: cancelling transaction on zone oilmovements.lan
Apr 13 00:05:35 vmhost named[30147]: samba_dlz: starting transaction on zone oilmovements.lan
Apr 13 00:05:35 vmhost named[30147]: samba_dlz: disallowing update of signer=newboywin7\$\@OILMOVEMENTS.LAN name=newboywin7.oilmovements.lan type=AAAA error=insufficient access rights

Title: [SOLVED] Re: Samba won't update dns (still)
Post by: fatbob on May 04, 2013, 01:00:58 am
The problem was the time sync between the server and the windows client machine.

The solution to this was as follows

Log on to the windows client as a domain administrator.
Execute the following command to sync time with the server (Kerberos authentication is time dependant)

Quote
net time /domain /set /y

Then re-register dns

Quote
ipconfig /registerdns

You may find it helpful to tail the syslog to ensure successful registraton

Quote
sudo tail -f /var/log/syslog | grep <client machine name>