Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - opensesame

Pages: [1]
1
Context: Zentyal 5.0, with the following roles selected during installation:-
 - Domain Controller and File Sharing
 - DNS Server
 - DHCP Server

I have Zentyal running as a domain controller and I am happy with the configuration with the exception that I would like all hosts obtaining an IP address from the DHCP server to trigger a DNS update.

I should note that I have enabled Dynamic DNS and the 'Dynamic domain' and 'Static domain' settings have been configured.

However, it seems that only hosts that have joined the domain are able to trigger a DNS update. Furthermore, it is the host itself that is updating the DNS entries, rather than the DHCP server.

Example of a failed update (representative of both Windows, Linux, Android, other hosts):
Code: [Select]
Aug  8 16:51:29 dc1 dhcpd[1335]: DHCPACK on 192.168.1.10 to aa:bb:cc:dd:ee:ff via eth0
Aug  8 16:51:29 dc1 named[1474]: samba_dlz: starting transaction on zone internal.example.com
Aug  8 16:51:29 dc1 named[1474]: samba_dlz: spnego update failed
Aug  8 16:51:29 dc1 named[1474]: client 127.0.0.1#31281/key internal.example.com: updating zone 'internal.example.com/NONE': update failed: rejected by secure update (REFUSED)
Aug  8 16:51:29 dc1 named[1474]: samba_dlz: cancelling transaction on zone internal.example.com
Aug  8 16:51:29 dc1 dhcpd[1335]: Unable to add forward map from tst-linux.internal.example.com. to 192.168.1.10: REFUSED

Example of a successful update after the Windows host has joined the domain (note that the DHCP server is still trying to perform updates and these are still failing):
Code: [Select]
Aug  8 18:54:26 dc1 named[1474]: client 127.0.0.1#31281/key internal.example.com: updating zone '1.168.192.in-addr.arpa/IN': deleting rrset at '110.1.168.192.in-addr.arpa' PTR
Aug  8 18:54:26 dc1 named[1474]: client 127.0.0.1#31281/key internal.example.com: updating zone '1.168.192.in-addr.arpa/IN': adding an RR at '110.1.168.192.in-addr.arpa' PTR wintst.internal.example.com.
Aug  8 18:54:26 dc1 dhcpd[1335]: DHCPREQUEST for 192.168.1.110 from 11:22:33:44:55:66 (wintst) via eth0
Aug  8 18:54:26 dc1 dhcpd[1335]: DHCPACK on 192.168.1.110 to 11:22:33:44:55:66 (wintst) via eth0
Aug  8 18:54:26 dc1 dhcpd[1335]: Added reverse map from 110.1.168.192.in-addr.arpa. to wintst.internal.example.com
Aug  8 18:54:35 dc1 named[1474]: samba_dlz: starting transaction on zone internal.example.com
Aug  8 18:54:35 dc1 named[1474]: client 192.168.1.110#59072: update 'internal.example.com/IN' denied
Aug  8 18:54:35 dc1 named[1474]: samba_dlz: cancelling transaction on zone internal.example.com
Aug  8 18:54:35 dc1 named[1474]: samba_dlz: starting transaction on zone internal.example.com
Aug  8 18:54:35 dc1 named[1474]: samba_dlz: allowing update of signer=WINTST\$\@INTERNAL.EXAMPLE.COM name=wintst.internal.example.com tcpaddr= type=AAAA key=892-ms-7.1-608e.11111111-2222-3333-4444-555555555555/160/0
Aug  8 18:54:35 dc1 named[1474]: samba_dlz: allowing update of signer=WINTST\$\@INTERNAL.EXAMPLE.COM name=wintst.internal.example.com tcpaddr= type=A key=892-ms-7.1-608e.11111111-2222-3333-4444-555555555555/160/0
Aug  8 18:54:35 dc1 named[1474]: samba_dlz: allowing update of signer=WINTST\$\@INTERNAL.EXAMPLE.COM name=wintst.internal.example.com tcpaddr= type=A key=892-ms-7.1-608e.11111111-2222-3333-4444-555555555555/160/0
Aug  8 18:54:35 dc1 named[1474]: client 192.168.1.110#57633/key WINTST\$\@INTERNAL.EXAMPLE.COM: updating zone 'internal.example.com/NONE': deleting rrset at 'wintst.internal.example.com' AAAA
Aug  8 18:54:35 dc1 named[1474]: client 192.168.1.110#57633/key WINTST\$\@INTERNAL.EXAMPLE.COM: updating zone 'internal.example.com/NONE': deleting rrset at 'wintst.internal.example.com' A
Aug  8 18:54:35 dc1 named[1474]: samba_dlz: subtracted rdataset wintst.internal.example.com 'wintst.internal.example.com.#0111200#011IN#011A#011192.168.1.110'
Aug  8 18:54:35 dc1 named[1474]: client 192.168.1.110#57633/key WINTST\$\@INTERNAL.EXAMPLE.COM: updating zone 'internal.example.com/NONE': adding an RR at 'wintst.internal.example.com' A 192.168.1.110
Aug  8 18:54:35 dc1 named[1474]: samba_dlz: added rdataset wintst.internal.example.com 'wintst.internal.example.com.#0111200#011IN#011A#011192.168.1.110'
Aug  8 18:54:35 dc1 named[1474]: samba_dlz: committed transaction on zone internal.example.com

Is there a recommended way to have this work with Zentyal?

I have come across the approach described in the following link, which is probably worth investigating further. But I would like to avoid fighting against Zentyal too much if I can avoid it.
https://wiki.samba.org/index.php/Configure_DHCP_to_update_DNS_records_with_BIND9

Pages: [1]