Re: [Samba] V4 - New Install - Missing Zone File

[Jeremy Davis]

Hello Amitay,

On 02/22/2012 02:34 PM, Amitay Isaacs wrote:
Hi Jeremy,
That error message needs to be fixed. :)

Looks like "nsupdate" command is not in the path. samba_dnsupdate
script uses nsupdate to dynamically update DNS entries.

Try adding "nsupdate command = /path/to/nsupdate" in smb.conf.

Amitay.


Thank you SO MUCH for getting me this far!! :) That looks like it fixed 
that issue but I have now ran into a denied error message for bind. 
Below you can find my logs for both samba_dnsupdate and bind. Seems like 
the dns.keytab file is not correct or something. I have tried to put 
allow-update { 192.168.30.1; } in my options section of my named.conf 
with no luck.

samba-dnsupdate:

IPs: ['2002:4b46:c8ad:0:a00:27ff:fe14:5491', 
'fe80::a00:27ff:fe14:5491%eth0', 'fe80::a00:27ff:fee5:5840%eth1', 
'192.168.7.30', '192.168.30.1']
Looking for DNS entry A bob-dc.com 192.168.7.30 as bob-dc.com.
Looking for DNS entry A dc1.bob-dc.com 192.168.7.30 as dc1.bob-dc.com.
Looking for DNS entry AAAA bob-dc.com 
2002:4b46:c8ad:0:a00:27ff:fe14:5491 as bob-dc.com.
Failed to find matching DNS entry AAAA bob-dc.com 
2002:4b46:c8ad:0:a00:27ff:fe14:5491
Looking for DNS entry AAAA dc1.bob-dc.com 
2002:4b46:c8ad:0:a00:27ff:fe14:5491 as dc1.bob-dc.com.
Failed to find matching DNS entry AAAA dc1.bob-dc.com 
2002:4b46:c8ad:0:a00:27ff:fe14:5491
Looking for DNS entry A gc._msdcs.bob-dc.com 192.168.7.30 as 
gc._msdcs.bob-dc.com.
Looking for DNS entry AAAA gc._msdcs.bob-dc.com 
2002:4b46:c8ad:0:a00:27ff:fe14:5491 as gc._msdcs.bob-dc.com.
Failed to find matching DNS entry AAAA gc._msdcs.bob-dc.com 
2002:4b46:c8ad:0:a00:27ff:fe14:5491
Looking for DNS entry CNAME 
48c0fc0c-dcc1-425d-bcb2-a229d40ab48c._msdcs.bob-dc.com dc1.bob-dc.com as 
48c0fc0c-dcc1-425d-bcb2-a229d40ab48c._msdcs.bob-dc.com.
Looking for DNS entry SRV _kpasswd._tcp.bob-dc.com dc1.bob-dc.com 464 as 
_kpasswd._tcp.bob-dc.com.
Checking 0 100 464 dc1.bob-dc.com. against SRV _kpasswd._tcp.bob-dc.com 
dc1.bob-dc.com 464
Looking for DNS entry SRV _kpasswd._udp.bob-dc.com dc1.bob-dc.com 464 as 
_kpasswd._udp.bob-dc.com.
Checking 0 100 464 dc1.bob-dc.com. against SRV _kpasswd._udp.bob-dc.com 
dc1.bob-dc.com 464
Looking for DNS entry SRV _kerberos._tcp.bob-dc.com dc1.bob-dc.com 88 as 
_kerberos._tcp.bob-dc.com.
Checking 0 100 88 dc1.bob-dc.com. against SRV _kerberos._tcp.bob-dc.com 
dc1.bob-dc.com 88
Looking for DNS entry SRV _kerberos._tcp.dc._msdcs.bob-dc.com 
dc1.bob-dc.com 88 as _kerberos._tcp.dc._msdcs.bob-dc.com.
Checking 0 100 88 dc1.bob-dc.com. against SRV 
_kerberos._tcp.dc._msdcs.bob-dc.com dc1.bob-dc.com 88
Looking for DNS entry SRV 
_kerberos._tcp.default-first-site-name._sites.bob-dc.com dc1.bob-dc.com 
88 as _kerberos._tcp.default-first-site-name._sites.bob-dc.com.
Checking 0 100 88 dc1.bob-dc.com. against SRV 
_kerberos._tcp.default-first-site-name._sites.bob-dc.com dc1.bob-dc.com 88
Looking for DNS entry SRV 
_kerberos._tcp.default-first-site-name._sites.dc._msdcs.bob-dc.com 
dc1.bob-dc.com 88 as 
_kerberos._tcp.default-first-site-name._sites.dc._msdcs.bob-dc.com.
Checking 0 100 88 dc1.bob-dc.com. against SRV 
_kerberos._tcp.default-first-site-name._sites.dc._msdcs.bob-dc.com 
dc1.bob-dc.com 88
Looking for DNS entry SRV _kerberos._udp.bob-dc.com dc1.bob-dc.com 88 as 
_kerberos._udp.bob-dc.com.
Checking 0 100 88 dc1.bob-dc.com. against SRV _kerberos._udp.bob-dc.com 
dc1.bob-dc.com 88
Looking for DNS entry SRV _ldap._tcp.bob-dc.com dc1.bob-dc.com 389 as 
_ldap._tcp.bob-dc.com.
Checking 0 100 389 dc1.bob-dc.com. against SRV _ldap._tcp.bob-dc.com 
dc1.bob-dc.com 389
Looking for DNS entry SRV _ldap._tcp.dc._msdcs.bob-dc.com dc1.bob-dc.com 
389 as _ldap._tcp.dc._msdcs.bob-dc.com.
Checking 0 100 389 dc1.bob-dc.com. against SRV 
_ldap._tcp.dc._msdcs.bob-dc.com dc1.bob-dc.com 389
Looking for DNS entry SRV _ldap._tcp.gc._msdcs.bob-dc.com dc1.bob-dc.com 
3268 as _ldap._tcp.gc._msdcs.bob-dc.com.
Checking 0 100 3268 dc1.bob-dc.com. against SRV 
_ldap._tcp.gc._msdcs.bob-dc.com dc1.bob-dc.com 3268
Looking for DNS entry SRV _ldap._tcp.pdc._msdcs.bob-dc.com 
dc1.bob-dc.com 389 as _ldap._tcp.pdc._msdcs.bob-dc.com.
Checking 0 100 389 dc1.bob-dc.com. against SRV 
_ldap._tcp.pdc._msdcs.bob-dc.com dc1.bob-dc.com 389
Looking for DNS entry SRV 
_ldap._tcp.default-first-site-name._sites.bob-dc.com dc1.bob-dc.com 389 
as _ldap._tcp.default-first-site-name._sites.bob-dc.com.
Checking 0 100 389 dc1.bob-dc.com. against SRV 
_ldap._tcp.default-first-site-name._sites.bob-dc.com dc1.bob-dc.com 389
Looking for DNS entry SRV 
_ldap._tcp.default-first-site-name._sites.dc._msdcs.bob-dc.com 
dc1.bob-dc.com 389 as 
_ldap._tcp.default-first-site-name._sites.dc._msdcs.bob-dc.com.
Checking 0 100 389 dc1.bob-dc.com. against SRV 
_ldap._tcp.default-first-site-name._sites.dc._msdcs.bob-dc.com 
dc1.bob-dc.com 389
Looking for DNS entry SRV 
_ldap._tcp.default-first-site-name._sites.gc._msdcs.bob-dc.com 
dc1.bob-dc.com 3268 as 
_ldap._tcp.default-first-site-name._sites.gc._msdcs.bob-dc.com.
Checking 0 100 3268 dc1.bob-dc.com. against SRV 
_ldap._tcp.default-first-site-name._sites.gc._msdcs.bob-dc.com 
dc1.bob-dc.com 3268
Looking for DNS entry SRV 
_ldap._tcp.2d1290ec-d837-4f59-8730-9deb5078c8f0.domains._msdcs.bob-dc.com dc1.bob-dc.com 
389 as 
_ldap._tcp.2d1290ec-d837-4f59-8730-9deb5078c8f0.domains._msdcs.bob-dc.com.
Checking 0 100 389 dc1.bob-dc.com. against SRV 
_ldap._tcp.2d1290ec-d837-4f59-8730-9deb5078c8f0.domains._msdcs.bob-dc.com dc1.bob-dc.com 
389
Looking for DNS entry SRV _gc._tcp.bob-dc.com dc1.bob-dc.com 3268 as 
_gc._tcp.bob-dc.com.
Checking 0 100 3268 dc1.bob-dc.com. against SRV _gc._tcp.bob-dc.com 
dc1.bob-dc.com 3268
Looking for DNS entry SRV 
_gc._tcp.default-first-site-name._sites.bob-dc.com dc1.bob-dc.com 3268 
as _gc._tcp.default-first-site-name._sites.bob-dc.com.
Checking 0 100 3268 dc1.bob-dc.com. against SRV 
_gc._tcp.default-first-site-name._sites.bob-dc.com dc1.bob-dc.com 3268
Looking for DNS entry A bob-dc.com 192.168.30.1 as bob-dc.com.
Failed to find matching DNS entry A bob-dc.com 192.168.30.1
Looking for DNS entry A dc1.bob-dc.com 192.168.30.1 as dc1.bob-dc.com.
Failed to find matching DNS entry A dc1.bob-dc.com 192.168.30.1
Looking for DNS entry A gc._msdcs.bob-dc.com 192.168.30.1 as 
gc._msdcs.bob-dc.com.
Failed to find matching DNS entry A gc._msdcs.bob-dc.com 192.168.30.1
Calling nsupdate for AAAA bob-dc.com 2002:4b46:c8ad:0:a00:27ff:fe14:5491
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
bob-dc.com.        900    IN    AAAA    2002:4b46:c8ad:0:a00:27ff:fe14:5491

update failed: REFUSED
Failed nsupdate: 2
Calling nsupdate for AAAA dc1.bob-dc.com 2002:4b46:c8ad:0:a00:27ff:fe14:5491
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
dc1.bob-dc.com.    900    IN    AAAA    2002:4b46:c8ad:0:a00:27ff:fe14:5491

update failed: REFUSED
Failed nsupdate: 2
Calling nsupdate for AAAA gc._msdcs.bob-dc.com 
2002:4b46:c8ad:0:a00:27ff:fe14:5491
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
gc._msdcs.bob-dc.com.    900    IN    AAAA    
2002:4b46:c8ad:0:a00:27ff:fe14:5491

update failed: REFUSED
Failed nsupdate: 2
Calling nsupdate for A bob-dc.com 192.168.30.1
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
bob-dc.com.        900    IN    A    192.168.30.1

update failed: REFUSED
Failed nsupdate: 2
Calling nsupdate for A dc1.bob-dc.com 192.168.30.1
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
dc1.bob-dc.com.    900    IN    A    192.168.30.1

update failed: REFUSED
Failed nsupdate: 2
Calling nsupdate for A gc._msdcs.bob-dc.com 192.168.30.1
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
gc._msdcs.bob-dc.com.    900    IN    A    192.168.30.1

update failed: REFUSED
Failed nsupdate: 2
Failed update of 6 entries



bind logs:

Feb 22 21:23:19 dc1 named[2056]: starting BIND 9.8.1-P1 -u named
Feb 22 21:23:19 dc1 named[2056]: built with 
'--with-gssapi=/usr/include/gssapi' '--with-dlopen=yes'
Feb 22 21:23:19 dc1 named[2056]: using up to 4096 sockets
Feb 22 21:23:19 dc1 named[2056]: loading configuration from 
'/etc/named.conf'
Feb 22 21:23:19 dc1 named[2056]: reading built-in trusted keys from file 
'/etc/named.iscdlv.key'
Feb 22 21:23:19 dc1 named[2056]: using default UDP/IPv4 port range: 
[1024, 65535]
Feb 22 21:23:19 dc1 named[2056]: using default UDP/IPv6 port range: 
[1024, 65535]
Feb 22 21:23:19 dc1 named[2056]: listening on IPv4 interface lo, 
127.0.0.1#53
Feb 22 21:23:19 dc1 named[2056]: listening on IPv4 interface eth1, 
192.168.30.1#53
Feb 22 21:23:19 dc1 named[2056]: generating session key for dynamic DNS
Feb 22 21:23:19 dc1 named[2056]: sizing zone task pool based on 6 zones
Feb 22 21:23:19 dc1 named[2056]: Loading 'AD DNS Zone' using driver dlopen
Feb 22 21:23:19 dc1 named[2056]: samba_dlz: started for DN DC=bob-dc,DC=com
Feb 22 21:23:19 dc1 named[2056]: samba_dlz: starting configure
Feb 22 21:23:19 dc1 named[2056]: samba_dlz: configured writeable zone 
'bob-dc.com'
Feb 22 21:23:19 dc1 named[2056]: samba_dlz: configured writeable zone 
'_msdcs.bob-dc.com'
Feb 22 21:23:19 dc1 named[2056]: using built-in DLV key for view _default
Feb 22 21:23:19 dc1 named[2056]: set up managed keys zone for view 
_default, file 'managed-keys.bind'
Feb 22 21:23:19 dc1 named[2056]: Warning: 
'empty-zones-enable/disable-empty-zone' not set: disabling RFC 1918 
empty zones
Feb 22 21:23:19 dc1 named[2056]: automatic empty zone: 127.IN-ADDR.ARPA
Feb 22 21:23:19 dc1 named[2056]: automatic empty zone: 254.169.IN-ADDR.ARPA
Feb 22 21:23:19 dc1 named[2056]: automatic empty zone: 2.0.192.IN-ADDR.ARPA
Feb 22 21:23:19 dc1 named[2056]: automatic empty zone: 
100.51.198.IN-ADDR.ARPA
Feb 22 21:23:19 dc1 named[2056]: automatic empty zone: 
113.0.203.IN-ADDR.ARPA
Feb 22 21:23:19 dc1 named[2056]: automatic empty zone: 
255.255.255.255.IN-ADDR.ARPA
Feb 22 21:23:19 dc1 named[2056]: automatic empty zone: 
0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Feb 22 21:23:19 dc1 named[2056]: automatic empty zone: D.F.IP6.ARPA
Feb 22 21:23:19 dc1 named[2056]: automatic empty zone: 8.E.F.IP6.ARPA
Feb 22 21:23:19 dc1 named[2056]: automatic empty zone: 9.E.F.IP6.ARPA
Feb 22 21:23:19 dc1 named[2056]: automatic empty zone: A.E.F.IP6.ARPA
Feb 22 21:23:19 dc1 named[2056]: automatic empty zone: B.E.F.IP6.ARPA
Feb 22 21:23:19 dc1 named[2056]: automatic empty zone: 
8.B.D.0.1.0.0.2.IP6.ARPA
Feb 22 21:23:19 dc1 named[2056]: zone 'version.bind' allows updates by 
IP address, which is insecure
Feb 22 21:23:19 dc1 named[2056]: zone 'hostname.bind' allows updates by 
IP address, which is insecure
Feb 22 21:23:19 dc1 named[2056]: zone 'authors.bind' allows updates by 
IP address, which is insecure
Feb 22 21:23:19 dc1 named[2056]: zone 'id.server' allows updates by IP 
address, which is insecure
Feb 22 21:23:19 dc1 named[2056]: none:0: open: /etc/rndc.key: file not found
Feb 22 21:23:19 dc1 named[2056]: couldn't add command channel 
127.0.0.1#953: file not found
Feb 22 21:23:19 dc1 named[2056]: none:0: open: /etc/rndc.key: file not found
Feb 22 21:23:19 dc1 named[2056]: couldn't add command channel ::1#953: 
file not found
Feb 22 21:23:19 dc1 named[2056]: zone 0.in-addr.arpa/IN: loaded serial 0
Feb 22 21:23:19 dc1 named[2056]: zone 1.0.0.127.in-addr.arpa/IN: loaded 
serial 0
Feb 22 21:23:19 dc1 named[2056]: zone 
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: 
loaded serial 0
Feb 22 21:23:19 dc1 named[2056]: zone localhost.localdomain/IN: loaded 
serial 0
Feb 22 21:23:19 dc1 named[2056]: zone localhost/IN: loaded serial 0
Feb 22 21:23:19 dc1 named[2056]: managed-keys-zone ./IN: loaded serial 16
Feb 22 21:23:19 dc1 named[2056]: running
Feb 22 21:23:28 dc1 named[2056]: samba_dlz: starting transaction on zone 
bob-dc.com
Feb 22 21:23:28 dc1 named[2056]: client 192.168.30.1#45504: update 
'bob-dc.com/IN' denied
Feb 22 21:23:28 dc1 named[2056]: samba_dlz: cancelling transaction on 
zone bob-dc.com
Feb 22 21:23:28 dc1 named[2056]: samba_dlz: starting transaction on zone 
bob-dc.com
Feb 22 21:23:28 dc1 named[2056]: client 192.168.30.1#41901: update 
'bob-dc.com/IN' denied
Feb 22 21:23:28 dc1 named[2056]: samba_dlz: cancelling transaction on 
zone bob-dc.com
Feb 22 21:23:28 dc1 named[2056]: samba_dlz: starting transaction on zone 
_msdcs.bob-dc.com
Feb 22 21:23:28 dc1 named[2056]: client 192.168.30.1#59747: update 
'_msdcs.bob-dc.com/IN' denied
Feb 22 21:23:28 dc1 named[2056]: samba_dlz: cancelling transaction on 
zone _msdcs.bob-dc.com
Feb 22 21:23:28 dc1 named[2056]: samba_dlz: starting transaction on zone 
bob-dc.com
Feb 22 21:23:28 dc1 named[2056]: client 192.168.30.1#18063: update 
'bob-dc.com/IN' denied
Feb 22 21:23:28 dc1 named[2056]: samba_dlz: cancelling transaction on 
zone bob-dc.com
Feb 22 21:23:28 dc1 named[2056]: samba_dlz: starting transaction on zone 
bob-dc.com
Feb 22 21:23:28 dc1 named[2056]: client 192.168.30.1#54684: update 
'bob-dc.com/IN' denied
Feb 22 21:23:28 dc1 named[2056]: samba_dlz: cancelling transaction on 
zone bob-dc.com
Feb 22 21:23:28 dc1 named[2056]: samba_dlz: starting transaction on zone 
_msdcs.bob-dc.com
Feb 22 21:23:28 dc1 named[2056]: client 192.168.30.1#20486: update 
'_msdcs.bob-dc.com/IN' denied
Feb 22 21:23:28 dc1 named[2056]: samba_dlz: cancelling transaction on 
zone _msdcs.bob-dc.com



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba