Am 20.03.2012 19:20, schrieb Charles Tryon: > Hi Andreas, > > Yes, I did a lot of work trying to get that script working (along with a > bunch of other people on that discussion thread). I have it mostly > functional, but have largely backed away from that approach, since it runs > against what appears to be the more accepted policy of letting the machines > (in particular, the Windows machines) do their own secure update of the DNS > records. The unfortunate part is that the Linux clients don't seem to have > a way to do this by default. I have no idea how the Mac machines handle > their DNS once they get a DHCP response. Servers, which mostly use static > IP assignments, are a moot point, since I can just manually create the DNS > records and be done with it. > > The issue is the fact that DNS remembers "who" created (owns) the DNS > record, and based on that ownership, who it will allow to change it. If it > is created by some dhcpd initiated transaction, then the Windows client > itself is not allowed to update the record in the future. > > My feeling at this point is to try to follow the Windows Way for the time > being (since that's the bulk of the machines on the network), and handle > the few Linux clients (oddballs like myself) as special cases. We also use > DHCP reservations based on the machine's MAC address, so largely it's a > non-issue. (Or, at least I've got bigger fish to fry first before I go > back and make sure the DHCP/DLZ behavior is tidy.) > > > > On Sun, Mar 18, 2012 at 3:38 AM, Andreas Oster <aos...@novanetwork.de>wrote: > >> Am 17.03.2012 21:06, schrieb Matthieu Patou: >>> On 03/17/2012 10:00 AM, Andreas Oster wrote: >>>> Hello all, >>>> >>>> I have set up a samba4 server with bind9 and the bind_dlz module. >>>> Everything is working as it should but now I need to allow the dhcp >>>> server to add entries to the forwarding zone. Has anybody implemented >>>> such a configuration ? Can this be done with the kerberos DNS dynamic >>>> update configuration. >>> I had it working with flat file backend. >>> I think that the way dhcp and bind do their DDNS is different form the >>> way windows do it's DDNS, as far as I know dlz_plugin only support the >>> later one so far. >>> >>>> I want to achieve the following: >>>> >>>> 1) allow non-Windows machines (printers, ILO ...) to be added by dhcpd >>>> 2) allow Windows machines (joined to AD) to update their own entries >>>> >>>> 2 - already works with the configuration from samba wiki >>>> >>> I put our DNS experts in direct copy maybe then can advise you better >>> than I. >>> >> Hello Mattieu, >> >> thank you for you answer. I searched the web allot, but the >> only useful stuff I found was a script by Michael Kuron which >> has been slightly modified by Charles Tryon but I have no >> clue how to integrate this with bind9 dlz, see: >> >> >> http://blog.michael.kuron-germany.de/2011/02/isc-dhcpd-dynamic-dns-updates-against-secure-microsoft-dns/ >> >> It would be great if someone could help me with the DDNS setup. >> >> best regards >> >> Andreas >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> > > > Hello Charles,
first I would like to thank you for this great script. For our small network,50 or so clients, I modified your script just a little. I have added an additional name comparison to check if the name contains a special string ( in our case all Windows workstations are named like DOMAINNAME+WS+Number) and if it does just exit the script. This way I do not get the ownership issue. All other machines either do have static IPs or are not members in the AD. Thanks best regards Andreas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
