Am 19.03.2012 01:31, schrieb Amitay Isaacs: > Hi Andreas, > > On Sun, Mar 18, 2012 at 7:06 AM, Matthieu Patou <m...@samba.org> wrote: >> On 03/17/2012 10:00 AM, Andreas Oster wrote: >>> >>> Hello all, >>> >>> I have set up a samba4 server with bind9 and the bind_dlz module. >>> Everything is working as it should but now I need to allow the dhcp >>> server to add entries to the forwarding zone. Has anybody implemented >>> such a configuration ? Can this be done with the kerberos DNS dynamic >>> update configuration. >> >> I had it working with flat file backend. >> I think that the way dhcp and bind do their DDNS is different form the way >> windows do it's DDNS, as far as I know dlz_plugin only support the later one >> so far. >> >>> I want to achieve the following: >>> >>> 1) allow non-Windows machines (printers, ILO ...) to be added by dhcpd > > You need to configure secure updates from dhcpd as dlz_bind9 plugin > only supports secure dynamic updates. Following link might help to set > up secure dynamic updates from dhcpd. > > http://blog.michael.kuron-germany.de/2011/02/isc-dhcpd-dynamic-dns-updates-against-secure-microsoft-dns/ > >>> 2) allow Windows machines (joined to AD) to update their own entries >>> >>> 2 - already works with the configuration from samba wiki > > This should work automatically with the current master. But remember > that if you update a DNS entry for windows machine through DHCP, then > the windows machine itself may not be able to update its own entry > because of the ACLs. > > Amitay.
Hello Amitay, with your great work on the samba_upgradedns script I was able to move my flatfile bind9 config to the DLZ backend, but realized afterwards that I was no longer able to add DNS entries via dhcpd. Luckily I have found Charles Tryon's script on the web and managed to setup secure dynamic updates from dhcpd to bind9. To circumvent the problem with windows machines being unable to update their own records, I have modified the script to exclude those machines from being added to the DNS database by dhcpd. This was easy, because in our setup Windows machines are all named the same way DOMAIN+WS+NUMBER. Thanks best regards Andreas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
