Hello,
I’m not sure if this belongs here but I was not sure if I should ask this on the samba mailing list. It’s probably a misunderstanding but I hope someone could clarify this for me.
So I have a couple of samba clients in an Active Directory Domain. DNS requests and registration on domain join works great but the DNS entries never get renewed. I can manually update the DNS entry just fine with
net ads dns register
. So after some time the DNS entry expires.
So I’m not sure if automatically refreshing DNS entries (on IP-Adress change or when the entry expires) is something that samba is supposed to do or if I need another program or write a service to do so.
I tried / checked following smb.conf settings on a client:
allow dns update = nonsecure
but I think it only applies to servers.
I checked if the
nsupdate command
has the correct path (I checked if the default settings is correct).
I also checked the
dns update command
and found that the default settings is not correct (samba_dnsupdate not available on clients). But I also think it only applies to servers, so I’m not sure. I haven’t tried setting it to
net ads dns register
because I don’t know how to set it correctly.
I’m using version 4.15.5 of samba but I have this problem on several machines running different versions.
Kind regards,
Nico
I forgot to mention that I increased the loglevel for dns to 5. I hoped to see some logs if dns updates fails. Unfortunately I couldn’t find any logs regarding dns in the corresponding log files. Which is why I’m not sure if samba clients actually do dns updates.
Because I couldn’t find a solution, I created a systemd service to update the DNS entry every eight hours. However I’m not quite satisfied with this solution. The DNS entry is updated to often which is unnecessary. This causes quite a bit of stress on the DNS servers when there are a couple of hundred clients. The other problem is that on an IP-Address change, the DNS record is not updated. Systemd does not provide a trigger for that as far as I know. So the record will be updated on next boot or within the next eight hours.
For anyone who has the same problem. These are the files for the systemd service.
dns-register.service
[Unit]
Description=Register DNS
[Service]
Type=oneshot
ExecStart="path to the script"/dns-register.sh
**dns-register.timer
**
[Unit]
Description=Trigger for DNS Register
Requires=network.target
Requires=kinit.service
[Timer]
OnStartupSec=5min
OnUnitActiveSec=8h
Unit=dns-register.service
[Install]
WantedBy=default.target
dns-register.sh
#!/bin/sh
net ads dns register
If someone knows a better solution, please let me know.
This solution also requires a domain user to register the DNS entry. I couldn’t figure out how to use the computer account. Which is why the timer requires a “kinit.service”. This service creates and updates a kerberos ticket to authenticate the user.
This could be a potential security risk, so again other solutions are welcome.
Hello,
I’m not sure if this belongs here but I was not sure if I should ask this on the samba mailing list. It’s probably a misunderstanding but I hope someone could clarify this for me.
Yes, probably a good idea to discuss on the samba mailing list. Not openSUSE-specific.
Not sure if this answers any questions for you…
https://wiki.samba.org/index.php/DNS_Administration