Samba AD does not create the reverse zone

Come here to share your tips and tricks for using Samba4
Locked
flipflip
Messages: 56
Registration: May 31, 2022 - 09:05

September 29, 2022 - 2:32 PM

Hello everyone,

I'm testing Samba AD and I'm having trouble with the DNS part. I'm using your tutorial: https://samba.tranquil.it/doc/fr/samba_ ... ebian.html

Everything is fine; I can add and remove hosts from my zone, but I realize that the reverse DNS record for this zone hasn't been created. So I create it via the MMC DNS from a Windows machine. Everything is OK, and I add a new A host (toto with IP address 192.168.1.31) to my zone by checking the "Create an associated PTR record pointer" box. I confirm the creation and go to "Reverse Lookup Zones" > 1.168.192.in-addr.arp.arpa, but there's no trace of toto's reverse DNS record.

I can create it manually, but since I was planning to set up DHCP with dynamic DNS updates, it seems necessary that the reverse DNS records update correctly.

Code: Select all

# samba-tool dns zonelist svdom01
Password for [DOMAIN\root]:
  3 zone(s) found

  pszZoneName                 : 1.168.192.in-addr.arpa
  Flags                       : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE 
  ZoneType                    : DNS_ZONE_TYPE_PRIMARY
  Version                     : 50
  dwDpFlags                   : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED 
  pszDpFqdn                   : DomainDnsZones.domaine.fr

  pszZoneName                 : domaine.fr
  Flags                       : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE 
  ZoneType                    : DNS_ZONE_TYPE_PRIMARY
  Version                     : 50
  dwDpFlags                   : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED 
  pszDpFqdn                   : DomainDnsZones.domaine.fr

  pszZoneName                 : _msdcs.domaine.fr
  Flags                       : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE 
  ZoneType                    : DNS_ZONE_TYPE_PRIMARY
  Version                     : 50
  dwDpFlags                   : DNS_DP_AUTOCREATED DNS_DP_FOREST_DEFAULT DNS_DP_ENLISTED 
  pszDpFqdn                   : ForestDnsZones.domaine.fr
Is there a specific configuration?

Thanks in advance.
Philippe.
High
User avatar
dcardon
WAPT Expert
Messages: 1929
Registration: June 18, 2014 - 09:58
Location: Saint Sébastien sur Loire
Contact :
Contact dcardon

October 3, 2022 - 12:08

Automatic PTR creation when generating an A record with RSAT doesn't work with Samba-AD.

That said, PTR registration for DHCP servers without reservations is likely to result in outdated values ​​(scavenging isn't always aggressive enough, and it didn't work well on older versions of Samba).

However, client machine registration should be automatic; it's not DHCP's responsibility (servers have the default right to create an A record with their name). Nevertheless, this feature introduces its own security issues, and I recommend disabling it.

Sincerely,

Denis
Denis Cardon - Tranquil IT
Share your experiences on WAPT! Send us your blog and article URLs in the "Your Opinion of the forum, and we'll feature them on the WAPT
High
flipflip
Messages: 56
Registration: May 31, 2022 - 09:05

October 4, 2022 - 8:47 AM

The automatic creation of the PTR when generating an A entry with RSAT does not work with Samba-AD.
And does it work with sambatools?
That said, PTR registration for DHCP hosts without reservation may often have values ​​that are no longer up to date (scavenging is not necessarily aggressive enough, and it did not work well on older versions of Samba).
I'm setting up DHCP reservations for user workstations and printers. My idea was to only have to manage the reservations in DHCP and no longer have to worry about IPs in DNS, except for machines with static IPs.

Thank you for your answers.
Philippe.
High
Locked

Return to "Tips and Tricks"


  • To go further with WAPT