Tranquil IT Forum

Published: **September 29, 2022 - 2:32 PM**

Hello everyone,

I'm testing Samba AD and I'm having trouble with the DNS part. I'm using your tutorial: https://samba.tranquil.it/doc/fr/samba_ ... ebian.html

Everything is fine; I can add and remove hosts from my zone, but I realize that the reverse DNS record for this zone hasn't been created. So I create it via the MMC DNS from a Windows machine. Everything is OK, and I add a new A host (toto with IP address 192.168.1.31) to my zone by checking the "Create an associated PTR record pointer" box. I confirm the creation and go to "Reverse Lookup Zones" > 1.168.192.in-addr.arp.arpa, but there's no trace of toto's reverse DNS record.

I can create it manually, but since I was planning to set up DHCP with dynamic DNS updates, it seems necessary that the reverse DNS records update correctly.

Code: Select all

# samba-tool dns zonelist svdom01
Password for [DOMAIN\root]:
  3 zone(s) found

  pszZoneName                 : 1.168.192.in-addr.arpa
  Flags                       : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE 
  ZoneType                    : DNS_ZONE_TYPE_PRIMARY
  Version                     : 50
  dwDpFlags                   : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED 
  pszDpFqdn                   : DomainDnsZones.domaine.fr

  pszZoneName                 : domaine.fr
  Flags                       : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE 
  ZoneType                    : DNS_ZONE_TYPE_PRIMARY
  Version                     : 50
  dwDpFlags                   : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED 
  pszDpFqdn                   : DomainDnsZones.domaine.fr

  pszZoneName                 : _msdcs.domaine.fr
  Flags                       : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE 
  ZoneType                    : DNS_ZONE_TYPE_PRIMARY
  Version                     : 50
  dwDpFlags                   : DNS_DP_AUTOCREATED DNS_DP_FOREST_DEFAULT DNS_DP_ENLISTED 
  pszDpFqdn                   : ForestDnsZones.domaine.fr

Is there a specific configuration?

Thanks in advance.
Philippe.

Published: **October 3, 2022 - 12:08 PM**

Automatic PTR creation when generating an A record with RSAT doesn't work with Samba-AD.

That said, PTR registration for DHCP servers without reservations is likely to result in outdated values (scavenging isn't always aggressive enough, and it didn't work well on older versions of Samba).

However, client machine registration should be automatic; it's not DHCP's responsibility (servers have the default right to create an A record with their name). Nevertheless, this feature introduces its own security issues, and I recommend disabling it.

Sincerely,

Denis

Published: **October 4, 2022 - 8:47 AM**

The automatic creation of the PTR when generating an A entry with RSAT does not work with Samba-AD.

And does it work with sambatools?

That said, PTR registration for DHCP hosts without reservation may often have values that are no longer up to date (scavenging is not necessarily aggressive enough, and it did not work well on older versions of Samba).

I'm setting up DHCP reservations for user workstations and printers. My idea was to only have to manage the reservations in DHCP and no longer have to worry about IPs in DNS, except for machines with static IPs.

Thank you for your answers.
Philippe.

Tranquil IT Forum

Samba AD does not create the reverse zone

Samba AD does not create the reverse zone

Re: Samba AD is not creating the reverse zone

Re: Samba AD is not creating the reverse zone