Web lists-archives.com

Re: [Samba] client @0x7f6ed800bc20 172.16.5.86#62582: update 'campus.company.intra/IN' denied




On Mon, 2 Jul 2018 14:22:36 -0300
Elias Pereira via samba <samba@xxxxxxxxxxxxxxx> wrote:

> >
> > I repeat, Bind 9.12.x is unsupported at this time, just because it
> > worked once is no reason to use it. It may have nothing to do with
> > your problem, but using a supported Bind version will rule it out.
> 
> 
> Ok. :)
> 
> I'll reinstall using supported version 9.11.3-2
> 
> OK, your server, but I think you should be aware that I have been
> using
> > Bind9 with Samba since December 2012 and I have never used the
> > rndc.key
> 
> 
> Without these entries, the error below always appears in the logs.
> 
> Jul  2 12:37:23 dc3 named[20416]: configuring command channel from
> '/etc/bind/rndc.key'
> Jul  2 12:37:23 dc3 named[20416]: couldn't add command
> channel ::1#953: address not available
> 

okay, perhaps I should have said that I have never had any mention of
rndc.key in the bind conf files. I use Devuan and this splits the named
conf files into separate parts, I only alter two of these:

/etc/bind/named.conf.options

options {
        directory "/var/cache/bind";
        version "0.0.7";

        forwarders { 8.8.8.8; 8.8.4.4; };

        dnssec-validation no;

        auth-nxdomain yes;    # conform to RFC1035 =no
        listen-on-v6 { none; };
        listen-on port 53 { 192.168.0.6; 127.0.0.1; };
        notify no;
        empty-zones-enable no;

        //  Add any subnets or hosts you want to allow to use this DNS server
        allow-query { 192.168.0.0/24; 127.0.0.1/32; };
        //  Add any subnets or hosts you want to allow to use recursive queries
        allow-recursion {  192.168.0.0/24; 127.0.0.1/32; };

        tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
};


/etc/bind/named.conf.local

include "/var/lib/samba/private/named.conf";

When I restart Bind9, I get (amongst the other lines) these lines
in /var/log/syslog

Jul  2 18:32:57 dc4 named[3133]: set up managed keys zone for view _default, file 'managed-keys.bind'
Jul  2 18:32:57 dc4 named[3133]: configuring command channel from '/etc/bind/rndc.key'
Jul  2 18:32:57 dc4 named[3133]: command channel listening on 127.0.0.1#953
Jul  2 18:32:57 dc4 named[3133]: configuring command channel from '/etc/bind/rndc.key'
Jul  2 18:32:57 dc4 named[3133]: command channel listening on ::1#953

So I don't have the lines in the named conf files but it is still used,
you need to find out why it doesn't work for you.

> 
> Client update denied error still remains in the logs.

I don't know what error you are getting, even if you have posted it,
can you post the full error. Can you please post all the lines from
syslog around the error and not just the error.

> 
> Does this error interfere with client updates with ADDC or is this
> something with bind?

No, the rndc error is for the command channel and I am sure this isn't
affecting updates.

Rowland
 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba