55700 2025-08-22 18:55:42 +0300 samba-winbind-dnsupdate: Не удаётся обновить PTR-записи (IPv4 и IPv6) при использовании BIND9_DLZ DNS на DC: not authoritative for update zone (NOTAUTH) 2025-08-22 18:55:42 +0300 1 1 4 Development Sisyphus samba-winbind-dnsupdate unstable x86_64 Linux NEW https://bugzilla.altlinux.org/show_bug.cgi?id=36563 P5 normal --- 1 varaksaaa liannnix liannnix qa-sisyphus oldest_to_newest 271298 0 varaksaaa 2025-08-22 18:55:42 +0300 Шаги ==== 1. Развернуть Samba DC с BIND9_DLZ DNS (ALT Server 11.0 x86_64 minimal) и (необязательно) реплику к нему. /etc/bind/options.conf: > options { > forward first; > forwarders { <upstream-dns-ipv4>; }; > version "unknown"; > directory "/etc/bind/zone"; > pid-file "none"; > dump-file "/var/run/named_dump.db"; > statistics-file "/var/run/named.stats"; > recursing-file "/var/run/recursing"; > tkey-gssapi-keytab "/var/lib/samba/bind-dns/dns.keytab"; > minimal-responses yes; > listen-on { any; }; > allow-query { localnets; <client-dc-ipv4-subnet>; }; > allow-recursion { localnets; <client-dc-ipv4-subnet>; }; > # include "/etc/bind/resolvconf-options.conf"; > max-cache-ttl 86400; > }; > logging { > category lame-servers {null;}; > }; 2. Ввести клиентов с помощью команды вида: # system-auth write ad "SAMBA.TESTDOMAIN" "client" "SAMBA" "Administrator" "Pa##word" --winbind 3. # winbind-dnsupdate --allow-ipv4-ptr-update 4. # winbind-dnsupdate --allow-ipv6-ptr-update Фактический результат ===================== 3. IPv4: > [INFO]: Hostname: client.samba.testdomain. > [INFO]: Check winbind status. > [INFO]: Winbind is running. Continue. > [INFO]: Trying to get the site name. > [INFO]: Site: Default-First-Site-Name. > [INFO]: Get host credentials. > [INFO]: Retrieving host credentials successfully. > [INFO]: Trying to get a list of domain controllers in site. > [INFO]: Success. > [INFO]: Trying to find an available DNS server. > [INFO]: Checking the availability of DNS server on dc2.samba.testdomain.. > [ERROR]: DNS server on dc2.samba.testdomain. not responding. > [INFO]: Checking the availability of DNS server on dc.samba.testdomain.. > [INFO]: DNS server on dc.samba.testdomain. available. > [INFO]: Update IPv4. > [INFO]: Trying to get IPv4 address of a domain controller. > [INFO]: Successful. DC info: > [INFO]: Domain controller name: dc.samba.testdomain. > [INFO]: Domain controller IPv4: <dc-ipv4>. > [INFO]: Trying parse connection interface name. > [INFO]: Successful. Interface name: ens19. > [INFO]: Checking the existence of A record. > [INFO]: IPv4 record exists. > [INFO]: Checking the existence of a PTR record. > [INFO]: PTR record not exists. > [INFO]: Checking whether the IPv4 records needs to be updated. > [INFO]: Current IPv4 address: <client-ipv4>. > [INFO]: IPv4 address in DNS server: <client-ipv4>. > [INFO]: The IPv4 address of interface ens19 has not been changed. > [INFO]: The update IPv4 was skipped. > [INFO]: The PTR record does not exist but IPv4 not changed and PTR record update enable. > [INFO]: Start IPv4 PTR record registration. > [ERROR]: Nsupdate error. > [ERROR]: update failed: NOTAUTH > [ERROR]: IPv4 PTR record update failed. > dc.samba.testdomain named[1086]: client @0x7fe3eec2d498 <client-ipv6>#37789/key CLIENT\$\@SAMBA.TESTDOMAIN: update failed: <reverse-ipv4(3-octets)>.in-addr.arpa: not authoritative for update zone (NOTAUTH) 4. IPv6: > [INFO]: Hostname: client.samba.testdomain. > [INFO]: Check winbind status. > [INFO]: Winbind is running. Continue. > [INFO]: Trying to get the site name. > [INFO]: Site: Default-First-Site-Name. > [INFO]: Get host credentials. > [INFO]: Retrieving host credentials successfully. > [INFO]: Trying to get a list of domain controllers in site. > [INFO]: Success. > [INFO]: Trying to find an available DNS server. > [INFO]: Checking the availability of DNS server on dc2.samba.testdomain.. > [ERROR]: DNS server on dc2.samba.testdomain. not responding. > [INFO]: Checking the availability of DNS server on dc.samba.testdomain.. > [INFO]: DNS server on dc.samba.testdomain. available. > [INFO]: Update IPv4. > [INFO]: Trying to get IPv4 address of a domain controller. > [INFO]: Successful. DC info: > [INFO]: Domain controller name: dc.samba.testdomain. > [INFO]: Domain controller IPv4: <dc-ipv4>. > [INFO]: Trying parse connection interface name. > [INFO]: Successful. Interface name: ens19. > [INFO]: Checking the existence of A record. > [INFO]: IPv4 record exists. > [INFO]: Checking whether the IPv4 records needs to be updated. > [INFO]: Current IPv4 address: <client-ipv4>. > [INFO]: IPv4 address in DNS server: <client-ipv4>. > [INFO]: The IPv4 address of interface ens19 has not been changed. > [INFO]: The update IPv4 was skipped. > [INFO]: IPv4 update was successful. > [INFO]: Update IPv6. > [INFO]: Trying to get IPv6 address of a domain controller. > [INFO]: Successful. DC info: > [INFO]: Domain controller name: dc.samba.testdomain. > [INFO]: Domain controller IPv6: <dc-ipv6>. > [INFO]: Trying parse connection interface name. > [INFO]: Successful. Interface name: ens19. > [INFO]: Checking the existence of AAAA record. > [INFO]: IPv6 record exists. > [INFO]: Checking the existence of a PTR record. > [INFO]: PTR record not exists. > [INFO]: Checking whether the IPv6 records needs to be updated. > [INFO]: Current IPv6 address: <client-ipv6>:9207. > [INFO]: IPv6 address in DNS server: <client-ipv6>:9207. > [INFO]: The IPv6 address of interface ens19 has not been changed. > [INFO]: The update IPv6 was skipped. > [INFO]: The PTR record does not exist but IPv6 not changed and PTR record update enable. > [INFO]: Start IPv6 PTR record registration. > [ERROR]: Nsupdate error. > [ERROR]: update failed: NOTAUTH > [ERROR]: IPv6 PTR record update failed. На DC в journalctl: > dc.samba.testdomain named[1230]: client @0x7fa04ee7a898 <client-ipv6>:9207#33731/key S-W-EDU-XFCE\$\@SAMBA.TESTDOMAIN: update failed: <reverse-ipv6-zone(32-bytes-16-nibbles)>.ip6.arpa: not authoritative for update zone (NOTAUTH) Ожидаемый результат =================== Успешное обновление PTR-записей. Дополнительно ============= Воспроизводится только с BIND9_DLZ. С Internal DNS данная ошибка не воспроизводится. Обновление A- и AAAA- записей при этом также проходит без данной ошибки. Воспроизводимость ================= Воспроизводится на виртуальных машинах: [sisyphus] alterator-auth-0.48-alt1.x86_64 samba-4.21.7-alt4.x86_64 [p11+387440.10] alterator-auth-0.48-alt1.x86_64 samba-4.21.7-alt4.x86_64 [p11] alterator-auth-0.45-alt1.x86_64 samba-4.20.8-alt2.x86_64