How to create static IP in Samba4/DNS?

I am running Slacware64 14.1, Samba 4.1.11 and bind 9.9.5-P1. I am running this host as an AD/DC. I have provisioned the Samba DC specifying BIND9_FLATFILE backend, which basically means using the normal bind config files. This setup has been running fine for around 9 months.

Now, I have a couple of devices, e.g. printer, DVR, for which I want to add static IPs. I've done this in a pre-Samba DNS by adding the following line the to the zone file:

$TTL 14400      ; 4 hours
ricoh                   A       192.168.0.20

and similarly to the reverse zone file:

$TTL 14400
20     PTR    ricoh.hprs.local.

I did this yesterday, but after some period of time, the A record entry from the zone file had disappeared altogether. Samba does update these files, but why would the A record go away? Or, maybe I configured it wrong.

Can someone help me out with getting this IP set correctly?

Below is the zonefile in question (lots of Samba added stuff)
$ORIGIN .
$TTL 14400      ; 4 hours
hprs.local              IN SOA  mail.hprs.local. hostmaster.hprs.local. (
                                2014094808 ; serial
                                10800      ; refresh (3 hours)
                                3600       ; retry (1 hour)
                                28800      ; expire (8 hours)
                                3600       ; minimum (1 hour)
                                )
                        NS      mail.hprs.local.
                        A       192.168.0.2
$ORIGIN hprs.local.
_kerberos               TXT     "HPRS.LOCAL"
$ORIGIN _msdcs.hprs.local.
48c0208f-0646-42f6-89bf-dc9b81b3442c CNAME mail.hprs.local.
$ORIGIN _tcp.Default-First-Site-Name._sites.dc._msdcs.hprs.local.
_kerberos               SRV     0 100 88 mail.hprs.local.
_ldap                   SRV     0 100 389 mail.hprs.local.
$ORIGIN _tcp.dc._msdcs.hprs.local.
_kerberos               SRV     0 100 88 mail.hprs.local.
_ldap                   SRV     0 100 389 mail.hprs.local.
$ORIGIN _msdcs.hprs.local.
_ldap._tcp.e261d59e-e2f2-4202-9caa-b0ebf8d106a5.domains SRV 0 100 389 mail.hprs.local.
gc                      A       192.168.0.2
$ORIGIN gc._msdcs.hprs.local.
_ldap._tcp.Default-First-Site-Name._sites SRV 0 100 3268 mail.hprs.local.
_ldap._tcp              SRV     0 100 3268 mail.hprs.local.
$ORIGIN _msdcs.hprs.local.
_ldap._tcp.pdc          SRV     0 100 389 mail.hprs.local.
$ORIGIN _tcp.Default-First-Site-Name._sites.hprs.local.
_gc                     SRV     0 100 3268 mail.hprs.local.
_kerberos               SRV     0 100 88 mail.hprs.local.
_ldap                   SRV     0 100 389 mail.hprs.local.
$ORIGIN _tcp.hprs.local.
_gc                     SRV     0 100 3268 mail.hprs.local.
_kerberos               SRV     0 100 88 mail.hprs.local.
_kerberos-master        SRV     0 100 88 mail.hprs.local.
_kpasswd                SRV     0 100 464 mail.hprs.local.
_ldap                   SRV     0 100 389 mail.hprs.local.
$ORIGIN _udp.hprs.local.
_kerberos               SRV     0 100 88 mail.hprs.local.
_kerberos-master        SRV     0 100 88 mail.hprs.local.
_kpasswd                SRV     0 100 464 mail.hprs.local.
$ORIGIN hprs.local.
$TTL 1200       ; 20 minutes
BETH                    A       192.168.0.53
$TTL 3600       ; 1 hour
                        TXT     "31fb00b7a77fdc7f6ba1e7a3a8efaeb764"
$TTL 1200       ; 20 minutes
CHARMAINE               A       192.168.0.52
$TTL 3600       ; 1 hour
                        TXT     "31e495ab9beab3bba63ae1165feab6d82f"
$TTL 1200       ; 20 minutes
COMMON                  A       192.168.0.58
$TTL 3600       ; 1 hour
                        TXT     "31d43f065d80a9e1d8507c919ea920a677"
$TTL 1200       ; 20 minutes
DENNIS                  A       192.168.0.57
$TTL 3600       ; 1 hour
                        TXT     "31616d4148a7bea9e6aba53e934e9a3766"
DOMAS1286P12141         A       192.168.0.114
                        TXT     "31692eef51b0eaa0d31d250455d1c2c625"
$TTL 1200       ; 20 minutes
DORIS                   A       192.168.0.51
$TTL 3600       ; 1 hour
                        TXT     "318d9a2029644a1b54e80551bba7682954"
$TTL 1200       ; 20 minutes
HOLLY                   A       192.168.0.56
$TTL 3600       ; 1 hour
                        TXT     "3125e48aa8400fcddf72791dc5bb93bca7"
LocalHost               A       192.168.0.24
                        TXT     "31d0ef7b30ac56944e0d01b8d43a43123a"
$TTL 14400      ; 4 hours
mail                    A       192.168.0.2
$TTL 1200       ; 20 minutes
MARK                    A       192.168.0.55
$TTL 3600       ; 1 hour
                        TXT     "312e7db07ef48b5b5c1c74dca37fc455d0"
MCNEA1953C11141         A       192.168.0.112
                        TXT     "3133784f6dadce841246963acdf6ffa25c"
$TTL 1200       ; 20 minutes
MIKE                    A       192.168.0.54
$TTL 3600       ; 1 hour
                        TXT     "3123e28f0b7a5150ca7bf29e91967928c2"
OHPRSstorage            A       192.168.0.5
                        TXT     "00809cfa69f150af1ca3924d33b7dbd20e"
$TTL 1200       ; 20 minutes
RENEE                   A       192.168.0.50
$TTL 3600       ; 1 hour
                        TXT     "31a3fe008f43cb09a0b5e55cf7a3322f26"
$TTL 1200       ; 20 minutes
server                  A       192.168.0.4
$TTL 3600       ; 1 hour
                        TXT     "3142f0ea1580f4cfde5bfb712dc2dc8482"
$TTL 1200       ; 20 minutes
TRAVERSE                A       192.168.0.59
$TTL 3600       ; 1 hour
                        TXT     "31d1e2072b79d455b24818ec52267dc0b6"
viao                    A       192.168.0.102
                        TXT     "319fa2220f0f1c778d2667ee0e19bbb60d"
webserver               A       192.168.0.3
                        TXT     "00a72c84d5da5a7047247078f738268ec3"

Open in new window

LVL 1
MarkAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Daniel McAllisterPresident, IT4SOHO, LLCCommented:
OK, this is very explainable.

First, DNS does not control the ASSIGNMENT of an IP address to a machine (copier, computer, or mobile device)... DNS only gives addresses for names (or vice-versa: names to addresses):
 - An A record gives a name an IP address
 - A PTR record gives an IP address a name

By creating both A & PTR records for your printer & DVR, all you did is say that ANYTHING at IP address A has a name ANAME, and that ANYTHING at IP address B has a name BNAME.

So enter the service you DIDN'T configure: DHCP
DHCP is the service that actually assigns IP addresses to devices on your LAN.
These addresses can be STATIC (based on the MAC [hardware 6-byte code] address), or can be dynamically assigned from a pool of addresses you claim to be available.

DHCP is designed to manage the dynamic pool of addresses so that duplicates never appear.
However, one FEATURE of DHCP is the ability to "register" an assigned IP address into DNS so that windows systems are no longer dependent upon WINS, and non-Windows systems can get the same functionality as WINS.

SO, your problem is arising out of the fact that, even though you created an A record for "DVD" at IP address 102, that address is in "the pool" for your DHCP server... and along comes a device called "VAIO" and DHCP gives *IT* address 102 -- now, when DHCP registers the name "vaio" in DNS, it REPLACES the name "dvd" -- and then, when the "vaio" computer goes away for too long, the entry is simply removed altogether.

Your solution (imho for virtually everything that is nearly always on your LAN) is to give it a DHCP reservation -- that is, a "saved" address out of the pool, so that whenever that device comes online, the DHCP server ALWAYS gives it the same address (because it has been reserved for that device).

I hope this helps

Dan
IT4SOHO
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
MarkAuthor Commented:
Dan:
So enter the service you DIDN'T configure: DHCP
I do have lots of things configured in DHCP, but the particular device I am messing with is a printer configured with a static IP internally. It does not request DHCP. Therefore, all I really need is to tell DNS the match-up between the printer's IP and the name I want to give it. I've always done that via the zone tables putting the A record in the main zone file  and the PTR record in the by-IP zone file.

Bottom line: I'm configuring the static IP without DHCP and without the 'client' host requesting DHCP.
0
Daniel McAllisterPresident, IT4SOHO, LLCCommented:
I get what you're saying, and I guess since I made my response more broad, I think you missed my salient point...

 -- if your "static" (self-assigned) IP address is in your DHCP address pool, and DHCP attempts to assign that address to some device (new and dynamic), it will instruct the DNS server to "change" the entry for that IP address.

So, EVEN IF the printer has an internally assigned IP address, you STILL want to make the reservation entry in DHCP -- to prevent it from assigning that address dynamically AND to prevent it from changing the entry in your DNS server.

The reason this likely never happened to you before is (I'm guessing) that your DHCP service previously wasn't making DNS updates based on address leases.

Good Luck

Dan McAllister
IT4SOHO
0
Redefine Your Security with AI & Machine Learning

The implications of AI and machine learning in cyber security are massive and constantly growing, creating both efficiencies and new challenges across the board. Check out our on-demand webinar to learn more about how AI can help your organization!

MarkAuthor Commented:
if your "static" (self-assigned) IP address is in your DHCP address pool, and DHCP attempts to assign that address to some device (new and dynamic), it will instruct the DNS server to "change" the entry for that IP address.
The dhcpd.conf assigns "range 192.168.0.100 192.168.0.254" for DHCP'able addresses. The static IP I'm choosing is 192.168.0.20, so DHCP should not attempt to assign that address to a DHCP client.
you STILL want to make the reservation entry in DHCP
I added the following to my dhcpd.conf:

host ricoh {
    hardware ethernet 00:26:73:55:63:AB;
    fixed-address 192.168.0.20;
}

I restarted dhcpd and named. This did not work. I cannot resolve host ricoh. I'm skeptical anyway. Would not the client device (ricoh) have to request an IP address from the DHCP server in order for dhcpd to assign 192.168.0.20 and update the DNS zone files? I can't image dhcpd would update DNS simply based on creating the host entry if no client with that MAC ever requested an IP. I have 14 other hosts assigned static IP in dhcpd.conf, which all are set to use DHCP and all of them work perfectly. The only difference between those 14 hosts and this ricoh device is that the ricoh is not set to get its IP via DHCP.
The reason this likely never happened to you before is (I'm guessing) that your DHCP service previously wasn't making DNS updates based on address leases.
Actually, this did work before with DHCP and DNS, but that configuration did not include Samba4.

It doesn't make sense to me that I can't simply add A and PTR records the the forward and reverse zone files respectively. That is what I've done in the past, including on SBS 2008. I did not have to mess with DHCPD configurations. That's pretty much what all DNS "how to's" I've come across on the web say you're suppose to do.

I guess I'll have to stage a test system with DHCP and DNS, but no Samaba4 and see if that does or does not work. MIght as well eliminate one variable from the problem.
0
MarkAuthor Commented:
Not getting very far on this. I'm going to simplify and remove DHCP and Samba from the equation and re-post something cleaner.
0
MarkAuthor Commented:
I figured out the problem. Adding the A and PTR records to the zone files was correct as I did in my initial posting. However, I needed to stop named, dhcp, samba and for good measure ntpd. Then add the A and PTR records, then restart those program. That worked. Added the A and PTR records while all those are running does not work. The A records get clobbered for some reason.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
DNS

From novice to tech pro — start learning today.