Okay, added the “realms” entry in the /var/lib/machines/nsdc/var/lib/samba/private/krb5.conf and installed bind-utils as instructed. Different results this time: here is what I got back after running
systemd-run -t -M nsdc /usr/sbin/samba_dnsupdate --verbose
systemd-run -t -M nsdc /usr/sbin/samba_dnsupdate --verbose
Running as unit run-10525.service.
Press ^] three times within 1s to disconnect TTY.
IPs: [‘192.168.1.5’]
Looking for DNS entry A nsdc-dc2.(domainname) 192.168.1.5 as nsdc-dc2.(domainname).
Failed to find matching DNS entry A nsdc-dc2.(domainname) 192.168.1.5
need update: A nsdc-dc2.(domainname) 192.168.1.5
Looking for DNS entry A (domainname) 192.168.1.5 as (domainname).
Failed to find matching DNS entry A (domainname) 192.168.1.5
need update: A (domainname) 192.168.1.5
Looking for DNS entry SRV _ldap._tcp.(domainname) nsdc-dc2.(domainname) 389 as _ldap._tcp.(domainname).
Checking 0 100 389 nsdc-dc2.(domainname). against SRV _ldap._tcp.(domainname) nsdc-dc2.(domainname) 389
Looking for DNS entry SRV _ldap._tcp.dc._msdcs.(domainname) nsdc-dc2.(domainname) 389 as _ldap._tcp.dc._msdcs.(domainname).
Checking 0 100 389 nsdc-dc2.(domainname). against SRV _ldap._tcp.dc._msdcs.(domainname) nsdc-dc2.(domainname) 389
Looking for DNS entry SRV _ldap._tcp.1937ac0b-e18f-47d3-a7a5-e1d2407e9c25.domains._msdcs.(domainname) nsdc-dc2.(domainname) 389 as _ldap._tcp.1937ac0b-e18f-47d3-a7a5-e1d2407e9c25.domains._msdcs.(domainname).
Checking 0 100 389 nsdc-dc2.(domainname). against SRV _ldap._tcp.1937ac0b-e18f-47d3-a7a5-e1d2407e9c25.domains._msdcs.(domainname) nsdc-dc2.(domainname) 389
Looking for DNS entry SRV _kerberos._tcp.(domainname) nsdc-dc2.(domainname) 88 as _kerberos._tcp.(domainname).
Checking 0 100 88 nsdc-dc2.(domainname). against SRV _kerberos._tcp.(domainname) nsdc-dc2.(domainname) 88
Looking for DNS entry SRV _kerberos._udp.(domainname) nsdc-dc2.(domainname) 88 as _kerberos._udp.(domainname).
Checking 0 100 88 nsdc-dc2.(domainname). against SRV _kerberos._udp.(domainname) nsdc-dc2.(domainname) 88
Looking for DNS entry SRV _kerberos._tcp.dc._msdcs.(domainname) nsdc-dc2.(domainname) 88 as _kerberos._tcp.dc._msdcs.(domainname).
Checking 0 100 88 nsdc-dc2.(domainname). against SRV _kerberos._tcp.dc._msdcs.(domainname) nsdc-dc2.(domainname) 88
Looking for DNS entry SRV _kpasswd._tcp.(domainname) nsdc-dc2.(domainname) 464 as _kpasswd._tcp.(domainname).
Checking 0 100 464 nsdc-dc2.(domainname). against SRV _kpasswd._tcp.(domainname) nsdc-dc2.(domainname) 464
Looking for DNS entry SRV _kpasswd._udp.(domainname) nsdc-dc2.(domainname) 464 as _kpasswd._udp.(domainname).
Checking 0 100 464 nsdc-dc2.(domainname). against SRV _kpasswd._udp.(domainname) nsdc-dc2.(domainname) 464
Looking for DNS entry CNAME abeb7b7a-7973-4f5f-a30b-b51d492965a5._msdcs.(domainname) nsdc-dc2.(domainname) as abeb7b7a-7973-4f5f-a30b-b51d492965a5._msdcs.(domainname).
Looking for DNS entry SRV _ldap._tcp.Default-First-Site-Name._sites.(domainname) nsdc-dc2.(domainname) 389 as _ldap._tcp.Default-First-Site-Name._sites.(domainname).
Checking 0 100 389 nsdc-dc2.(domainname). against SRV _ldap._tcp.Default-First-Site-Name._sites.(domainname) nsdc-dc2.(domainname) 389
Looking for DNS entry SRV _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.(domainname) nsdc-dc2.(domainname) 389 as _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.(domainname).
Checking 0 100 389 nsdc-dc2.(domainname). against SRV _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.(domainname) nsdc-dc2.(domainname) 389
Looking for DNS entry SRV _kerberos._tcp.Default-First-Site-Name._sites.(domainname) nsdc-dc2.(domainname) 88 as _kerberos._tcp.Default-First-Site-Name._sites.(domainname).
Checking 0 100 88 nsdc-dc2.(domainname). against SRV _kerberos._tcp.Default-First-Site-Name._sites.(domainname) nsdc-dc2.(domainname) 88
Looking for DNS entry SRV _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.(domainname) nsdc-dc2.(domainname) 88 as _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.(domainname).
Checking 0 100 88 nsdc-dc2.(domainname). against SRV _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.(domainname) nsdc-dc2.(domainname) 88
Looking for DNS entry SRV _ldap._tcp.pdc._msdcs.(domainname) nsdc-dc2.(domainname) 389 as _ldap._tcp.pdc._msdcs.(domainname).
Checking 0 100 389 nsdc-dc2.(domainname). against SRV _ldap._tcp.pdc._msdcs.(domainname) nsdc-dc2.(domainname) 389
Looking for DNS entry A gc._msdcs.(domainname) 192.168.1.5 as gc._msdcs.(domainname).
Failed to find matching DNS entry A gc._msdcs.(domainname) 192.168.1.5
need update: A gc._msdcs.(domainname) 192.168.1.5
Looking for DNS entry SRV _gc._tcp.(domainname) nsdc-dc2.(domainname) 3268 as _gc._tcp.(domainname).
Checking 0 100 3268 nsdc-dc2.(domainname). against SRV _gc._tcp.(domainname) nsdc-dc2.(domainname) 3268
Looking for DNS entry SRV _ldap._tcp.gc._msdcs.(domainname) nsdc-dc2.(domainname) 3268 as _ldap._tcp.gc._msdcs.(domainname).
Checking 0 100 3268 nsdc-dc2.(domainname). against SRV _ldap._tcp.gc._msdcs.(domainname) nsdc-dc2.(domainname) 3268
Looking for DNS entry SRV _gc._tcp.Default-First-Site-Name._sites.(domainname) nsdc-dc2.(domainname) 3268 as _gc._tcp.Default-First-Site-Name._sites.(domainname).
Checking 0 100 3268 nsdc-dc2.(domainname). against SRV _gc._tcp.Default-First-Site-Name._sites.(domainname) nsdc-dc2.(domainname) 3268
Looking for DNS entry SRV _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.(domainname) nsdc-dc2.(domainname) 3268 as _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.(domainname).
Checking 0 100 3268 nsdc-dc2.(domainname). against SRV _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.(domainname) nsdc-dc2.(domainname) 3268
Looking for DNS entry A DomainDnsZones.(domainname) 192.168.1.5 as DomainDnsZones.(domainname).
Failed to find matching DNS entry A DomainDnsZones.(domainname) 192.168.1.5
need update: A DomainDnsZones.(domainname) 192.168.1.5
Looking for DNS entry SRV _ldap._tcp.DomainDnsZones.(domainname) nsdc-dc2.(domainname) 389 as _ldap._tcp.DomainDnsZones.(domainname).
Checking 0 100 389 nsdc-dc2.(domainname). against SRV _ldap._tcp.DomainDnsZones.(domainname) nsdc-dc2.(domainname) 389
Looking for DNS entry SRV _ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.(domainname) nsdc-dc2.(domainname) 389 as _ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.(domainname).
Checking 0 100 389 nsdc-dc2.(domainname). against SRV _ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.(domainname) nsdc-dc2.(domainname) 389
Looking for DNS entry A ForestDnsZones.(domainname) 192.168.1.5 as ForestDnsZones.(domainname).
Failed to find matching DNS entry A ForestDnsZones.(domainname) 192.168.1.5
need update: A ForestDnsZones.(domainname) 192.168.1.5
Looking for DNS entry SRV _ldap._tcp.ForestDnsZones.(domainname) nsdc-dc2.(domainname) 389 as _ldap._tcp.ForestDnsZones.(domainname).
Checking 0 100 389 nsdc-dc2.(domainname). against SRV _ldap._tcp.ForestDnsZones.(domainname) nsdc-dc2.(domainname) 389
Looking for DNS entry SRV _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.(domainname) nsdc-dc2.(domainname) 389 as _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.(domainname).
Checking 0 100 389 nsdc-dc2.(domainname). against SRV _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.(domainname) nsdc-dc2.(domainname) 389
Looking for DNS entry A nsdc-dc2.(domainname) 192.168.2.10 as nsdc-dc2.(domainname).
need delete: A nsdc-dc2.(domainname) 192.168.2.10
Looking for DNS entry A (domainname) 192.168.2.10 as (domainname).
need delete: A (domainname) 192.168.2.10
Looking for DNS entry A gc._msdcs.(domainname) 192.168.2.10 as gc._msdcs.(domainname).
need delete: A gc._msdcs.(domainname) 192.168.2.10
Looking for DNS entry A DomainDnsZones.(domainname) 192.168.2.10 as DomainDnsZones.(domainname).
need delete: A DomainDnsZones.(domainname) 192.168.2.10
Looking for DNS entry A ForestDnsZones.(domainname) 192.168.2.10 as ForestDnsZones.(domainname).
need delete: A ForestDnsZones.(domainname) 192.168.2.10
5 DNS updates and 5 DNS deletes needed
delete (nsupdate): A nsdc-dc2.(domainname) 192.168.2.10
Calling nsupdate for A nsdc-dc2.(domainname) 192.168.2.10 (delete)
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
nsdc-dc2.(domainname). 0 NONE A 192.168.2.10
; TSIG error with server: tsig verify failure
Failed nsupdate: 2
delete (nsupdate): A (domainname) 192.168.2.10
Calling nsupdate for A (domainname) 192.168.2.10 (delete)
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
(domainname). 0 NONE A 192.168.2.10
; TSIG error with server: tsig verify failure
Failed nsupdate: 2
delete (nsupdate): A gc._msdcs.(domainname) 192.168.2.10
Calling nsupdate for A gc._msdcs.(domainname) 192.168.2.10 (delete)
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
gc._msdcs.(domainname). 0 NONE A 192.168.2.10
; TSIG error with server: tsig verify failure
Failed nsupdate: 2
delete (nsupdate): A DomainDnsZones.(domainname) 192.168.2.10
Calling nsupdate for A DomainDnsZones.(domainname) 192.168.2.10 (delete)
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
DomainDnsZones.(domainname). 0 NONE A 192.168.2.10
; TSIG error with server: tsig verify failure
Failed nsupdate: 2
delete (nsupdate): A ForestDnsZones.(domainname) 192.168.2.10
Calling nsupdate for A ForestDnsZones.(domainname) 192.168.2.10 (delete)
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
ForestDnsZones.(domainname). 0 NONE A 192.168.2.10
; TSIG error with server: tsig verify failure
Failed nsupdate: 2
update(nsupdate): A nsdc-dc2.(domainname) 192.168.1.5
Calling nsupdate for A nsdc-dc2.(domainname) 192.168.1.5 (add)
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
nsdc-dc2.(domainname). 900 IN A 192.168.1.5
; TSIG error with server: tsig verify failure
Failed nsupdate: 2
update(nsupdate): A (domainname) 192.168.1.5
Calling nsupdate for A (domainname) 192.168.1.5 (add)
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
(domainname). 900 IN A 192.168.1.5
; TSIG error with server: tsig verify failure
Failed nsupdate: 2
update(nsupdate): A gc._msdcs.(domainname) 192.168.1.5
Calling nsupdate for A gc._msdcs.(domainname) 192.168.1.5 (add)
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
gc._msdcs.(domainname). 900 IN A 192.168.1.5
; TSIG error with server: tsig verify failure
Failed nsupdate: 2
update(nsupdate): A DomainDnsZones.(domainname) 192.168.1.5
Calling nsupdate for A DomainDnsZones.(domainname) 192.168.1.5 (add)
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
DomainDnsZones.(domainname). 900 IN A 192.168.1.5
; TSIG error with server: tsig verify failure
Failed nsupdate: 2
update(nsupdate): A ForestDnsZones.(domainname) 192.168.1.5
Calling nsupdate for A ForestDnsZones.(domainname) 192.168.1.5 (add)
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
ForestDnsZones.(domainname). 900 IN A 192.168.1.5
; TSIG error with server: tsig verify failure
Failed nsupdate: 2
Failed update of 10 entries
Don’t know if a TSIG error is a problem. I’ll take a look a the server and let you know what I find.