Join Active Directory Domain wont create DNS record

Question

I created testing environment with clean Windows Server 2016 active directory (clean install), default options on AD role installation and DNS server (running on the same machine as AD). When i join windows computer to the domain everything works fine and i can ping COMPUTER1.ad.mydomain.com

but when i am joining linux (centos 7) with realm (current version from the repository) no dns is created AD record is created tho... sooo.. no ping (nor ssh) on COMPUTER2.ad.mydomain.com

How to enforce dns record creation?

Possible duplicate of [How do I register Linux server with Windows DNS server](http://serverfault.com/questions/20075/how-do-i-register-linux-server-with-windows-dns-server) — AtomicFireball, Dec 16 '16 at 03:04
If you are using sssd, you must add "dyndns_update = true" to sssd.conf. See the man page for sssd-ad, i think. — Andy, Dec 16 '16 at 11:55
thanks for a suggestion with dyndns_update=true I ll deffinitely try it. I dont think its a duplicate question, since solution in that question suck and is not a solution at all. (also its 7 years old) so ... much can happen. — LightCZ, Dec 17 '16 at 02:21

score 3 · Accepted Answer · answered Dec 20 '16 at 01:43

3

So, the answer is combination is Andys and Mikhail solutions. with SSSD when you allow Win DNS Nonsecure updates and you set

dyndns_update=true

in your /etc/sssd/sssd.conf Your DNS records will be created and properly maintained. Seems its working fine for me right now.

answered Dec 20 '16 at 01:43

LightCZ

181
1
1
5

This setting is true by default already. https://www.systutorials.com/docs/linux/man/5-sssd-ad/ – Thomp Sep 20 '18 at 22:31
This is actually very valid information and it makes this question obsolete – LightCZ Mar 26 '19 at 11:33

score 1 · Answer 2 · answered Mar 11 '20 at 06:15

1

In my case, issue was in short non-fqdn hostname. After I'd added .domain.com to my hostname, registration succeeded. Also check https://serverfault.com/a/821716/512695

answered Mar 11 '20 at 06:15

Alexander Cherkendov

111
1
5

Relevant: https://unix.stackexchange.com/a/239950 – Phatmandrake May 04 '21 at 17:38

score -1 · Answer 3 · answered Dec 16 '16 at 20:25

-1

I believe dynamic DNS registration won't work for Linux clients as well for non-domain joined Windows clients. But if those boxes are DHCP clients of Windows DHCP Server you can configure your DHCP server to perform DNS registration on behalf of those clients:

1) On Windows DHCP server: Scope properties > DNS > Enable : Dynamically update DNS A and PTR records for DHCP clients that do not request update

2) On DNS : Right click on your zone > Properties > General > set Dynamic update to : Nonsecure and Secure

answered Dec 16 '16 at 20:25

Mikhail

1,287
3
18
35

Yeah i saw that solution on other question, but this cannot be applied in my case, because we dont have Windows DHCP. We have dedicated device for DHCP (Zyxel Zywall), which i believe does not support dynamic update. I have to deffinitely try that dyndns_update = true option in SSSD.conf as Andy suggested – LightCZ Dec 17 '16 at 02:14
Yet another ridiculous `security=off` answer for SF here. – Cylindric Feb 17 '20 at 15:49
@Cylindric I didn't advertise my answer as a secure/perfect option only as an option to achieve specific goal. Security by default is a nice philosophy, but in a real world people sometimes use "make it work, then secure it (if you can/need it)" approach. Not all systems are meant for production and sensitive data and necessarily worth effort of securing them, though I do recognize value of "make security your habit" approach. – Mikhail Feb 19 '20 at 08:23

Join Active Directory Domain wont create DNS record

3 Answers3