No, those messages look OK to me, even though there are messages of denied updates. However, the important thing is that the signed updates to work (e.g. starting at 06:49:48 with
samba_dlz: starting transaction on zone mydomain.xxx and
samba_dlz: allowing update of signer=… up to the following
samba_dlz: committed transaction on zone mydomain.xxx).
What I don't see are any messages about PTR records.
Can you please do the following:
- Visit the Univention Directory Management console,
- Navigate to the machine account of one of your currently running Windows clients and edit that entry,
- In the section "DNS FOrward and Reverse Lookup Zone" add an entry for "DNS reverse zone" (I'm betting there are currently no entries) and save the entry,
- Wait and watch the
syslog until the client updates its records again and see if it tries to update the PTR that time.