How do you configure ISC Bind to support GSS-TSIG Updates?
Posted
by
netlinxman
on Server Fault
See other posts from Server Fault
or by netlinxman
Published on 2010-09-03T16:08:09Z
Indexed on
2012/06/30
9:17 UTC
Read the original article
Hit count: 269
First, has anyone EVER configured ISC bind 9.5.0 OR greater with support for GSS-TSIG Dynamic DNS Updates AND gotten it to work? If so, what is the configuration that was used to make that happen?
I feel close to having this working. I see that GSS cred passes w/o apparent error during the TKEY negotiation with an Active Directory DC and the BIND DNS server:
client 192.168.0.30#52314: query gss cred: "DNS/[email protected]", GSS_C_ACCEPT, 4294967256 gss-api source name (accept) is [email protected] process_gsstkey(): dns_tsigerror_noerror client 192.168.0.30#52314: send
But, when the Update is sent, it is refused:
client 192.168.0.30#58330: update client 192.168.0.30#58330: updating zone 'example.com/IN': update failed: rejected by secure update (REFUSED) client 192.168.0.30#58330: send
Does anyone have this working in the real world?
© Server Fault or respective owner