GSS-TSIG and Active Directory

Rob Austein sra at isc.org
Fri Oct 1 18:12:47 UTC 2010


If you're trying to grant update rights to a specific machine (rather
than every machine in the realm), something like:

  grant dc$@REALM. subdomain dnsname.;

might work better, where "dc$@REALM" is (eg) the Kerberos principle
corresponding to your DC and "dnsname" is the tree to which you want
to grant rights.  The "$" is a Microsoft-ism.



More information about the bind-users mailing list