ActiveDirectory dynamic dns updates to bind9?
Jonathan de Boyne Pollard
J.deBoynePollard at tesco.net
Fri Aug 22 12:05:11 UTC 2003
TJ> The DHCP server does dynamic updates to DNS using secure
TJ> dynamic updates.
This works only because you aren't using Microsoft's DHCP server. The
authentication mechanism used by Microsoft's DHCP and DNS servers and the
authentication mechanism used by ISC's DHCP and DNS servers are mutually
incompatible. Secure Dynamic DNS updates are possible with Microsoft's DHCP
server talking to Microsoft's DNS server, or with ISC's DHCP server talking to
ISC's DNS server; but are not possible when one mixes Microsoft and ISC
softwares.
TJ> The Domain Controller wants to register some host names with
TJ> DNS but fails to do so because it can't authenticate properly
TJ> to the DNS server.
This does not work because the services on a Windows Domain Controller that
use Dynamic DNS to register various things use the authentication mechanism,
in their update transactions, that Microsoft's DNS and DHCP server use.
Either switch from using the DNS and DHCP servers on your Linux machine to
using Microsoft's DNS and DHCP servers, or remove the requirement that Dynamic
DNS updates coming (or purporting to come) from your Windows Domain Controller
be authentic.
More information about the bind-users
mailing list