BIND 9.5.0a6 and Windows Server 2003 R2 DDNS updates with GSS-TSIG
David Holder
david.holder at erion.co.uk
Sun Aug 19 15:02:25 UTC 2007
I had a little trouble getting this message onto the list - here it is at last (I hope).
> Hi! I am trying to use BIND 9.5's GSS-TSIG functionality to carry out secure
> updates to a Windows Server 2003 R2 AD domain controller.
>
>
>
> I am using a few different Linux clients. They are all configured to use the
> AD DC as their KDC. This works fine.
>
>
>
> I have built and tested BIND 9.5 with GSSAPI. So far I have not been able to
> get it to work with Windows.
>
>
>
> Here is an example of the failure messages I get.
>
> /usr/local/bin/nsupdate -d -g -o
>
> > > update add oak2.active.com 86400 A 192.168.100.100
>
>
> > > send
>
>
> Reply from SOA query:
>
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 53990
>
> ;; flags: qr aa rd ra ; QUESTION: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
>
> ;; QUESTION SECTION:
>
> ;oak2.active.com. IN SOA
>
>
>
> ;; AUTHORITY SECTION:
>
> active.com. 3600 IN SOA w2003r2.active.com.
> hostmaster. 32 900 600 86400 3600
>
>
>
> ;; ADDITIONAL SECTION:
>
> w2003r2.active.com. 3600 IN A 192.168.100.101
>
>
>
> Found zone name: active.com
>
> The master is: w2003r2.active.com
>
> start_gssrequest
>
> nsupdate.c:2192: INSIST(result == 0) failed.
>
> Aborted
>
>
>
> If I do a klist I see the following.
>
> Ticket cache: FILE:/tmp/krb5cc_513
>
> Default principal: administrator at ACTIVE.COM
>
>
>
> Valid starting Expires Service principal
>
> 08/08/07 13:06:09 08/08/07 23:07:35 krbtgt/ACTIVE.COM at ACTIVE.COM
>
> renew until 08/09/07 13:06:09
>
> 08/08/07 13:31:26 08/08/07 23:07:35 DNS/w2003r2.active.com at ACTIVE.COM
>
> renew until 08/09/07 13:06:09
>
>
>
> I have carried out network traces and found that Windows to Windows dynamic
> updates look different from the BIND to Windows dynamic updates.
>
>
>
> Has anyone tried this before? What information do you need to look at this?
> Traces logs configuration info? And is this the correct mailing list for
> this problem?
>
>
>
> Many thanks,
>
> David
--
------------------------------------------------------------------------
Dr David Holder CEng MIET MIEEE
Erion Ltd, Oakleigh, Upper Sutherland Road, Halifax, HX3 8NT
Reception: +44 (0)1422 207000
Direct Dial: +44 (0)131 2026317
Cell: +44 (0) 7768 456831
Registered in England and Wales. Registered Number 3521142
VAT Number: GB 698 3633 78
More information about the bind-users
mailing list