Secure DDNS update against Windows Server by NSUPDATE
Danny Mayer
mayer at gis.net
Sun Oct 26 03:13:25 UTC 2008
Mark Andrews wrote:
> In message <freemail.20080818134351.72676 at fm17.freemail.hu>, arpad bind writes
> :
>> Hello,
>>
>>
>> I have a problem with secure update via BIND 9.5 against Windows 2003 SP2 Dy
>> namic DNS service. DNS server is rejecting the updates. (Secure Updates from
>> MS clients works fine.)
>>
>>
>>
>> I did these steps:
>>
>> * GSS support was compiled (compiler gcc)
>>
>> * linked against AIX 5.3 Kerberos libaries and MIT Kerberos 1.6.3 (with none
>> of them it works)
>>
>> - update is tried as domain admin, and option '-o' activates the Microsoft i
>> mplementation of GSS protocol
>>
>> #> kinit
>>
>> #> nsupdate -o
>>
>>> update add test123.test.hu 86400 A 10.144.164.100
>>> send
>> - DNS server replies with:
>>
>> ; TSIG error with server: tsig verify failure
>>
>> update failed: REFUSED
>>
>> In the network trace I see that the TKEY is negotiated successfully but the
>> update will be refused.
>>
>> Could someone help me please how to set up secure DDNS against Windows DNS v
>> ia NSUPDATE?
>>
>> Thanks in advance.
>>
>> Best Regards,
>>
>> Arpad
>
> That's a matter of finding the right Windows documentation
> which describes how to allow a particular principal to update
> the DNS. When you find it please let us know.
>
> Mark
I believe that the system in question needs to be a member of the AD
Domain as a host.
Danny
More information about the bind-users
mailing list