Bind-9.5 GSS-TSIG and dynamic updates.
Peter Fraser
petros.fraser at gmail.com
Tue Feb 10 01:11:20 UTC 2009
HI All
I have been working to get dynamic updates working with bind-9.5 and
FreeBSD 7 So far I have done the following:
1. COmpiled bind with GSSAPI enabled.
2. Added these to named.conf
options {
...
tkey-gssapi-credential "DNS/mydomain.com";
...
};
and
zone "mydomain.com" {
type master;
file "master/mydomain.com";
update-policy {
grant MYDOMAIN.COM ms-subdomain * A;
};
};
zone "1.168.192.in-addr.arpa" {
type master;
file "master/1.168.192.in-addr.arpa";
update-policy {
grant MYDOMAIN.COM ms-subdomain * PTR;
};
};
3. Created a user in AD called binddns and set the password to never expire.
4. Used ktpass to create the keytab like this:
C:\> ktpass -out krb5.keytab -princ
DNS/binddns.mydomain.com at MYDOMAIN.COM -pass * -mapuser
binddns at mydomain.com
5. Copied krb5.keytab to /etc
6. At s point I figured I should be done. Reloaded bind but no updates.
When I run rndc trace, I see this in the logs for the zone
09-Feb-2009 07:36:30.369 dns_zone_dialup: zone atlas.local/IN: notify
= 0, refresh = 0
Is there anything I am leaving out?
More information about the bind-users
mailing list