BIND for Active directory with secure update

Danny Mayer mayer at
Thu Dec 15 13:40:24 UTC 2011

On 12/14/2011 2:36 PM, Vbvbrj wrote:
> Hello.
> I've setup BIND to serve the requests to lan instead of Microsoft DNS by
> first setting bind as a secondary dns server for Microsoft DNS, copy the
> zones, and making the BIND the master. In order for domain member hosts
> to update the records of the their names in dns, I allow unsecure
> updates from the lan computers. It's a security thread of poisoning the
> dns. I would like to setup up a secure by the domain servers. On the
> internet I read about using "allow-update" with a key file. But I didn't
> found a page on how to get the key from the Active Directory kerberos
> system. Could any one point on setting the secure update to bind with
> key from the already deployed Active Directory?
> The BIND is running under the windows.

GSS-TSIG is not implemented for BIND9 on Windows.


More information about the bind-users mailing list