Yet another GSS-TSIG thread for BIND9 with AD

Vinícius Ferrão ferrao at
Sat Jun 13 02:16:01 UTC 2020

Hi Tim, sorry foi the delayed answer, but the message was gone to the spam folder.

I tried with your settings but the results were the same:

==> /var/log/named/update.log <==
12-Jun-2020 23:14:42.767 client @0x7f2c580a1ca0 updating zone '':<':> prerequisites are OK
12-Jun-2020 23:14:42.767 client @0x7f2c580a1ca0 updating zone '':<':> rolling back

==> /var/log/named/default.log <==
12-Jun-2020 23:14:42.767 client @0x7f2c580a1ca0 update '’<’> denied

On 24 May 2020, at 02:39, Tim Maestas <tmaestas95 at<mailto:tmaestas95 at>> wrote:

On Sat, May 23, 2020 at 12:19 PM Vinícius Ferrão via bind-users <bind-users at<mailto:bind-users at>> wrote:

                grant * subdomain<>. ANY;

I use:
grant LOCAL.EXAMPLE.COM<> ms-self .;
...for my domain joined members and
grant HOSTNAME$@LOCAL.EXAMPLE.COM<> subdomain<> ANY;
....for my domain controllers.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the bind-users mailing list