Secure Active Directory updates and allow-update-forwarding issues

Nagesh Thati tcpnagesh at
Tue Jan 19 11:23:07 UTC 2021

I am getting update failed on master DNS appliance when I am using
*updating zone ' <>':
update failed: rejected by secure update (REFUSED)* is a active directory enabled zone which has one master and one
slave. Master appliance is hidden, so active directory sends updates to
slave appliance using MNAME specified in the zone SOA section.

*master( named.conf:*

tkey-gssapi-keytab "/etc/krb5.keytab"; -> In the option section, in /etc
folder we have keytab file

zone "" IN {
        type master;
        file "/var/named/zones/masters/";
        allow-transfer {;};
        also-notify {;};
        notify explicit;
        *update-policy { grant * subdomain
<>. ANY; };*
        check-names ignore;
        zone-statistics yes;

*slave( named.conf:*
zone "" IN {
        type slave;
        file "/var/named/zones/slaves/";
        allow-notify {;};
        masters {
        check-names ignore;
        zone-statistics yes;

* - AD server*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the bind-users mailing list