<div dir="auto">Is it possible the clients are trying to do kerberos GSS-TSIG updates?</div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, May 12, 2020, 5:58 AM Pete Fry via bind-users <<a href="mailto:bind-users@lists.isc.org">bind-users@lists.isc.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">All<div><br></div><div>I've inherited a BIND environment and i'm trying to understand a few things as currently we are experiences an issue related to DDNS.</div><div><br></div><div>we have </div><div><br></div><div>site 1</div><div><div style="box-sizing:border-box;font-family:"Segoe UI",system-ui,"Apple Color Emoji","Segoe UI Emoji",sans-serif;font-size:14px">hostA</div><div style="box-sizing:border-box;font-family:"Segoe UI",system-ui,"Apple Color Emoji","Segoe UI Emoji",sans-serif;font-size:14px"><br></div><div style="box-sizing:border-box;font-family:"Segoe UI",system-ui,"Apple Color Emoji","Segoe UI Emoji",sans-serif;font-size:14px">site 2</div><div style="box-sizing:border-box;font-family:"Segoe UI",system-ui,"Apple Color Emoji","Segoe UI Emoji",sans-serif;font-size:14px">hostB</div><div style="box-sizing:border-box;font-family:"Segoe UI",system-ui,"Apple Color Emoji","Segoe UI Emoji",sans-serif;font-size:14px"><br></div><div style="box-sizing:border-box;font-family:"Segoe UI",system-ui,"Apple Color Emoji","Segoe UI Emoji",sans-serif;font-size:14px">We have a HArecord, and we want HostA or HostB to be able to update the HArecord (i.e. failover cluster type configuration)</div></div><div style="box-sizing:border-box;font-family:"Segoe UI",system-ui,"Apple Color Emoji","Segoe UI Emoji",sans-serif;font-size:14px"><br></div><div style="box-sizing:border-box;font-family:"Segoe UI",system-ui,"Apple Color Emoji","Segoe UI Emoji",sans-serif;font-size:14px">config:</div><div style="box-sizing:border-box;font-family:"Segoe UI",system-ui,"Apple Color Emoji","Segoe UI Emoji",sans-serif;font-size:14px">Zone file:</div><div style="box-sizing:border-box;font-family:"Segoe UI",system-ui,"Apple Color Emoji","Segoe UI Emoji",sans-serif;font-size:14px"><br></div><div style="box-sizing:border-box;font-family:"Segoe UI",system-ui,"Apple Color Emoji","Segoe UI Emoji",sans-serif;font-size:14px">zone "TEST" {<br> check-names ignore;<br> type master;<br> file "/var/named/dynamic/TEST";<br> allow-update {<br> auth-dns;<br> dynamic-TEST;<br> };<br>};<br></div><div style="box-sizing:border-box;font-family:"Segoe UI",system-ui,"Apple Color Emoji","Segoe UI Emoji",sans-serif;font-size:14px"><br></div><div style="box-sizing:border-box;font-family:"Segoe UI",system-ui,"Apple Color Emoji","Segoe UI Emoji",sans-serif;font-size:14px">lists.conf</div><div style="box-sizing:border-box;font-family:"Segoe UI",system-ui,"Apple Color Emoji","Segoe UI Emoji",sans-serif;font-size:14px"><br></div><div style="box-sizing:border-box;font-family:"Segoe UI",system-ui,"Apple Color Emoji","Segoe UI Emoji",sans-serif;font-size:14px">acl dynamic-update-ads { <br> 192.168.2.1 // hostA<br> 192.168.5.1 // hostB <br> dynamic-TEST-tsig; <br>};<br></div><div style="box-sizing:border-box;font-family:"Segoe UI",system-ui,"Apple Color Emoji","Segoe UI Emoji",sans-serif;font-size:14px"><br></div><div style="box-sizing:border-box;font-family:"Segoe UI",system-ui,"Apple Color Emoji","Segoe UI Emoji",sans-serif;font-size:14px">acl dynamic-TEST-tsig {<br> // any host which is not..<br> !{<br> // not in the new acls<br> !dynamic-test-site1;<br> !dynamic-test-site2;<br> any;<br> };<br> // but has the key<br> key TEST-key;<br>};<br><br><br>acl !dynamic-test-site1 {<br> <a href="http://192.168.2.1/32" target="_blank" rel="noreferrer">192.168.2.1/32</a>; // HostA<br>};<br><br>acl !dynamic-test-site2 {<br> <a href="http://192.168.5.1/32" target="_blank" rel="noreferrer">192.168.5.1/32</a>; // HostB<br>};<br></div><div style="box-sizing:border-box;font-family:"Segoe UI",system-ui,"Apple Color Emoji","Segoe UI Emoji",sans-serif;font-size:14px"><pre lang="conf"><span id="m_8229299973494285591gmail-LC155" lang="conf"></span>
</pre><pre lang="conf">however these windows machines keep saying bad key, I know i'm missing something obvious but how do i get this to work?</pre><pre lang="conf">happy to be able to give the key to the windows boxes if anyone knows but i'm drawing a blank</pre><pre lang="conf">Regards</pre><pre lang="conf">Cade</pre></div></div>
_______________________________________________<br>
Please visit <a href="https://lists.isc.org/mailman/listinfo/bind-users" rel="noreferrer noreferrer" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a> to unsubscribe from this list<br>
<br>
bind-users mailing list<br>
<a href="mailto:bind-users@lists.isc.org" target="_blank" rel="noreferrer">bind-users@lists.isc.org</a><br>
<a href="https://lists.isc.org/mailman/listinfo/bind-users" rel="noreferrer noreferrer" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a><br>
</blockquote></div>