GSS TSIG dynamic DNS from dhcpd

Peter Rathlev peter at rathlev.dk
Tue Feb 22 16:55:47 UTC 2011


On Tue, 2011-02-22 at 16:30 +0000, Simon Hobson wrote:
> Peter Rathlev wrote:
> > How can I make the DHCP server use GSS TSIG for dynamic updates?
> 
> You mean, as in doing secured updates against a Windows server ? 
> IFAIK it's not supported and won't be until Microsoft release the 
> code required. Don't hold your breath on that.

Yeah, it's against a Windows Server 2003. Sometime before eternity we
might have migrated all DNS away from those servers, but until then...

I can make it work manually with an almost-vanilla[0] nsupdate from
bind-9.7.3 with no problems, so I thought maybe dhcpd could be made to
do it.

My fallback plan is to use "on commit" etc. to perform the update, but
that's a little extra scripting I would love to avoid. :-)

[0]: I needed to enlarge some buffers in buildquery() and
     dns_tkey_buildgssquery() to avoid a "ran out of space" error,
     example here:
     http://www.mail-archive.com/bind-users@lists.isc.org/msg05789.html

-- 
Peter





More information about the dhcp-users mailing list