GSS TSIG dynamic DNS from dhcpd
Peter Rathlev
peter at rathlev.dk
Tue Feb 22 16:55:47 UTC 2011
On Tue, 2011-02-22 at 16:30 +0000, Simon Hobson wrote:
> Peter Rathlev wrote:
> > How can I make the DHCP server use GSS TSIG for dynamic updates?
>
> You mean, as in doing secured updates against a Windows server ?
> IFAIK it's not supported and won't be until Microsoft release the
> code required. Don't hold your breath on that.
Yeah, it's against a Windows Server 2003. Sometime before eternity we
might have migrated all DNS away from those servers, but until then...
I can make it work manually with an almost-vanilla[0] nsupdate from
bind-9.7.3 with no problems, so I thought maybe dhcpd could be made to
do it.
My fallback plan is to use "on commit" etc. to perform the update, but
that's a little extra scripting I would love to avoid. :-)
[0]: I needed to enlarge some buffers in buildquery() and
dns_tkey_buildgssquery() to avoid a "ran out of space" error,
example here:
http://www.mail-archive.com/bind-users@lists.isc.org/msg05789.html
--
Peter
More information about the dhcp-users
mailing list