Secure DDNS update against Windows Server by NSUPDATE
Mark Andrews
Mark_Andrews at isc.org
Fri Sep 19 00:59:34 UTC 2008
In message <freemail.20080818134351.72676 at fm17.freemail.hu>, arpad bind writes
:
> Hello,
>
>
> I have a problem with secure update via BIND 9.5 against Windows 2003 SP2 Dy
> namic DNS service. DNS server is rejecting the updates. (Secure Updates from
> MS clients works fine.)
>
>
>
> I did these steps:
>
> * GSS support was compiled (compiler gcc)
>
> * linked against AIX 5.3 Kerberos libaries and MIT Kerberos 1.6.3 (with none
> of them it works)
>
> - update is tried as domain admin, and option '-o' activates the Microsoft i
> mplementation of GSS protocol
>
> #> kinit
>
> #> nsupdate -o
>
> > update add test123.test.hu 86400 A 10.144.164.100
>
> > send
>
> - DNS server replies with:
>
> ; TSIG error with server: tsig verify failure
>
> update failed: REFUSED
>
> In the network trace I see that the TKEY is negotiated successfully but the
> update will be refused.
>
> Could someone help me please how to set up secure DDNS against Windows DNS v
> ia NSUPDATE?
>
> Thanks in advance.
>
> Best Regards,
>
> Arpad
That's a matter of finding the right Windows documentation
which describes how to allow a particular principal to update
the DNS. When you find it please let us know.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list