DNS with kerberos authentication
Kevin Darcy
kcd at daimlerchrysler.com
Wed Sep 21 21:56:37 UTC 2005
Chandrashekhar Kulkarni wrote:
>hi ,
>
> i having domain server QBIND.COM ( 10.10.50.115 master DNS i also
>configure in master 3 different subdomain [ shekhar , venkat ,
>callibar] ).And Shekhar.qbind.com (10.10.50.117 Slave DNS) how i can
>authenticate dns using kerberos. how can implement for my network ?
>
The only intersection I'm aware of between DNS and Kerberos is the
Microsoft GSS-TSIG stuff, but that's not supported by native BIND (thus
officially off-topic for this list), and, as far as I know, only used to
secure *updates*, not *queries*. If you want a shared-key mechanism that
works within native BIND for securing ordinary queries, zone transfers
and Dynamic Updates, look into the TSIG (without "GSS-") stuff.
- Kevin
More information about the bind-users
mailing list