Secure DDNS update against Windows Server by NSUPDATE
arpad bind
arpadbind at freemail.hu
Thu Sep 18 11:43:51 UTC 2008
Hello,
I have a problem with secure update via BIND 9.5 against Windows 2003 SP2 Dynamic DNS service. DNS server is rejecting the updates. (Secure Updates from MS clients works fine.)
I did these steps:
* GSS support was compiled (compiler gcc)
* linked against AIX 5.3 Kerberos libaries and MIT Kerberos 1.6.3 (with none of them it works)
- update is tried as domain admin, and option '-o' activates the Microsoft implementation of GSS protocol
#> kinit
#> nsupdate -o
> update add test123.test.hu 86400 A 10.144.164.100
> send
- DNS server replies with:
; TSIG error with server: tsig verify failure
update failed: REFUSED
In the network trace I see that the TKEY is negotiated successfully but the update will be refused.
Could someone help me please how to set up secure DDNS against Windows DNS via NSUPDATE?
Thanks in advance.
Best Regards,
Arpad
______________________________________________________________________
Könyvszerda 30% kedvezménnyel! HVG, Typotex és Tinta kiadók könyveinek teljes kínálata.
http://bookline.hu/control/news?newsid97&tabname=book&affiliate=frekszkar6632
More information about the bind-users
mailing list