Secure DDNS update against Windows Server by NSUPDATE

arpad bind arpadbind at freemail.hu
Sun Sep 21 08:43:19 UTC 2008 

Hi Mark!

Thank you for your answer. 

By default authenticated users (domain members) are able to update their records if the zone allows "secure only"  DNS updates on a Windows DNS server. So this is fine...

I'm wondering if someone could have ever sent a successful secure DNS update via NSUPDATE against a Windows Server.

Thanks in advance.

Best Regards,

Arpad


Mark Andrews <Mark_Andrews at isc.org> írta: 


> 
> In message <freemail.20080818134351.72676 at fm17.freemail.hu>, arpad bind writes
> :
> > Hello,
> > 
> > 
> > I have a problem with secure update via BIND 9.5 against Windows 2003 SP2 Dy
> > namic DNS service. DNS server is rejecting the updates. (Secure Updates from
> > MS clients works fine.)
> > 
> > 
> > 
> > I did these steps:
> > 
> > * GSS support was compiled (compiler gcc)
> > 
> > * linked against AIX 5.3 Kerberos libaries and MIT Kerberos 1.6.3 (with none
> > of them it works)
> > 
> > - update is tried as domain admin, and option '-o' activates the Microsoft i
> > mplementation of GSS protocol
> > 
> > #> kinit
> > 
> > #> nsupdate -o
> > 
> > > update add test123.test.hu 86400 A 10.144.164.100
> > 
> > > send
> > 
> > - DNS server replies with:
> > 
> > ; TSIG error with server: tsig verify failure
> > 
> > update failed: REFUSED
> > 
> > In the network trace I see that the TKEY is negotiated successfully but the 
> > update will be refused.
> > 
> > Could someone help me please how to set up secure DDNS against Windows DNS v
> > ia NSUPDATE?
> > 
> > Thanks in advance.
> > 
> > Best Regards,
> > 
> > Arpad
> 
> That's a matter of finding the right Windows documentation
> which describes how to allow a particular principal to update
> the DNS. When you find it please let us know.
> 
> Mark
> -- 
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
> 

______________________________________________________________________
Vujity Tvrtko: „Én már tudom melyik nyelviskolába érdemes beiratkozni!” 
Katedra Nyelviskola -  felnõtteknek, gyerekeknek garantált minõség 37 városban
www.katedra.hu

More information about the bind-users mailing list