DNS update from Linux to Windows DNS Server

Cory Coager ccoager at davisvision.com
Mon Jul 26 17:03:56 UTC 2010 

In tcpdump I see:
Standard query response, Refused

On 07/26/2010 12:16 PM, Phil Mayers wrote:
>
> On 26/07/10 16:56, Cory Coager wrote:
> > 'nsupdate -g' responds with 'dns_request_getresponse: FORMERR'
>
> Sorry then. I don't know. Personally I can't make nsupdate work at all
> with GSSAPI; I get:
>
> dns_tkey_buildgssquery failed: ran out of space
>
> ...before it even tries to talk to the network. I have to use a
> home-grown tool (I also don't have access to a win2k8 r2 DNS server to
> test against...)
>
>
> You could try tcpdump/wireshark - figure out whether the issue is the
> TKEY negotiation of the GSSAPI context or the TSIG update. In a
> successful attempt you should see:
>
> C: query name=1234-56.xxxxx IN TKEY
>     additional name=1234-56.xxxxx ANY TKEY <payload=gssapi>
> S: answer name=1234-56.xxxxx ANY TKEY <payload=gssapi resp.>
> C: update <fields>
>     additional name=1234-56.xxxxx ANY TSIG <payload=gssapi mic>
> C: update response
>     additional name=1234-56.xxxxx ANY TSIG <payload=gssapi mic>
>
> You might have a look at "klist" just before the attempt (do a "kinit"
> to zero out your cached tickets) and afterwards to check that you are
> getting the right ticket. As always with kerberos, DNS and NTP setup are
> vital to get this working.
>



------------------------------------------------------------------------
The information contained in this communication is intended
only for the use of the recipient(s) named above. It may
contain information that is privileged or confidential, and
may be protected by State and/or Federal Regulations. If
the reader of this message is not the intended recipient,
you are hereby notified that any dissemination,
distribution, or copying of this communication, or any of
its contents, is strictly prohibited. If you have received
this communication in error, please return it to the sender
immediately and delete the original message and any copy
of it from your computer system. If you have any questions
concerning this message, please contact the sender.
------------------------------------------------------------------------

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20100726/0d63e538/attachment.html>

More information about the bind-users mailing list