TSIG DDNS and windows clients
Pete Fry
cadel2010 at googlemail.com
Tue May 12 09:57:23 UTC 2020
All
I've inherited a BIND environment and i'm trying to understand a few things
as currently we are experiences an issue related to DDNS.
we have
site 1
hostA
site 2
hostB
We have a HArecord, and we want HostA or HostB to be able to update the
HArecord (i.e. failover cluster type configuration)
config:
Zone file:
zone "TEST" {
check-names ignore;
type master;
file "/var/named/dynamic/TEST";
allow-update {
auth-dns;
dynamic-TEST;
};
};
lists.conf
acl dynamic-update-ads {
192.168.2.1 // hostA
192.168.5.1 // hostB
dynamic-TEST-tsig;
};
acl dynamic-TEST-tsig {
// any host which is not..
!{
// not in the new acls
!dynamic-test-site1;
!dynamic-test-site2;
any;
};
// but has the key
key TEST-key;
};
acl !dynamic-test-site1 {
192.168.2.1/32; // HostA
};
acl !dynamic-test-site2 {
192.168.5.1/32; // HostB
};
however these windows machines keep saying bad key, I know i'm missing
something obvious but how do i get this to work?
happy to be able to give the key to the windows boxes if anyone knows
but i'm drawing a blank
Regards
Cade
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20200512/e612f9de/attachment-0001.htm>
More information about the bind-users
mailing list