TSIG DDNS and windows clients
Bob Harold
rharolde at umich.edu
Tue May 12 12:40:15 UTC 2020
On Tue, May 12, 2020 at 5:57 AM Pete Fry via bind-users <
bind-users at lists.isc.org> wrote:
> All
>
> I've inherited a BIND environment and i'm trying to understand a few
> things as currently we are experiences an issue related to DDNS.
>
> we have
>
> site 1
> hostA
>
> site 2
> hostB
>
> We have a HArecord, and we want HostA or HostB to be able to update the
> HArecord (i.e. failover cluster type configuration)
>
> config:
> Zone file:
>
> zone "TEST" {
> check-names ignore;
> type master;
> file "/var/named/dynamic/TEST";
> allow-update {
> auth-dns;
> dynamic-TEST;
> };
> };
>
> lists.conf
>
> acl dynamic-update-ads {
> 192.168.2.1 // hostA
> 192.168.5.1 // hostB
> dynamic-TEST-tsig;
> };
>
> acl dynamic-TEST-tsig {
> // any host which is not..
> !{
> // not in the new acls
> !dynamic-test-site1;
> !dynamic-test-site2;
> any;
> };
> // but has the key
> key TEST-key;
> };
>
For testing purposes, start with a simpler acl, like:
acl dynamic-TEST-tsig {
key TEST-key;
};
And see if that works.
>
> acl !dynamic-test-site1 {
> 192.168.2.1/32; // HostA
> };
>
> acl !dynamic-test-site2 {
> 192.168.5.1/32; // HostB
> };
>
>
"acl !" seems wrong to me. Is that a legal syntax? And if so, what does
it mean?
--
Bob Harold
> however these windows machines keep saying bad key, I know i'm missing something obvious but how do i get this to work?
>
> happy to be able to give the key to the windows boxes if anyone knows but i'm drawing a blank
>
> Regards
>
> Cade
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20200512/440faeca/attachment.htm>
More information about the bind-users
mailing list