Yes it is.
On Thu, May 14, 2009 at 11:36 AM, Doug Barton <do...@dougbarton.us> wrote: > Any reason you have chosen gas vs. TSIG? Is this for a windows environment? > > > > On May 14, 2009, at 7:37 AM, Peter Fraser <petros.fra...@gmail.com> wrote: > >> HI All >> I have been working to get dynamic updates working with bind-9.6 and >> FreeBSD 7 So far I have done the following: >> >> 1. Compiled bind with GSSAPI enabled. >> 2. Added these to named.conf >> >> options { >> ... >> tkey-gssapi-credential "DNS/mydomain.com"; >> ... >> }; >> >> and >> >> zone "mydomain.com" { >> type master; >> file "master/mydomain.com"; >> update-policy { >> grant MYDOMAIN.COM ms-subdomain * A; >> }; >> }; >> >> zone "1.168.192.in-addr.arpa" { >> type master; >> file "master/1.168.192.in-addr.arpa"; >> update-policy { >> grant MYDOMAIN.COM ms-subdomain * PTR; >> }; >> }; >> >> >> 3. Created a user in AD called binddns and set the password to never >> expire. >> 4. Used ktpass to create the keytab like this: >> C:\> ktpass -out krb5.keytab -princ >> DNS/binddns.mydomain....@mydomain.com -pass * -mapuser >> bind...@mydomain.com >> >> 5. Copied krb5.keytab to /etc >> 6. At s point I figured I should be done. Reloaded bind but no updates. >> >> I now ran kinit and nsupdate -g from the box >> >> server server.mydomain.com >> zone atlas.local >> debug >> send >> >> and saw the following: >> >> Reply from SOA query: >> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2310 >> ;; flags: qr aa ra ; QUESTION: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 >> ;; QUESTION SECTION: >> ;atlas.local. IN SOA >> >> ;; ANSWER SECTION: >> mydomain.com. 3600 IN SOA server.mydomain.com. >> admin.mydomain.com. 715 900 600 86400 3600 >> >> ;; ADDITIONAL SECTION: >> server.mydomain.com. 3600 IN A 192.168.1.100 >> >> Found zone name: mydomain.com >> The master is: server.mydomain.com >> start_gssrequest >> send_gssrequest >> Outgoing update query: >> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62457 >> ;; flags: ; QUESTION: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 >> ;; QUESTION SECTION: >> ;575112106.sig-server.mydomain.com. ANY TKEY >> >> ;; ADDITIONAL SECTION: >> 575112106.sig-server.mydomain.com. 0 ANY TKEY gss-tsig. 1242311154 >> 1242311154 3 NOERROR 1243 >> >> LOTS OF GIBBERISH >> >> dns_request_getresponse: FORMERR >> >> I still am not however seeing the zone files updated or any jnl files. >> Anything else I could do to troubleshoot this? >> _______________________________________________ >> bind-users mailing list >> bind-users@lists.isc.org >> https://lists.isc.org/mailman/listinfo/bind-users > _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users