Hi,
I am getting update failed on master DNS appliance when I am using
allow-update-forwading,
*updating zone '_msdcs.example.com/IN <http://msdcs.example.com/IN>':
update failed: rejected by secure update (REFUSED)*
example.com is a active directory enabled zone which has one master and one
slave. Master appliance is hidden, so active directory sends updates to
slave appliance using MNAME specified in the zone SOA section.
*master(10.1.10.203) named.conf:*
tkey-gssapi-keytab "/etc/krb5.keytab"; -> In the option section, in /etc
folder we have keytab file
zone "_msdcs.example.com" IN {
type master;
file "/var/named/zones/masters/db._msdcs.example.com";
allow-transfer {10.1.10.144;};
also-notify {10.1.10.144;};
notify explicit;
*update-policy { grant * subdomain _msdcs.example.com
<http://msdcs.example.com>. ANY; };*
check-names ignore;
zone-statistics yes;
};
*slave(10.1.10.144) named.conf:*
zone "_msdcs.example.com" IN {
type slave;
file "/var/named/zones/slaves/db._msdcs.example.com";
allow-notify {10.1.10.203;};
masters {
10.1.10.203;
};
check-names ignore;
zone-statistics yes;
*allow-update-forwarding{10.1.10.158;};*
};
*10.1.10.158 - AD server*
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
