Hi, I am getting update failed on master DNS appliance when I am using allow-update-forwading, *updating zone '_msdcs.example.com/IN <http://msdcs.example.com/IN>': update failed: rejected by secure update (REFUSED)*
example.com is a active directory enabled zone which has one master and one slave. Master appliance is hidden, so active directory sends updates to slave appliance using MNAME specified in the zone SOA section. *master(10.1.10.203) named.conf:* tkey-gssapi-keytab "/etc/krb5.keytab"; -> In the option section, in /etc folder we have keytab file zone "_msdcs.example.com" IN { type master; file "/var/named/zones/masters/db._msdcs.example.com"; allow-transfer {10.1.10.144;}; also-notify {10.1.10.144;}; notify explicit; *update-policy { grant * subdomain _msdcs.example.com <http://msdcs.example.com>. ANY; };* check-names ignore; zone-statistics yes; }; *slave(10.1.10.144) named.conf:* zone "_msdcs.example.com" IN { type slave; file "/var/named/zones/slaves/db._msdcs.example.com"; allow-notify {10.1.10.203;}; masters { 10.1.10.203; }; check-names ignore; zone-statistics yes; *allow-update-forwarding{10.1.10.158;};* }; *10.1.10.158 - AD server*
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users