When I looked at the DNS logs there was nothing of any value (with a fresh attempt of registering DNS records) so I added a logging channel for ldap at severity 9. After restarting bind the DNS registration worked without issue. Removing the logging channel and re-running the update worked. It appears that restarting bind fixed the issue, which is a bit scary. I’m running bind-dyndb-ldap-6.0.2. Do you know if anyone has seen this issue before?
On Thu, Oct 22, 2015 at 1:24 AM, Petr Spacek <pspa...@redhat.com> wrote: > On 21.10.2015 22:43, Justin Lambert wrote: > > ;; ANSWER SECTION: > > 2667812275.sig-ipa1.domain.com. 0 ANY TKEY gss-tsig. 0 0 3 BADKEY 0 0 > > > > dns_tkey_negotiategss: TKEY is unacceptable > > Please consult named logs on server ipa1.domain.com and see if there are > any > errors related to dynamic update. > > Speaking about GSS-TSIG, one of problems can be clock skew between DNS > server > and client. > > Also, please add information about package versions: > $ rpm -q bind bind-dyndb-ldap > > Thank you. > > -- > Petr^2 Spacek > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
