Hi Mark! Thank you for your answer.
By default authenticated users (domain members) are able to update their records if the zone allows "secure only" DNS updates on a Windows DNS server. So this is fine... I'm wondering if someone could have ever sent a successful secure DNS update via NSUPDATE against a Windows Server. Thanks in advance. Best Regards, Arpad Mark Andrews <[EMAIL PROTECTED]> írta: > > In message <[EMAIL PROTECTED]>, arpad bind writes > : > > Hello, > > > > > > I have a problem with secure update via BIND 9.5 against Windows 2003 SP2 Dy > > namic DNS service. DNS server is rejecting the updates. (Secure Updates from > > MS clients works fine.) > > > > > > > > I did these steps: > > > > * GSS support was compiled (compiler gcc) > > > > * linked against AIX 5.3 Kerberos libaries and MIT Kerberos 1.6.3 (with none > > of them it works) > > > > - update is tried as domain admin, and option '-o' activates the Microsoft i > > mplementation of GSS protocol > > > > #> kinit > > > > #> nsupdate -o > > > > > update add test123.test.hu 86400 A 10.144.164.100 > > > > > send > > > > - DNS server replies with: > > > > ; TSIG error with server: tsig verify failure > > > > update failed: REFUSED > > > > In the network trace I see that the TKEY is negotiated successfully but the > > update will be refused. > > > > Could someone help me please how to set up secure DDNS against Windows DNS v > > ia NSUPDATE? > > > > Thanks in advance. > > > > Best Regards, > > > > Arpad > > That's a matter of finding the right Windows documentation > which describes how to allow a particular principal to update > the DNS. When you find it please let us know. > > Mark > -- > Mark Andrews, ISC > 1 Seymour St., Dundas Valley, NSW 2117, Australia > PHONE: +61 2 9871 4742 INTERNET: [EMAIL PROTECTED] > ______________________________________________________________________ Vujity Tvrtko: „Én már tudom melyik nyelviskolába érdemes beiratkozni!” Katedra Nyelviskola - felnõtteknek, gyerekeknek garantált minõség 37 városban www.katedra.hu
