Juergen, > I use GSS-TSIG and the handbook says that in gss-tsig the content of the > identity field ist the common secret which is the kerberos principal.
I believe you'll have to set `tkey-gssapi-credential' and `tkey-domain` for this to work the way you want, though I do confess to not have a running version yet. Check the Bv9ARM, where it says: "normally this principle is of the form "DNS/server.domain". Hope that helps until somebody more knowledgeable comes along. :-) -JP _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users