On 20.5.2015 17:38, Brian Koontz wrote:
> Running FreeIPA 4.1.4, Fedora 21.  Trying to get dynamic DNS updates on
> clients to work following these instructions:
> 
> http://www.freeipa.org/page/Howto/DNS_updates_and_zone_transfers_with_TSIG
> 
> (Using GSS-TSIG isn't an option because I have no way of authenticating
> every time a client IP changes.)

Generally, GSS-TSIG with Kerberos should not be affected by changes in
client's IP address and is strongly recommended over TSIG.

> I've reread the instructions several times, but each time I get "update
> failed: REFUSED".  Logs aren't showing anything useful other than the query
> is being refused.  Is this document missing an important step?

Yes, thank you for catching this!

I added 'ipa dnszone-mod --dynamic-update=1' command to the how-to:

http://www.freeipa.org/page/Howto/DNS_updates_and_zone_transfers_with_TSIG#Server

> (I saw no
> need to create a DNS/ service as there should be no krb5 authentication
> involved here...)

This is correct assumption, you should not need it.


Thank you for your time!

-- 
Petr^2 Spacek

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to