On 22.10.2015 14:23, Justin Lambert wrote: > When I looked at the DNS logs there was nothing of any value (with a fresh > attempt of registering DNS records) so I added a logging channel for ldap > at severity 9. After restarting bind the DNS registration worked without > issue. Removing the logging channel and re-running the update worked. It > appears that restarting bind fixed the issue, which is a bit scary. I’m > running bind-dyndb-ldap-6.0.2. Do you know if anyone has seen this issue > before?
No, I did not hear about this particular issue. Please let me know if it happens again. Have a nice day! Petr^2 Spacek > > On Thu, Oct 22, 2015 at 1:24 AM, Petr Spacek <[email protected]> wrote: > >> On 21.10.2015 22:43, Justin Lambert wrote: >>> ;; ANSWER SECTION: >>> 2667812275.sig-ipa1.domain.com. 0 ANY TKEY gss-tsig. 0 0 3 BADKEY 0 0 >>> >>> dns_tkey_negotiategss: TKEY is unacceptable >> >> Please consult named logs on server ipa1.domain.com and see if there are >> any >> errors related to dynamic update. >> >> Speaking about GSS-TSIG, one of problems can be clock skew between DNS >> server >> and client. >> >> Also, please add information about package versions: >> $ rpm -q bind bind-dyndb-ldap >> >> Thank you. >> >> -- >> Petr^2 Spacek -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
