On 22.10.2015 14:23, Justin Lambert wrote:
> When I looked at the DNS logs there was nothing of any value (with a fresh
> attempt of registering DNS records) so I added a logging channel for ldap
> at severity 9.  After restarting bind the DNS registration worked without
> issue.  Removing the logging channel and re-running the update worked.  It
> appears that restarting bind fixed the issue, which is a bit scary.  I’m
> running bind-dyndb-ldap-6.0.2.  Do you know if anyone has seen this issue
> before?

No, I did not hear about this particular issue. Please let me know if it
happens again.

Have a nice day!

Petr^2 Spacek

> 
> On Thu, Oct 22, 2015 at 1:24 AM, Petr Spacek <pspa...@redhat.com> wrote:
> 
>> On 21.10.2015 22:43, Justin Lambert wrote:
>>> ;; ANSWER SECTION:
>>> 2667812275.sig-ipa1.domain.com. 0 ANY TKEY gss-tsig. 0 0 3 BADKEY 0  0
>>>
>>> dns_tkey_negotiategss: TKEY is unacceptable
>>
>> Please consult named logs on server ipa1.domain.com and see if there are
>> any
>> errors related to dynamic update.
>>
>> Speaking about GSS-TSIG, one of problems can be clock skew between DNS
>> server
>> and client.
>>
>> Also, please add information about package versions:
>> $ rpm -q bind bind-dyndb-ldap
>>
>> Thank you.
>>
>> --
>> Petr^2 Spacek

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to