On 22.10.2015 14:23, Justin Lambert wrote:
> When I looked at the DNS logs there was nothing of any value (with a fresh
> attempt of registering DNS records) so I added a logging channel for ldap
> at severity 9. After restarting bind the DNS registration worked without
> issue. Removing the logging channel and re-running the update worked. It
> appears that restarting bind fixed the issue, which is a bit scary. I’m
> running bind-dyndb-ldap-6.0.2. Do you know if anyone has seen this issue
No, I did not hear about this particular issue. Please let me know if it
Have a nice day!
> On Thu, Oct 22, 2015 at 1:24 AM, Petr Spacek <pspa...@redhat.com> wrote:
>> On 21.10.2015 22:43, Justin Lambert wrote:
>>> ;; ANSWER SECTION:
>>> 2667812275.sig-ipa1.domain.com. 0 ANY TKEY gss-tsig. 0 0 3 BADKEY 0 0
>>> dns_tkey_negotiategss: TKEY is unacceptable
>> Please consult named logs on server ipa1.domain.com and see if there are
>> errors related to dynamic update.
>> Speaking about GSS-TSIG, one of problems can be clock skew between DNS
>> and client.
>> Also, please add information about package versions:
>> $ rpm -q bind bind-dyndb-ldap
>> Thank you.
>> Petr^2 Spacek
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project