You might try changing your update-policy from:
grant johnmill-dnst...@lab.brandeis.edu zonesub ANY;
grant * zonesub ANY;
to
grant johnmill-dnst...@lab.brandeis.edu zonesub ANY;
grant LAB.BRANDEIS.EDU zonesub ANY;
I’m not positive this is the proper syntax since we don’t use the zonesub
Thanks to both Mark and Nicholas for the help. Unfortunately, still not
able to get this working (BIND 9.8.2 (RHEL 6) AD 2008R2). It's a case
of AD negotiating a TKEY (successfully), then reverting back to unsigned
updates. If an update's not signed, doesn't matter what your
update-policy
See
tkey-gssapi-credential quoted_string;
tkey-gssapi-keytab quoted_string;
grant ms-subdomain ;
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
3 matches
Mail list logo