After som serious digging I caved in and upgraded dnsutils on my Ubuntu.
Seems that the future Ubuntu 18.04 has a non-working install of nsupdate.
When upgrading to version 9.12 nsupdate (using ISC PPA) everything started
to work.

2018-03-09 19:24 GMT+01:00 Roger Martensson <>:

> Hi!
> Setup: Ubuntu 18.04 (future), SSSD 1.16.0, nsupdate/bind: 9.11.2.P1,
> 2008R2 DC/DNS
> I need some help and guidance with troubleshooting nsupdate-problems.
> I get the famous "TSIG error with server: tsig verify failure" when trying
> to update my A-record against our Microsoft DNS.
> I get the error in sssd-logs and the same error when running nsupdate
> manually with the same input as found in the logs (when cranking up debug
> level).
> I have tried with client keytab and with a user that I know have
> permission to update. (nsupdate with -g)
> SSSD is fully configured and I can do user lookups and logins. ldapsearch
> agains different domains in the forest with -Y GSSAPI works without problem.
> Our setup is a domain forest where the clients are in the subdomain and
> the DNS is in the parent domain. Parent DNS domain and subdomains is in the
> same Zone and has Secure Only updates enabled.
> Anyone have any ideas what I can do next to troubleshoot this issue?
sssd-users mailing list --
To unsubscribe send an email to

Reply via email to