Is your dns server set to secure updates only?

On Tue, Mar 13, 2018, 5:40 AM Roger Martensson <>

> After som serious digging I caved in and upgraded dnsutils on my Ubuntu.
> Seems that the future Ubuntu 18.04 has a non-working install of nsupdate.
> When upgrading to version 9.12 nsupdate (using ISC PPA) everything started
> to work.
> 2018-03-09 19:24 GMT+01:00 Roger Martensson <>:
>> Hi!
>> Setup: Ubuntu 18.04 (future), SSSD 1.16.0, nsupdate/bind: 9.11.2.P1,
>> 2008R2 DC/DNS
>> I need some help and guidance with troubleshooting nsupdate-problems.
>> I get the famous "TSIG error with server: tsig verify failure" when
>> trying to update my A-record against our Microsoft DNS.
>> I get the error in sssd-logs and the same error when running nsupdate
>> manually with the same input as found in the logs (when cranking up debug
>> level).
>> I have tried with client keytab and with a user that I know have
>> permission to update. (nsupdate with -g)
>> SSSD is fully configured and I can do user lookups and logins. ldapsearch
>> agains different domains in the forest with -Y GSSAPI works without problem.
>> Our setup is a domain forest where the clients are in the subdomain and
>> the DNS is in the parent domain. Parent DNS domain and subdomains is in the
>> same Zone and has Secure Only updates enabled.
>> Anyone have any ideas what I can do next to troubleshoot this issue?
> _______________________________________________
> sssd-users mailing list --
> To unsubscribe send an email to
sssd-users mailing list --
To unsubscribe send an email to

Reply via email to