1. Forum
  2. USENET
  3. comp.protocols.dns.bind

  • Re: TSIG DDNS and windows clients

    From Bob Harold@rharolde@umich.edu to Grant Taylor on Wed May 13 16:06:53 2020
    From Newsgroup: comp.protocols.dns.bind

    --000000000000bb318a05a58d1ff9
    Content-Type: text/plain; charset="UTF-8"

    On Wed, May 13, 2020 at 3:49 PM Grant Taylor via bind-users < bind-users@lists.isc.org> wrote:

    On 5/13/20 6:29 AM, Bob Harold wrote:
    Your ACL looks right. I think Ben has the key - Windows uses GSS-TSIG,
    not regular TSIG. Not sure how or if that can be solved.

    I would bet someone a coffee and doughnut that it can.

    Check out Jan-Piet Mens' article:

    Link - RFC 2136 Dynamic DNS Updates using GSS-TSIG and Kerberos
    -

    https://jpmens.net/2012/06/29/dynamic-dns-updates-using-gss-tsig-and-kerberos/



    --
    Grant. . . .
    unix || die


    Thanks for the link. Lots of pieces to get working there. Not nearly as simple as TSIG. But good if you are already using Kerberos.
    --
    Bob Harold

    --000000000000bb318a05a58d1ff9
    Content-Type: text/html; charset="UTF-8"
    Content-Transfer-Encoding: quoted-printable

    <div dir=3D"ltr"><div dir=3D"ltr"><br></div><div class=3D"gmail_quote"><div=
    dir=3D"ltr" class=3D"gmail_attr">On Wed, May 13, 2020 at 3:49 PM Grant Tay= lor via bind-users &lt;<a href=3D"mailto:bind-users@lists.isc.org">bind-use= rs@lists.isc.org</a>&gt; wrote:<br></div><blockquote class=3D"gmail_quote" = style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);pa= dding-left:1ex">On 5/13/20 6:29 AM, Bob Harold wrote:<br>
    &gt; Your ACL looks right.=C2=A0 I think Ben has the key - Windows uses GSS= -TSIG, <br>
    &gt; not regular TSIG.=C2=A0 Not sure how or if that can be solved.<br>

    I would bet someone a coffee and doughnut that it can.<br>

    Check out Jan-Piet Mens&#39; article:<br>

    Link - RFC 2136 Dynamic DNS Updates using GSS-TSIG and Kerberos<br>
    =C2=A0 - <br>
    <a href=3D"https://jpmens.net/2012/06/29/dynamic-dns-updates-using-gss-tsig= -and-kerberos/" rel=3D"noreferrer" target=3D"_blank">https://jpmens.net/201= 2/06/29/dynamic-dns-updates-using-gss-tsig-and-kerberos/</a><br>



    -- <br>
    Grant. . . .<br>
    unix || die<br></blockquote><div><br></div><div>Thanks for the link.=C2=A0 = Lots of pieces to get working there.=C2=A0 Not nearly as simple as TSIG.=C2= =A0 But good if you are already using Kerberos.</div><div><br></div><div>--= =C2=A0</div><div>Bob Harold</div><div>=C2=A0</div></div></div>

    --000000000000bb318a05a58d1ff9--
    --- Synchronet 3.21d-Linux NewsLink 1.2
  • From Paul Ebersman@list-bind-users@dragon.net to Bob Harold on Wed May 13 16:35:02 2020
    From Newsgroup: comp.protocols.dns.bind

    rharolde> Thanks for the link. Lots of pieces to get working there. Not rharolde> nearly as simple as TSIG. But good if you are already using
    rharolde> Kerberos.

    MS active directory is kerberos under the hood. You don't need to run a
    classic mit/hesiod KDC to get GSS-TSIG to work. But it is cryptic and a
    pain.
    --- Synchronet 3.21d-Linux NewsLink 1.2