[Samba] Samba 4.8.4 + BIND 9.9.4 - possibility of nonsecure DNS updates

Christian Naumer cn at brain-biotech.de
Tue Aug 21 19:47:21 UTC 2018


We are running 4 DCs on centos 7 with bind as DNS backend with sernet packages and DNS updates work fine on all of without a rebuild of bind. 

Regards

Christian

> Am 21.08.2018 um 17:05 schrieb Rowland Penny via samba <samba at lists.samba.org>:
> 
> On Tue, 21 Aug 2018 16:50:19 +0200
> "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:
> 
>> 
>> ; TSIG error with server: tsig verify failure
>> 
>> Mayabe update/setup your TSIG key. 
>> https://access.redhat.com/documentation/en-us/openshift_enterprise/2/html/puppet_deployment_guide/generating_a_bind_tsig_key 
>> 
>> Im also wondering why RH is using : '--disable-isc-spnego' 
>> 
> 
> Good catch Louis, that rang a bell and the answer is because you cannot
> run a Samba AD DC on red-hat with distro packages, so they stop updates
> (Don't ask why, I don't know)
> 
> see here:
> 
> https://wiki.samba.org/index.php/Using_BIND_DLZ_backend_with_secured_/_signed_DNS_updates
> 
> So in answer to the OP, sorry, but I missed/forgot this and the answer
> to your problem is, you will have to rebuild the Bind9 rpm.
> 
> Rowland
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

-- 
Dr. Christian Naumer
Research Scientist
Plattform-Koordinator Bioprozesstechnik

B.R.A.I.N Aktiengesellschaft
Darmstaedter Str. 34-36, D-64673 Zwingenberg
e-mail cn at brain-biotech.de, homepage www.brain-biotech.de
fon +49-6251-9331-30  /   fax +49-6251-9331-11

Sitz der Gesellschaft: Zwingenberg/Bergstrasse
Registergericht AG Darmstadt, HRB 24758
Vorstand: Dr. Juergen Eck (Vorsitzender), Frank Goebel
Aufsichtsratsvorsitzender: Dr. Ludger Mueller


More information about the samba mailing list