[Samba] Samba 4.8.4 + BIND 9.9.4 - possibility of nonsecure DNS updates
Christian Naumer
cn at brain-biotech.de
Tue Aug 21 19:47:21 UTC 2018
We are running 4 DCs on centos 7 with bind as DNS backend with sernet packages and DNS updates work fine on all of without a rebuild of bind.
Regards
Christian
> Am 21.08.2018 um 17:05 schrieb Rowland Penny via samba <samba at lists.samba.org>:
>
> On Tue, 21 Aug 2018 16:50:19 +0200
> "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:
>
>>
>> ; TSIG error with server: tsig verify failure
>>
>> Mayabe update/setup your TSIG key.
>> https://access.redhat.com/documentation/en-us/openshift_enterprise/2/html/puppet_deployment_guide/generating_a_bind_tsig_key
>>
>> Im also wondering why RH is using : '--disable-isc-spnego'
>>
>
> Good catch Louis, that rang a bell and the answer is because you cannot
> run a Samba AD DC on red-hat with distro packages, so they stop updates
> (Don't ask why, I don't know)
>
> see here:
>
> https://wiki.samba.org/index.php/Using_BIND_DLZ_backend_with_secured_/_signed_DNS_updates
>
> So in answer to the OP, sorry, but I missed/forgot this and the answer
> to your problem is, you will have to rebuild the Bind9 rpm.
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
--
Dr. Christian Naumer
Research Scientist
Plattform-Koordinator Bioprozesstechnik
B.R.A.I.N Aktiengesellschaft
Darmstaedter Str. 34-36, D-64673 Zwingenberg
e-mail cn at brain-biotech.de, homepage www.brain-biotech.de
fon +49-6251-9331-30 / fax +49-6251-9331-11
Sitz der Gesellschaft: Zwingenberg/Bergstrasse
Registergericht AG Darmstadt, HRB 24758
Vorstand: Dr. Juergen Eck (Vorsitzender), Frank Goebel
Aufsichtsratsvorsitzender: Dr. Ludger Mueller
More information about the samba
mailing list