Discussion:
Yet another GSS-TSIG thread for BIND9 with AD
(too old to reply)
Tim Maestas
2020-05-24 05:39:15 UTC
Permalink
On Sat, May 23, 2020 at 12:19 PM Vinícius Ferrão via bind-users <
grant * subdomain local.example.com. ANY;
};
};
I use:
grant LOCAL.EXAMPLE.COM ms-self .;
...for my domain joined members and
grant HOSTNAME$@LOCAL.EXAMPLE.COM subdomain local.example.com ANY;
....for my domain controllers.
Vinícius Ferrão
2020-06-13 02:16:01 UTC
Permalink
Hi Tim, sorry foi the delayed answer, but the message was gone to the spam folder.

I tried with your settings but the results were the same:

==> /var/log/named/update.log <==
12-Jun-2020 23:14:42.767 client @0x7f2c580a1ca0 192.0.2.11#55332: updating zone 'local.example.com/IN':<http://local.example.com/IN':> prerequisites are OK
12-Jun-2020 23:14:42.767 client @0x7f2c580a1ca0 192.0.2.11#55332: updating zone 'local.example.com/IN':<http://local.example.com/IN':> rolling back

==> /var/log/named/default.log <==
12-Jun-2020 23:14:42.767 client @0x7f2c580a1ca0 192.0.2.11#55332: update 'local.example.com/IN’<http://local.example.com/IN’> denied


On 24 May 2020, at 02:39, Tim Maestas <***@gmail.com<mailto:***@gmail.com>> wrote:



On Sat, May 23, 2020 at 12:19 PM Vinícius Ferrão via bind-users <bind-***@lists.isc.org<mailto:bind-***@lists.isc.org>> wrote:

grant * subdomain local.example.com<http://local.example.com/>. ANY;
};
};



I use:
grant LOCAL.EXAMPLE.COM<http://local.example.com/> ms-self .;
...for my domain joined members and
grant HOSTNAME$@LOCAL.EXAMPLE.COM<http://local.example.com/> subdomain local.example.com<http://local.example.com/> ANY;
....for my domain controllers.

Loading...