[130413] in North American Network Operators' Group
Re: Active Directory requires Microsoft DNS?
daemon@ATHENA.MIT.EDU (Rob Austein)
Sat Oct 2 14:03:40 2010
Date: Sat, 02 Oct 2010 14:03:27 -0400
From: Rob Austein <sra@isc.org>
To: nanog@nanog.org
In-Reply-To: <20100924174508.GQ31091@macbook.catpipe.net>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
At Fri, 24 Sep 2010 19:45:09 +0200, Phil Regnauld wrote:
>
> What about dynamic updates of the client ? It's usually not
> a problem in this direction (Windows client -> BIND DNS), but as you
> say it won't be secure (GSS-TSIG).
Recent versions of BIND 9 include GSS-TSIG support. It's harder to
use than it should be, partly due to lack of documentation (mea
culpa), and has some limitations, but does work for the basic task of
letting clients (Windows or otherwise) in an Active Directory
environment perform DDNS updates using GSS-TSIG authentication.
See https://lists.isc.org/pipermail/bind-users/ for recent discussion.
