[Freeipa-users] Updates refused when trying to do dynamic DNS updates with TSIG
Petr Spacek
pspacek at redhat.com
Thu May 21 10:51:07 UTC 2015
On 20.5.2015 17:38, Brian Koontz wrote:
> Running FreeIPA 4.1.4, Fedora 21. Trying to get dynamic DNS updates on
> clients to work following these instructions:
>
> http://www.freeipa.org/page/Howto/DNS_updates_and_zone_transfers_with_TSIG
>
> (Using GSS-TSIG isn't an option because I have no way of authenticating
> every time a client IP changes.)
Generally, GSS-TSIG with Kerberos should not be affected by changes in
client's IP address and is strongly recommended over TSIG.
> I've reread the instructions several times, but each time I get "update
> failed: REFUSED". Logs aren't showing anything useful other than the query
> is being refused. Is this document missing an important step?
Yes, thank you for catching this!
I added 'ipa dnszone-mod --dynamic-update=1' command to the how-to:
http://www.freeipa.org/page/Howto/DNS_updates_and_zone_transfers_with_TSIG#Server
> (I saw no
> need to create a DNS/ service as there should be no krb5 authentication
> involved here...)
This is correct assumption, you should not need it.
Thank you for your time!
--
Petr^2 Spacek
More information about the Freeipa-users
mailing list