I am trying to have the DNS server of our Active Directory (Windows 2016 server) updated by a Debian client with Bind9.
If the Windows DNS server receives a DNS update, it is transmitted without error to the bind9 slave client.
Only in the other direction it doesn't work: If the client assigns a new address and tries to pass it on to the master server, the error message appears: "Unable to add forward map from <fqdn new client> to <ip new client>: tsig verify failure".
Any ideas?
Server:
Code:
Windows 2016
DNS: -> Zone -> Properties -> General: Dynamic Updates: secure and unsecure
DNS: -> Zone -> Properties -> Nameserver: <ip debian client> as nameserver
DNS: -> Zone -> Zone Transfers -> (x) Allow Zone Transfers; (x) Only to servers listed on the Name Servers Tab.
client:
Code:
/etc/bind/named.conf.local
key DDNS_UPDATE {
algorithm HMAC-MD5.SIG-ALG.REG.INT;
secret "<password>";
};
zone "<fqdn zone name>" {
type slave;
masters {<ip Windows Server>; };
notify yes;
file "/var/cache/bind/db.windns";
allow-update {key DDNS_UPDATE; 127.0.0.1; };
allow-update-forwarding {key DDNS_UPDATE; 127.0.0.1; };
};