Microsoft DHCP server and Unix BIND dynamic DNS

Question

Is there any way to make Microsoft DHCP server to securely dynamically update A and PTR records in Unix Bind DNS zone?

Microsoft supports secure update using username/password authentication. Bind9 support secure update using keys. But I couldn't find the way to make Microsoft DHCP to use key as it can be done with dhcpd.

score 1 · Accepted Answer · edited Apr 13 '17 at 12:14

1

No, not securely.

You might be able to have a single Microsoft DNS server and then do some kind of zone transfer between that and BIND?

These links may or may not help in that regard:

edited Apr 13 '17 at 12:14

Community

1

answered Oct 27 '14 at 21:17

briantist

2,545
1
19
34

2

It's possible to do with GSS-TSIG (Kerberos). – Vinícius Ferrão Oct 28 '14 at 04:07
Thanks briantist, I've decided to move DNS zone to Microsoft DNS server and it solved my problem. – Roman_T Oct 30 '14 at 15:21

score 1 · Answer 2 · answered Oct 28 '14 at 03:51

I spent some time trying to achieve something similar. In the "allow-update" statement, BIND recognizes two "Microsoft" update sources: ms-self and ms-subdomain.

My task was a temporary solution so I went with vanilla TSIG keys, but if you can get GSS-TSIG working with AD here are some useful links:

http://www.zytrax.com/books/dns/ch7/xfer.html#update-policy

https://lists.isc.org/pipermail/bind-users/2013-April/090301.html

Microsoft DHCP server and Unix BIND dynamic DNS

2 Answers2