Re: Unix client and secure DNS updates
- From: "Herb Martin" <news@xxxxxxxxxxxxxx>
- Date: Fri, 12 May 2006 23:24:52 -0500
"Herofish" <Herofish@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:2D56124E-034D-42C5-9338-E5DB1D4BA46E@xxxxxxxxxxxxxxxx
Here's my environment: Windows 2000 AD integrated DNS, with secure updates
only. I have a couple of Solaris 9 hosts which need to update their DNS
entries. How to do this dynamic update from a Solaris host?
You (probably) don't.
Since you require secure updates (a good thing),
the registering machine must be authenticated.
[There is a (at least theoretical) possibility to authenticate
with Samba (but I know little about that.) ]
Here is a good article which explains how Windows 2000 DNS secure updates
happen, and that it is TSIG compliant, etc.
http://www.microsoft.com/technet/prodtechnol/windows2000serv/plan/w2kdns2.mspx
According to my understanding, theoretically it should be possible for the
Unix client to authenticate to AD using Kerberos, then perform a DNS
update.
At least theoretically BUT there are two easier ways...
Is this true? More importantly, how exactly is this implemented on the
Unix
host??
Research some (e.g., Samba) AD authenticating client OR
try it through direct Kerberos V5 authentication (which
probably isn't worth the trouble.)
Two easier ways:
1) Static machines -- register them manually.
2) DHCP clients -- let the DHCP server do it.
--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]
Thanks.
.
- Prev by Date: Re: 2000 DNS not replicating records between parent and child
- Next by Date: Re: My boss....
- Previous by thread: Re: 2000 DNS not replicating records between parent and child
- Next by thread: dns.exe and listening ports - Trojans?
- Index(es):
Relevant Pages
|
