11-17-2017 11:27 PM
IF a DHCP grid member needed to do DDNS updates to a DNS grid member that requires a GSS-TSIG signature. My understanding is that the Keytab file will only need to be loaded on the DNS grid member and not the "DHCP grid member"
Is this correct?
Solved! Go to Solution.
11-18-2017 01:41 AM
Keytab is needed when
* IB dhcpd shall update MS DNS. You need to load the keytab on IB.
* MS Clients/ DCs shall update IB DNS. Keytab is needed on IB DNS.
11-18-2017 12:15 PM
Thank you for your reply Sieber. However, I wanted to ask you that in the case of a DNS and DHCP being Grid members, how do you guarantess the integrity of the DDNS update without GSS-TSIG?
11-19-2017 02:04 AM
It will do TSIG signed updates to itself (127.0.0.1) if the DHCP Member is also the DNS Primary for the zone.
11-19-2017 03:07 AM - edited 11-19-2017 03:17 AM
Sorry, what I meant is that the DHCP server is a Grid member and the Primary DNS server for the zone is also a Grid member, but they are different members. Would TSIG signed updates still take place without the need to load a Ktab file on the DHCP member and DNS member? Based on your last answer I think the answer is Yes. However, thought would check.
If yes, is this TSIG signed update automatic or do you need to upload a TSIG on the DHCP member and the DNS member?
11-19-2017 11:50 AM
The DHCP Member will send it to the LAN1 address of the DNS Primary member. The TSIG key will be set automagically by the Grid.
Basically, the Grid will take care of all. The only thing you need to do is to enable DDNS and set the 'Domain Name' in the 'IPv4 DHCP Options'.