Infoblox Exchange Cybersecurity Roadshow 2020 – Join us!
North America | Europe | Middle East/Africa | Asia-Pacific

Register Now

DNS DHCP IPAM

Reply
Accepted Solution

GSS-TSIG DDNS updates between a DHCP member and a DNS member. Keytab only on DNS?
WBounni
Guru
Posts: 185

‎11-17-2017 11:27 PM

2984     0

Hi 

 

IF a DHCP grid member needed to do DDNS updates to a DNS grid member that requires a GSS-TSIG signature. My understanding is that the Keytab file will only need to be loaded on the DNS grid member and not the "DHCP grid member"

 

Is this correct?

 

 

Kindly

Wasfi

Labels:
Reply
0 Kudos

Re: GSS-TSIG DDNS updates between a DHCP member and a DNS member. Keytab only on DNS?
SSieber
Adviser
Posts: 101

‎11-18-2017 01:41 AM

2985     0
Dont use GSS-TSIG on INfoblox DNS and DHCP only.

Keytab is needed when

* IB dhcpd shall update MS DNS. You need to load the keytab on IB.

* MS Clients/ DCs shall update IB DNS. Keytab is needed on IB DNS.
Reply
0 Kudos

Re: GSS-TSIG DDNS updates between a DHCP member and a DNS member. Keytab only on DNS?
WBounni
Guru
Posts: 185

‎11-18-2017 12:15 PM

2985     0

Thank you for your reply Sieber. However, I wanted to ask you that in the case of a DNS and DHCP being Grid members, how do you guarantess the integrity of the DDNS update without GSS-TSIG?

 

Kindly

Wasfi

Reply
0 Kudos

Re: GSS-TSIG DDNS updates between a DHCP member and a DNS member. Keytab only on DNS?
SSieber
Adviser
Posts: 101

‎11-19-2017 02:04 AM

2985     0

It will do TSIG signed updates to itself (127.0.0.1) if the DHCP Member is also the DNS Primary for the zone.

 

Reply
0 Kudos

Re: GSS-TSIG DDNS updates between a DHCP member and a DNS member. Keytab only on DNS?

[ Edited ]
WBounni
Guru
Posts: 185

‎11-19-2017 03:07 AM - edited ‎11-19-2017 03:17 AM

2985     0

Sorry, what I meant is that the DHCP server is a Grid member and the Primary DNS server for the zone is also a Grid member, but they are different members. Would TSIG signed updates still take place without the need to load a Ktab file on the DHCP member and DNS member? Based on your last answer I think the answer is Yes. However, thought would check.

 

If yes, is this TSIG signed update automatic or do you need to upload a TSIG on the DHCP member and the DNS member?

 

 

Kindly

Wasfi

 

 

Reply
0 Kudos

Re: GSS-TSIG DDNS updates between a DHCP member and a DNS member. Keytab only on DNS?
SSieber
Adviser
Posts: 101

‎11-19-2017 11:50 AM

2985     0

The DHCP Member will send it to the LAN1 address of the DNS Primary member. The TSIG key will be set automagically by the Grid.

 

Basically, the Grid will take care of all. The only thing you need to do is to enable DDNS and set the 'Domain Name' in the 'IPv4 DHCP Options'.

Reply
0 Kudos

Re: GSS-TSIG DDNS updates between a DHCP member and a DNS member. Keytab only on DNS?
WBounni
Guru
Posts: 185

‎11-19-2017 12:12 PM

2985     0

Thank you. This is perfect.

Reply
0 Kudos
Turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Do you mean 

Recommended for You

Latest Annoucements

Demo: Infoblox IPAM plug-in integration with OpenStack Newton

playicon

Infolbox Experts Community

You have reached the maximum number of topics allowed as a visitor. Please Login or Join the community to continue to read.

Join for free

TOPICS REMAINING

Register for unlimited browsing. Registration is FREE.

Join Community