Infoblox’s global team of threat hunters uncovers a DNS operation with the ability to bypass traditional security measures and control the Great Firewall of China. Read about “Muddling Meerkat” and the many other threat actors discovered by Infoblox Threat Intel here.



AD-DC updating DNS Records in Infoblox

New Member
Posts: 2
1224     0

Hello there


I am currently setting up a testlab and would like to migrate from Windows DNS to Infoblox. I set up GSS-TSIG acording to this article: Accepting GSS-TSIG-Authenticated Updates - Infoblox NIOS 9.0 - Infoblox Documentation Portal

But I am at a loss here. When I try to update the records from a AD-joint Client with: ipconfig /registerdns  I can see via Wireshark and in the Infoblox Syslog, that something isnt working there.

I want that the Clients update their DNS records on the Infoblox DNS.


Infoblox Syslog



Wireshark capture on Client after "ipconfig /registerdns"



Any help would be much appreciated!

Re: AD-DC updating DNS Records in Infoblox

Posts: 300
1225     0

Just a guess, but it looks like the enctyption types don't match.  All the encryption types need to match, between
1) what gets generated with the ktpass command
2) what gets imported to Infoblox
3) what is supported and enbabled on the Windows clients (including the domain controller)

Re: AD-DC updating DNS Records in Infoblox

New Member
Posts: 2
1225     0

Thank you for the reply! I managed to get it working, I put the IP of the DC in the ACL of the Grid DNS properties.

It does seem that the keytab file is working, when I disable GSS-TSIG updates in the Update Tab of the DNS Grid properties. It won't work. So I think that the ACL entry was needed.

Showing results for 
Search instead for 
Did you mean: 

Recommended for You