Re: Using the NSUPDATE command

Hello Rob,

Am 06.01.2020 um 19:59 schrieb Rob Berendt <rob@xxxxxxxxx>:

Ok, how do I get "authorized"? I didn't see a userid/password keyword.
[…]
I assume that it has something to do with generating a keyfile but I have no clue on how to go about doing that.

nsupdate authorizes via Key File, as Larry pointed out. Generating is described in a multitude of locations, but I'm not sure if this is a BIND proprietary extension.

Generally in Windows, for any zone you can define how to dynamically update the zone. None, secure and secure + insecure. Maybe if you try to set that to insecure as a workaround until a better solution is found, can help? So you can use rndc without keys and other auth methods.

http://www.hexblot.com/blog/managing-windows-server-dns-records-linux-commandline

It seems that secure updates are only possible with integration of the OS as Domain Member:

https://blogs.technet.microsoft.com/jeffbutte/2016/12/18/265/

I'm sure tat IBM i doesn't has this feature.

What would I do? I'd ask the tech guys to install an ssh server on windows and log in to there with proper keys to call dnscmd directly over this session.

ssh Administrator@Servername "dnscmd record add blah"

So no need to do anything fancy with nsupdate or a local dnscmd (which doesn't help because here too, Authentication will fail).

:wq! PoC

PGP-Key: DDD3 4ABF 6413 38DE - https://www.pocnet.net/poc-key.asc