On 21.10.2015 22:43, Justin Lambert wrote: > ;; ANSWER SECTION: > 2667812275.sig-ipa1.domain.com. 0 ANY TKEY gss-tsig. 0 0 3 BADKEY 0 0 > > dns_tkey_negotiategss: TKEY is unacceptable
Please consult named logs on server ipa1.domain.com and see if there are any errors related to dynamic update. Speaking about GSS-TSIG, one of problems can be clock skew between DNS server and client. Also, please add information about package versions: $ rpm -q bind bind-dyndb-ldap Thank you. -- Petr^2 Spacek -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
