When DNS update signing is enabled on the server, SSSD cannot update the DNS record. Running the nsupdate command directly gives TSIG error with server: tsig verify failure.
Notes:
nsupdate can be put into ultra-verbose debug mode by using nsupdate -D -L 9
The error from nsupdate is GSS verify error: GSSAPI error: Major = A token had an invalid Message Integrity Check (MIC), Minor = Success.
When DNS update signing is enabled on the server, SSSD cannot update the DNS record. Running the
nsupdatecommand directly givesTSIG error with server: tsig verify failure.Notes:
nsupdatecan be put into ultra-verbose debug mode by usingnsupdate -D -L 9nsupdateisGSS verify error: GSSAPI error: Major = A token had an invalid Message Integrity Check (MIC), Minor = Success.