Versions Compared

Old Version 2

changes.mady.by.user Alex Mandel

Saved on

compared with

New Version Current

changes.mady.by.user Sri Raghu

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

GSS-TSIG consists of a set of client-server negotiations to establish a security context. It makes use of a Kerberos server (for example, when it is running on the AD domain controller) that functions as the Kerberos KDC (Key Distribution Center) and provides session tickets and temporary session keys to users and computers within an Active Directory (AD) domain. Together, the client and server create and verify transaction signatures on messages they exchange. Microsoft Server versions 2012 R2, 2016, and 2019 support DDNS updates that use GSS-TSIG. You can configure the host NIOS-X Server to accept GSS-TSIG–signed DDNS updates from one or more clients that belong to different AD domains in which each domain has a unique Kerberos key that corresponds to a DNS service principal.

The following is a high-level diagram of the GSS-TSIG process:

...

...

Drawio

...

simple0
zoom1
inComment0
custContentId7342625
pageId11012592
diagramDisplayNameGSS-TSIG-B1DDI
lbox1
contentVer

...

3
revision

...

38
baseUrlhttps://infoblox-docs.atlassian.net/wiki
diagramNameGSS-TSIG-B1DDI
pCenter0
width

...

1006.75
linksauto
tbstyletop
height535

...

1. Generate a keytab file from the Active Directory Kerberos server, and upload it to the Cloud Services Portal. 2. Select Allow GSS-TSIG signed updates in Global DNS Configuration. 3. The client sends a transaction key request. The DNS server responds with a signed TSIG. 4. The client sends an authenticated DDNS update to the DNS server.Image Removed


To view the list of GSS-TSIG entries:

  • If you are a user,  click Manage > Keys click Configure > Administration > TSIG Keys > GSS-TSIG. If there are multiple entries, click the particular entry to view its details. If there are no entries, you can create one by following the instructions in Creating GSS-TSIG.
  • If you are an administrator, you can create, edit, or delete a GSS-TSIG entry. If you are a user, you can only view a GSS-TSIG entry. For more information, see Role-based Access Control.

...

  • Reorder the columns, or select the columns to be displayed: Click the menu button, .

  • Modify a GSS-TSIG entry: Click Image Removed lick the menu button, Image Added and then Edit, or select the checkbox for a specific record and click the Edit button.

  • Delete the GSS-TSIG entry: Click the menu button,  and then > Deleteor select the respective AnyCast address and click the Delete button. A GSS-TSIG entry can be deleted only if it is not used in the GSS-TSIG DNS configuration in the Global DNS Properties, in the DNS Config profile, or at the level of the DNS server.

  • GSS-TSIG entry's information, such as principal, algorithm, version, domain (realm), comment, and tags are shown in the information pane by default. Comment and tags can be modified. If you do not want to view the details in the panel on the right, click the information button, .

  • Search for records in BloxOne Universal DDI according to a specific keyword: Type the keyword in the Search text box. 

  • Filter the objects by Principal, Domain, Version, Algorithm, Comments, or Tags:  Click the filter button, .  To save a filter after selecting the required parameters click click the save button, , specify a name for the filter, and click Save & Close. To reload a previously saved filter, click Image Removedclick the star button, Image Added, and select the required filter. 

...