I'm experiencing constant failures with dynamic DNS updates on some of our Oracle Linux servers that are using SSSD for AD authentication. The update process is producing multiple errors and I'm struggling to understand why this is happening. Here's a snippet from the logs highlighting the issue:
```
update delete uvaapmmora02.domain.local. in A
update add uvaapmmora02.domain.local. 300 in A 10.116.233.35
send
update delete uvaapmmora02.domain.local. in AAAA
send
-- End nsupdate message --
```
The logs continue with various errors indicating that the DNS update failed. I'd appreciate any insights on how to troubleshoot or fix this issue!
3 Answers
I haven't worked with Windows in ages, but this is why we always set static DNS entries for our servers. It saves a lot of hassle with dynamic DNS issues.
You should run `nsupdate` manually to see if it logs any specific error message. Create a file with your nsupdate message and execute it like this: `kinit -V -k -c /tmp/hostcc && KRB5CCNAME=/tmp/hostcc nsupdate -g /tmp/nsupdate.txt`. This will give you clearer error diagnostics that could help pinpoint the problem.
If you've got secure dynamic updates enabled in your Microsoft DNS settings, you might need to turn off GSS-TSIG in your sssd.conf file. Just make sure it looks like this:
```
[domainexample.com]
#...
dyndns_auth = none
```
I do have secure updates checked in DNS, so I’ll try that change.
We used to rely on static entries too, but maintenance became a nightmare with server replacements. Plus, with our current CI/CD pipelines, the server names change frequently.