System Administration & Network Administration
windows windows-server-2008-r2 bind ddns
Updated Sat, 23 Jul 2022 01:56:35 GMT

DDNS from Windows/BIND with DHCP keys

Background: We plan to create a SQL AlwaysOn Availability Group cluster across multiple subnets. Therefore we're going to need the Windows 2008 R2 servers in this cluster to be able to update DNS dynamically (for fail-over situations). We run BIND DNS. We know that we can authorize DNS updates based on IP address. We also know that BIND supports DNS update authorization from DHCP keys.

Question: Can we install DHCP keys* on the Windows server so that we can authorize it to make DNS updates in BIND that way? If so, how?

* DHCP keys are also called transaction signatures (TSIG).


You've probably figured this out already, since in the answer to this question you learned you could download nsupdate for Windows, but you can use TSIG to authenticate updates between nsupdate and your BIND server.

Consult section 4.5 of the BIND Administrator's Reference Manual ("ARM") for details. The ARM is included with your BIND distribution, or you may use the links on ISC's web site.