Add support for GSS-API DDNS

For request: http://www.abclinuxu.cz/zpravicky/knot-dns-1.5.0/diskuse#19 or for Bind 9 details see: http://jpmens.net/2012/06/29/dynamic-dns-updates-using-gss-tsig-and-kerberos/

Reassigned to @jvcelak

More info about Samba 4 integration can be found here: https://wiki.samba.org/index.php/DNS_Backend_BIND

I have been looking into this feature some time ago. The GSS authentication requires multi message queries, which is something the server code is not prepared for.

In addition we will need more flexible way for ACLs description.

Adding a support for GSS-API is definitelly possible and I it will probably make Knot DNS an option for enterprise users, however I would give it a low priority - unless the feature is requested by a larger number of users.

Okay, so far we've had one request ... probably no need to give this higher priority then.

Milestone changed to backburner

mentioned in issue #243 (closed)

removed assignee

Dan asked me to comment on this, so here we go: My experience is that GSS-TSIG is a requirement for deployment in internal corporate networks if dynamic updates are in use. The main question is, of course, if we want to invest into this use-case or not.

On the other hand, it is relatively easy to set up an isolated test environment for GSSAPI/Kerberos mechanism so I would welcome patches if there are any.

added feature knot labels

added discussion label

So far, there is no plan or need to implement it.

closed