I'm trying to create a new DNS record on active directory with the nsupdate module. Both, Terraform and ansible works with key_name & key_secret.
If I disable the secure only option on active directory I can create the record. If I set secure only I don't know how to generate the TSIG key.
Anyone is using ansible or terraform with ansible to create dns records?
Best Answer
Windows/AD DNS doesn't support using TSIG keys to perform updates. You have to use a mechanism known as GSS-TSIG to sign the updates which the DNS Terraform provider doesn't currently support, (there is an open PR with a proposal). The alternative is, as you've already figured out, to disable secure updates.