Fedora placeholder, since in the end I created patch that seems to work. I'll send it to upstream, so the behavior can be changed at least there.
+++ This bug was initially created as a clone of Bug #1261155 +++
...
--- Additional comment from Petr Spacek on 2015-09-10 14:10:31 CEST ---
Okay then, in that case we have to fix a bug in nsupdate.
nsupdate apparently exists on GSSAPI failure when called with option -g and does not process other command blocks (separated by 'send' command).
This is different than behavior for other errors where nsupdate just skips the block which failed and continues with the next block of commands.
...
--- Additional comment from Petr Spacek on 2015-09-10 14:58:10 CEST ---
Reproducer:
Store this in a file called "upd":
update add nsupdate.test.redhat.com 666 IN A 192.0.2.1
send
update add nsupdate.test.redhat.com 666 IN TXT "HELLo!"
send
And compare output from following commands:
$ nsupdate /tmp/upd
update failed: REFUSED
update failed: REFUSED
$ nsupdate -g /tmp/upd
tkey query failed: GSSAPI error: Major = Unspecified GSS failure. Minor code may provide more information, Minor = Server DNS/xxx not found in Kerberos database.
You can see that first run without GSSAPI tried both command blocks but the second run with GSSAPI failed on first command block and did not continue.