Hold on a sec you should have a control section in your named.conf That allow line goes in there. -----Original Message----- From: Jason Staudenmayer [mailto:jasons@xxxxxxxxxxxxxx] Sent: Sunday, June 13, 2004 9:09 AM To: 'General Red Hat Linux discussion list' Subject: RE: dynamic DNS issues - invalid TSIG key In your named.conf add something like this: allow { 127.0.0.1; } keys { "<hostname.domain.com>."; }; My systems run local but that should take care of it. -----Original Message----- From: Noah [mailto:admin2@xxxxxxxxxxx] Sent: Saturday, June 12, 2004 6:31 PM To: redhat-list@xxxxxxxxxx Subject: dynamic DNS issues - invalid TSIG key Redhat-8.0 bind-9.2.3 okay I am trying to set up dynamic DNS to bind on a FreeBSD box. I have admin on both client and server side. the client is a redhat-8.0 machine with ISC DHCP installed. right now the client side is complaining of an invalid TSIG key. The keys are cut and Pasted and fomatted properly in each configuration file. so I am at a loss as to what to check next. I have attached the error message. I changed the hostnames and IP addresses to protect the inocent - <> are added to clarify what I did. --- snip --- Jun 12 14:45:44 <hostname> dhclient: if IN A <hostname.domain.com>. rrset doesn't exist add 3600 IN A <hostname.domain.com>. <10.2.1.1> add 3600 IN TXT <hostname.domain.com>. "<key_stuff>": invalid TSIG key. --- snip --- I am following the forwarding tutorial at: http://ops.ietf.org/dns/dynupd/secure-ddns-howto.html#forward so the configuration on the client side looks like this - --- /etc/dhclient-eth0.conf ---- send fqdn.fqdn "<hostname.domain.com>."; send fqdn.encoded on; send fqdn.server-update off; key <hostname.domain.com>. { algorithm HMAC-MD5; secret "<key>"; } zone <domain.com> { key "<hostname.domain.com>."; } interface "eth0" { send host-name "<hostname>"; send dhcp-client-identifier <mac_address>; send dhcp-lease-time 3600; prepend domain-name-servers 127.0.0.1; request subnet-mask, broadcast-address, time-offset, routers, domain-name, domain-name-servers, host-name; require subnet-mask, domain-name-servers; script "/sbin/dhclient-script"; } --- /etc/dhclient-eth0.conf ---- and here are the modfifications on the server side. just the snippets that are relevant to this configuration. the file is fairly large. --- /etc/namedb/named.conf ---- key <hostname.domain.com>. { algorithm HMAC-MD5; secret "<key>"; }; ... zone "<domain.com>" in { type master; file "zones/<domain.com>"; allow-transfer { 64.121.33.4; 216.218.220.21; }; allow-query { any; }; allow-update { none; }; notify yes; update-policy { grant <hostname.domain.com>. name <hostname.domain.com>. A TXT; grant <hostname.domain.com>. name <hostname2.domain.com>. A TXT; grant * self * A TXT; }; }; --- /etc/namedb/named.conf --- clues please? cheers, Noah -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
