RE: dynamic DNS issues - invalid TSIG key

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hold on a sec you should have a control section in your named.conf
That allow line goes in there.

-----Original Message-----
From: Jason Staudenmayer [mailto:jasons@xxxxxxxxxxxxxx] 
Sent: Sunday, June 13, 2004 9:09 AM
To: 'General Red Hat Linux discussion list'
Subject: RE: dynamic DNS issues - invalid TSIG key


In your named.conf add something like this:
allow { 127.0.0.1; } keys { "<hostname.domain.com>."; };

My systems run local but that should take care of it.


-----Original Message-----
From: Noah [mailto:admin2@xxxxxxxxxxx] 
Sent: Saturday, June 12, 2004 6:31 PM
To: redhat-list@xxxxxxxxxx
Subject: dynamic DNS issues - invalid TSIG key


Redhat-8.0
bind-9.2.3

okay I am trying to set up dynamic DNS to bind on a FreeBSD box.  I have
admin
on both client and server side.  the client is a redhat-8.0 machine with ISC
DHCP installed.

right now the client side is complaining of an invalid TSIG key.  The keys
are
cut and Pasted and fomatted properly in each configuration file.  so I am at
a
loss as to what to check next.

I have attached the error message.  I changed the hostnames and IP addresses
to protect the inocent - <> are added to clarify what I did.

--- snip ---

Jun 12 14:45:44 <hostname> dhclient: if IN A <hostname.domain.com>. rrset
doesn't exist add 3600 IN A <hostname.domain.com>. <10.2.1.1> add 3600 IN
TXT
<hostname.domain.com>. "<key_stuff>": invalid TSIG key.

--- snip --- 

I am following the forwarding tutorial at:
http://ops.ietf.org/dns/dynupd/secure-ddns-howto.html#forward

so the configuration on the client side looks like this - 

--- /etc/dhclient-eth0.conf ----

send fqdn.fqdn "<hostname.domain.com>.";
send fqdn.encoded on;
send fqdn.server-update off;

key <hostname.domain.com>. {
    algorithm HMAC-MD5;
    secret "<key>";
}

zone <domain.com> {
    key "<hostname.domain.com>.";
}

interface "eth0" {
    send host-name "<hostname>";
    send dhcp-client-identifier <mac_address>;
    send dhcp-lease-time 3600;
    prepend domain-name-servers 127.0.0.1;
    request subnet-mask, broadcast-address, time-offset, routers,
            domain-name, domain-name-servers, host-name;
    require subnet-mask, domain-name-servers;
    script "/sbin/dhclient-script";
}

--- /etc/dhclient-eth0.conf ----


and here are the modfifications on the server side.  just the snippets that
are relevant to this configuration.  the file is fairly large.

--- /etc/namedb/named.conf ----

key <hostname.domain.com>. {
   algorithm HMAC-MD5;
   secret "<key>";
};

...

zone "<domain.com>" in {
  type master;
  file "zones/<domain.com>";
  allow-transfer { 64.121.33.4; 216.218.220.21; };
  allow-query { any; };
  allow-update { none; };
  notify yes;
  update-policy {
        grant <hostname.domain.com>. name <hostname.domain.com>. A TXT;
        grant <hostname.domain.com>. name <hostname2.domain.com>. A TXT;
        grant * self * A TXT;
  };
};

--- /etc/namedb/named.conf ---


clues please?

cheers,

Noah


-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list


-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list


-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]


  Powered by Linux