dynamic updates & TSIG?

Mark.Andrews at nominum.com Mark.Andrews at nominum.com
Wed Aug 30 13:14:27 UTC 2000


> 
> 
> 	Hi,
> 
> 	I'm testing dynamic updates with TSIG authentication, and found
> out that I can still do updates without using the secret. nsupdate doesnt
> work if I use a bad secret, but updates are accepted if I dont specify a
> key file, and doing the updates via perl works too.
> 
> 	The relevant part of the named.conf:
> 
> key "ddns" {
> 	algorithm hmac-md5;
> 	secret "B0hE+oyhXgDd9UN2OjDzO7AFZ4LExInmykSDKgYvl1Jni6yQAxEBmq23c43ziem
> hq0ZV/9LVPccEOT+xCVz4Lw==";
> };
> 
> server 10.31.8.130 {
> 	keys { "ddns"; };
> };
> 
> zone "test" {
> 	type master;
> 	file "test";
> 	allow-update { 10.31.8.130; };
> };
> 
> 	Any ideas? Thanks in advance.


	If you only want signed updates to work then specify that in
	the allow-update acl.

> 
> 					Jesus Couto F.
> 
> 
> 
--
Mark Andrews, Nominum Inc.
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at nominum.com



More information about the bind-users mailing list