Problem using nsupdate with DNSSEC
Leif Jakob
bind at jakob.weite-welt.com
Wed Oct 4 15:03:03 UTC 2000
Hi List!
I have problems using DNSSEC with bind 8.2.2 (I know this is not the recent version
but DNSSEC should be running in already). Here is my /etc/named.conf:
-- CUT HERE --
trusted-keys {
jakob.dynip.x-serv.de 257 3 157 "c2bFsI9njRZCTCmc/Wuv9IXkOKdhx+D7jzzn1JLhI9U";
};
zone "jakob.dynip.x-serv.de" IN {
type master;
file "jakob.dynip.x-serv.de";
check-names fail;
allow-update { any; };
};
-- CUT HERE --
The update with nsupdate using not signed requests works:
test2.jakob.dynip.x-serv.de. 1M IN A 234.234.234.234
;; Querying server (# 1) address = 194.97.54.250
;; got answer:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 6559
;; flags: qr ra; ZONE: 0, PREREQUISITE: 0, UPDATE: 0, ADDITIONAL: 0
Using signed requests fails:
nsupdate -d -k /var/named:jakob.dynip.x-serv.de. << EOF
update add test3.jakob.dynip.x-serv.de 60 A 234.234.234.234
EOF
;; got answer:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 47204
;; flags: qr ra; ZONE: 1, PREREQUISITE: 0, UPDATE: 0, ADDITIONAL: 1
;; jakob.dynip.x-serv.de, type = SOA, class = IN
. 0S ANY TSIG . 17
You can play with that zone, the key above is correct (will be changed if it works).
Thanks
Leif Jakob
More information about the bind-users
mailing list