Problem using nsupdate with DNSSEC

Leif Jakob bind at jakob.weite-welt.com
Wed Oct 4 15:03:03 UTC 2000


Hi List!

I have problems using DNSSEC with bind 8.2.2 (I know this is not the recent version
but DNSSEC should be running in already). Here is my /etc/named.conf:

-- CUT HERE --
trusted-keys {
    jakob.dynip.x-serv.de 257 3 157 "c2bFsI9njRZCTCmc/Wuv9IXkOKdhx+D7jzzn1JLhI9U";
};

zone "jakob.dynip.x-serv.de" IN {
    type master;
    file "jakob.dynip.x-serv.de";
    check-names fail;
    allow-update { any; };
};
-- CUT HERE --

The update with nsupdate using not signed requests works:

test2.jakob.dynip.x-serv.de.  1M IN A  234.234.234.234
;; Querying server (# 1) address = 194.97.54.250
;; got answer:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 6559
;; flags: qr ra; ZONE: 0, PREREQUISITE: 0, UPDATE: 0, ADDITIONAL: 0

Using signed requests fails:

nsupdate -d -k /var/named:jakob.dynip.x-serv.de. << EOF
update add test3.jakob.dynip.x-serv.de 60 A 234.234.234.234

EOF

;; got answer:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 47204
;; flags: qr ra; ZONE: 1, PREREQUISITE: 0, UPDATE: 0, ADDITIONAL: 1
;;      jakob.dynip.x-serv.de, type = SOA, class = IN
.                       0S ANY TSIG     . 17

You can play with that zone, the key above is correct (will be changed if it works).


Thanks

Leif Jakob



More information about the bind-users mailing list