Problem with allow-update with TSIG

Kevin Darcy kcd at daimlerchrysler.com
Fri Apr 26 21:25:21 UTC 2002


Did you tell nsupdate to sign the update? You didn't mention any "-k"
option in your nsupdate command line...


- Kevin

Krishna wrote:

> Hi,
>
> I am pretty much new to DNS in general & DDNS in particular.
> So please excuse any stupidity on my part:-)
>
> After having set up my Linux 2.4.17 box as a DNS server,
> I was able to update records using nsupdate from a host
> machine using
> allow-update { 192.168.100.0/24;};
> [I am using BIND 8.2.3].
>
> But this was not the case
> when I tried using TSIG. With nsupdate -d I got
> the following log(part of it) :
>
> ;; Querying server (# 1) address = 192.168.100.3
> ;; got answer:
> ;; ->>HEADER<<- opcode: UPDATE, status: NOTAUTH, id: 4905
> ;; flags: qr ra; ZONE: 1, PREREQUISITE: 0, UPDATE: 0, ADDITIONAL: 1
> ;;      bombay.tsoft.com, type = SOA, class = IN
> bombay.tsoft.com.  0S ANY TSIG     HMAC-MD5.SIG-ALG.REG.INT. 18
> ;; res_nupdate: res_nsend: send error, n=-1 (Inappropriate ioctl for
> device)
>
> Of course, the keys are the same at both ends. Also, no error
> msg in /var/log/message on either end.
> Then whats the reason for the "NOTAUTH" ? And whats the reason for the
> inappropriate "ioctl"?
>
> A snippet of my named.conf is given:
>
> key bombay.tsoft.com. {
>     algorithm HMAC-MD5.SIG-ALG.REG.INT;
>     secret  "BNWSFyxJ8dxKJfraPcU0Kg==";
> };
>
> zone "bombay.tsoft.com" in {
>         type master;
>         file "named.bombay.tsoft.com";
>         allow-update { key bombay.tsoft.com.; };
> };
>
> Could someone please point out any error or suggestion?
>
> Thanks in advance,
> Krishna



More information about the bind-users mailing list