nsupdate not working at all with keys.

Martin McCormick martin at dc.cis.okstate.edu
Fri Jun 7 13:51:04 UTC 2002

	I am trying to get nsupdate to work in order to be able
to use ddns with bind9.2.1.  When I call

nsupdate -d -k /var/named/keys:key_name_file I get no other result than
dst_read_key: error reading key .  The /var/named/keys directory
is there and the key_name_file pair is in that directory, no
question about it.  The system is using FreeBSD4.5 and another
Freebsd4.5 platform shows precisely the same behavior.

	The -d flag for nsupdate does not provide any more
information and I do get the same error if the files are removed
from the key-holding directory so it sounds as if nsupdate isn't
finding the files.

	The documentation on the ISC web site in the FAQ's
section is clear and shows the following example:

                                             Nominum Resources FAQs (p18 of 20)
>   Then, you will need to copy both key files into a location on the
>   client system. (using /var/named/tsig as example). Finally, you need
>   to run the command:
>   nsupdate -k /var/named/tsig:tsig-key.

	I do all that and get
dst_read_key: error reading key
no matter whether the files are there or not on two different
systems.  I even put a period after the end of the file name in
case the period in the example was actually literal and not just
the end of the sentence.

	What else should I try?

	Has anything changed about the key algorithm since
February of 2001 that would make that key not work today?  It
works fine in the rndc.conf file when matched in named.conf.

Martin McCormick

More information about the bind-users mailing list