TSIG with ns_update
Eivind Olsen
eivind at aminor.no
Tue Nov 11 19:50:58 UTC 2003
--On 11. november 2003 10:21 -0600 Jeff Stevens <jstevens at vnet.ibm.com>
wrote:
> If one were to try a manual update to BIND, can a TSIG be used? My
> O'Reilly book talks about DDNS on pg 251 but no mention of TSIGs. I
> wasnt sure if I could use this mechanism for testing...
You mean, how can you authenticate using TSIG?
Here's how I've done it (using nsupdate from BIND 9.2.3):
The file Kmydomain.example.+123+45678.key contains my TSIG key:
vimes# cat Kmydomin.example.+123+45678.key
aminor.no. IN KEY 512 3 157 ABCDABCDABCDABCDABCDAB==
vimes#
vimes# nsupdate -k Kmydomin.example.+123+45678.key
> update add some.test.domain.example. 86400 A 127.0.0.1
> send
> quit
vimes#
And in my named.conf I have something like the following:
[...]
key mydomain.example. {
algorithm "hmac-md5";
secret "ABCDABCDABCDABCDABCDAB==";
};
zone "mydomain.example" {
type master;
file "zonefiles/mydomain.example";
update-policy {
grant mydomain.example. subdomain mydomain.example. ANY;
};
};
[...]
--
Regards / Hilsen
Eivind Olsen
<eivind at aminor.no>
More information about the bind-users
mailing list