nsupdate a key file

Kerry Thompson kerry at security.geek.nz
Sat Oct 9 19:57:42 UTC 2004

On Fri, 2004-10-08 at 23:43, Andreas Moroder wrote:

>    algorithm HMAC-MD5.SIG-ALG.REG.INT;
>    secret mysecretkeywashere==;
> };
> zone "sb-brixen.it" in {
>          type master;
>          file "sb-brixen.zone";
>          allow-update { key DHCP_UPDATER; };
> };
> Now I would like to update via nsupdate.
> nsupdate nees a key file, but I have cancelled the original file.
> Is it possible to rebuild the key-file from the secret in named.conf or 
> does this contain a completely different key ?

Yes, the same key string can be used by nsupdate, just copy it into a
file or use it on the command line.

However, it would be a good idea to generate another key for use by
nsupdate. That way you can have better control over which keys can
update which zones and records.

Kerry Thompson CCNA CISSP
IT Security Consultant
kerry at security.geek.nz

More information about the bind-users mailing list