Problem with Dynamic DNS Updates using TSIG

Kevin Darcy kcd at chrysler.com
Thu Apr 16 02:42:26 UTC 2009


Erisan Nyamutenha wrote:
> Hi all,
> Can any one help me out, I'm having a problem setting up Dynamic DNS updates using TSIG. I'm running ISC Bind 9 on SLES 10 and ISC DHCP 3.0.3 on SLES 10. I need to get my DHCP to update my DNS. Here is my DNS and DHCP config plus the error i'm getting from nsupdate. hostnames and IPs have been changed for obvious reasons.
>
> Regards
>
> Erisan
>
>
> 1. DNS Configuration named.conf
>
> key dns1-dhcp1 {
>   algorithm HMAC-MD5;
>   secret "0d07/kpYCGfnxbjkRT/QkA==";
> };
>
> zone "domain-name" {
>         type master;
>         file "zone file location";
>         allow-update { key dns1-dhcp1; };
> };
>
>
> 2. DHCP Configuration dhcpd.conf
>
> key dns1-dhcp1 {
>  algorithm HMAC-MD5;
>  secret "0d07/kpYCGfnxbjkRT/QkA==";
> };
>
> zone domain-name. {
>  primary [dns1-ip-add];
>  key dns1-dhcp1;
> }
>
> zone 111.111.in-addr.arpa. {
>  primary [dns1-ip-add];
>  key dns1-dhcp1;
> }
>  3. The error I get
>
> dhcp1:~ # nsupdate -y dns1-dhcp1:0d07/kpYCGfnxbjkRT/QkA==
>   
>> update add jogle-laptop.its.uct.ac.za 86400 A 137.158.156.95
>> send
>>     
> ; TSIG error with server: tsig indicates error
> update failed: NOTAUTH(BADKEY)
>   
Are you sure that Dynamic Update is going to the same server? If you 
don't give it a "server" statement, nsupdate will determine the primary 
master based on what is in the SOA record for the zone.

I always use "-d" (debug) with nsupdate, otherwise you're basically 
blind as to what it's doing. That should tell you if it's sending the 
update where you think it is.

- Kevin




More information about the bind-users mailing list