DHCPD - BIND DDNS: dnssec-keygen hmac-md5 removed

moo can moocan2112 at yahoo.fr
Fri Apr 10 23:52:12 UTC 2020


Hello,
For educational purpose I need to setup an DDNS between DCHPD and BIND.
Everywhere, debian, zytrax, freeipa, veritas ... use dnssec-keygen.Zytrax: 
dnssec-keygen -a HMAC-SHA512 -b 512 -n HOST keyname

Veritas: 
dnssec-keygen -a HMAC-MD5 -b 128 -n HOST example.com.

Debian: 
dnssec-keygen -a HMAC-MD5 -b 128 -r /dev/urandom -n USER DDNS_UPDATE
HMAC-* support seems to have been removed from dnssec-keygen
https://gitlab.isc.org/fanf/bind9/commit/80788e72d0698f93e92a0e8f1aa60ff982623997

It seems we need to use tsig-keygen but it is not clear.

I try to follow this guide from debian https://wiki.debian.org/DDNS#How_to_set_up_DDNS as example but there is no -n USER or -n HOST option with tsig-keygen.

I do not find any clear example.

Thanks you in advance for your help.

Kind Regards
Fabien






-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20200410/89857d56/attachment.htm>


More information about the bind-users mailing list