nsupdate fails with tsig error.
Dan Farrell
dan at spore.ath.cx
Sat Dec 1 02:15:24 UTC 2007
I am no expert -- far from -- but I thought maybe this exerpt from my
own -- working -- DDNS configuration might bring you one step closer to
achieving your goals.
Last things first.
> I really wouldn't have thought it mattered at all where the
> nsupdate came from.
Do you have 'allow-update' declarations in named.conf? Read on.
Are you using a secret key for DNS, and the _same_ key for DHCP?
AFAIK DDNS only works with a key.
=======================================
key "rndc-key" {
algorithm hmac-md5;
secret "xxxxxxxxxxxxxxxxxxxxxxxx";
# clearly those 'x's are replacing real secret, but the length
# is right.
};
ddns-update-style interim;
use-host-decl-names on;
allow client-updates;
and don't forget zone declarations for your subnets in dhcpd.conf:
zone spore.ath.cx. {
primary 192.168.1.87;
key rndc-key;
}
zone 1.168.192.in-addr.arpa. {
primary 192.168.1.87;
key rndc-key;
}
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.101 192.168.1.199;
option domain-name-servers 192.168.1.87, 192.168.1.1;
option domain-name "spore.ath.cx";
ddns-domainname "spore.ath.cx";
option routers 192.168.1.1;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.1.255;
one-lease-per-client on;
update-static-leases on;
}
===========================================
_and_ sections to /etc/bind/named.conf that looks like this:
--------------------------------------------
include "/etc/bind/rndc.key";
controls {
inet 127.0.0.1 port 953
allow { 192.168.1.87; 127.0.0.1; 192.168.1.1; 192.168.40.1;}
keys { rndc-key; }; };
zone "spore.ath.cx" {
type master;
file "personal/spore.fw";
forwarders { };
allow-update { key "rndc-key"; };
};
-------------------------------------------
and I suppose you want to know what /var/bind/rndc.key looks like:
-------------------------------------------
key "rndc-key" {
algorithm hmac-md5;
secret "xxxxxxxxXXXXXXXXxxxxxxxx";
};
-------------------------------------------
Clearly, both secrets must be the same.
More information about the dhcp-users
mailing list