DHCPD - BIND DDNS: dnssec-keygen hmac-md5 removed
Mark Andrews
marka at isc.org
Sat Apr 11 22:00:00 UTC 2020
Use tsig-keygen.
--
Mark Andrews
> On 11 Apr 2020, at 09:52, moo can via bind-users <bind-users at lists.isc.org> wrote:
>
>
> Hello,
>
> For educational purpose I need to setup an DDNS between DCHPD and BIND.
>
> Everywhere, debian, zytrax, freeipa, veritas ... use dnssec-keygen.
> Zytrax:
> dnssec-keygen -a HMAC-SHA512 -b 512 -n HOST keyname
>
> Veritas:
> dnssec-keygen -a HMAC-MD5 -b 128 -n HOST example.com.
>
> Debian:
> dnssec-keygen -a HMAC-MD5 -b 128 -r /dev/urandom -n USER DDNS_UPDATE
>
> HMAC-* support seems to have been removed from dnssec-keygen
> https://gitlab.isc.org/fanf/bind9/commit/80788e72d0698f93e92a0e8f1aa60ff982623997
>
> It seems we need to use tsig-keygen but it is not clear.
>
> I try to follow this guide from debian https://wiki.debian.org/DDNS#How_to_set_up_DDNS as example but there is no -n USER or -n HOST option with tsig-keygen.
>
> I do not find any clear example.
>
> Thanks you in advance for your help.
>
> Kind Regards
> Fabien
>
>
>
>
>
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20200412/18758bc1/attachment.htm>
More information about the bind-users
mailing list