dynamic updates & TSIG?
Jesus Couto
jesus.couto at innosec.es
Wed Aug 30 09:45:23 UTC 2000
Hi,
I'm testing dynamic updates with TSIG authentication, and found
out that I can still do updates without using the secret. nsupdate doesnt
work if I use a bad secret, but updates are accepted if I dont specify a
key file, and doing the updates via perl works too.
The relevant part of the named.conf:
key "ddns" {
algorithm hmac-md5;
secret "B0hE+oyhXgDd9UN2OjDzO7AFZ4LExInmykSDKgYvl1Jni6yQAxEBmq23c43ziemhq0ZV/9LVPccEOT+xCVz4Lw==";
};
server 10.31.8.130 {
keys { "ddns"; };
};
zone "test" {
type master;
file "test";
allow-update { 10.31.8.130; };
};
Any ideas? Thanks in advance.
Jesus Couto F.
More information about the bind-users
mailing list