dynamic DNS issues - invalid TSIG key
Daniel Roesen
dr at bofh.de
Mon Jun 14 21:30:21 UTC 2004
* Noah <admin2 at enabled.com>:
> I verified the spelling of the keyname on both the client and server
> config files.
OK, this is popular reason #1. :-)
> right now the client side is complaining of an invalid TSIG key.
Are system clocks NTP-synched? TSIG requires system clocks to be within
a certain window of synchronicity.
> --- /etc/namedb/named.conf ----
>
> key <hostname.domain.com>. {
> algorithm HMAC-MD5;
> secret "<key>";
> };
>
> ...
>
> zone "<domain.com>" in {
> type master;
> file "zones/<domain.com>";
> allow-transfer { <10.2.2.1>; <10.2.2.2>; };
> allow-query { any; };
> allow-update { none; };
> notify yes;
> update-policy {
> grant <hostname.domain.com>. name <hostname.domain.com>. A TXT;
> grant <hostname.domain.com>. name <hostname2.domain.com>. A TXT;
> grant * self * A TXT;
> };
> };
Erm... how about
allow-update { key <hostname.domain.com>.; };
Regards,
Daniel
More information about the bind-users
mailing list