nsupdate a key file
Kerry Thompson
kerry at security.geek.nz
Sat Oct 9 19:57:42 UTC 2004
On Fri, 2004-10-08 at 23:43, Andreas Moroder wrote:
> key DHCP_UPDATER {
> algorithm HMAC-MD5.SIG-ALG.REG.INT;
> secret mysecretkeywashere==;
> };
>
> zone "sb-brixen.it" in {
> type master;
> file "sb-brixen.zone";
> allow-update { key DHCP_UPDATER; };
> };
>
> Now I would like to update via nsupdate.
> nsupdate nees a key file, but I have cancelled the original file.
>
> Is it possible to rebuild the key-file from the secret in named.conf or
> does this contain a completely different key ?
Yes, the same key string can be used by nsupdate, just copy it into a
file or use it on the command line.
However, it would be a good idea to generate another key for use by
nsupdate. That way you can have better control over which keys can
update which zones and records.
--
Kerry Thompson CCNA CISSP
IT Security Consultant
kerry at security.geek.nz
More information about the bind-users
mailing list