How can Client send TKEY to Server using nsupdate
Mark Andrews
Mark_Andrews at isc.org
Wed Nov 8 17:36:07 UTC 2006
> Hi Bind Gurus,
> I am trying to send a dynamic update to server using Diffie-Hellman key
> exchange.
> I am trying to use nsupdate to send the message.
> I have generated the DH keys by the following command.
>
> dnssec-keygen -a DH -b 512 -n USER -g 2 kkkey
>
> the following key was generated
>
> Kkkkey.+002+01827.private
>
> When i did
> nsupdate -k Kkkkey.+002+01827.private
> I got the following error message:
> "could not create key from Kkkkey.+002+01827.private: bad algorithm"
>
> I then tried the following:
> nsupdate
> > server 1.1.1.1
> > zone kk.com
> > update add kk.bsr.com 0 TKEY hmac-md5.sig-alg.reg.int. 10318 37255 300 16 Y
> == 32593 NOERROR O
> I got the following error message:
> "invalid rdata format: not a valid number"
>
> Please help me to send a TKEY RR, KEY RR, for DH exchange.
>
> Thanks in advance
> KK
Check that you are using matching versions of dnssec-keygen and
nsupdate.
drugs:marka 04:30 {137} % dnssec-keygen -a DH -b 512 -n USER -g 2 kkkey
Kkkkey.+002+14357
drugs:marka 04:34 {138} % nsupdate -k Kkkkey.+002+14357 -d
Creating key...
> drugs:marka 04:34 {139} %
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list