Panic Time! Key Generation Question
Martin McCormick
martin at dc.cis.okstate.edu
Wed Apr 27 05:52:56 UTC 2011
I changed our tsig key and broke the world. Actually, the DNS's
are happy. DHCP appears to be happy, but I am generating bad
keys.
I wrote a script as follows:
#! /bin/sh
/usr/local/sbin/dnssec-keygen -a hmac-md5 -b 512 -n HOST keyname
It produced a beautiful-looking key that bind was happy with in
named.conf. Rndc worked after changing it there so I installed
it in our production DNS's.
Then the fun started. I put it in dhcpd and it broke
because there was at least one blank in the string.
After googling a bit, I used all after the blank. This
made bind happy, still and dhcp worked but the original key no
longer works so we can't do any manual dynamic updates until I
install a key that actually works.
Everything I read says to generate the key in pretty
much this manner so how can I get one that works everywhere
without white spaces that will blow up dhcpd?
I guess I was lucky before that there wre no spaces in the
previous key.
Thanks for any help.
Martin McCormick WB5AGZ Stillwater, OK
Systems Engineer
OSU Information Technology Department Telecommunications Services Group
More information about the bind-users
mailing list