Panic Time! Key Generation Question
Mark Andrews
marka at isc.org
Wed Apr 27 13:01:16 UTC 2011
In message <201104270737.p3R7bAd4013509 at x.it.okstate.edu>, Martin McCormick wri
tes:
> Torinthiel writes:
> > Try deleting the space. Just this. dnssec-keygen inserts space for
> > readability purposes only. If you still have original *.key and
> > *.private files, you can check it yourself, that the Key field in
> > *private contains exactly the same as *.key, minus the space.
>
> It actually had the space, also. I did remove the space in the
> .key file and dhcp dynamic updates started working again but I
> am still really stuck. If I take those key files and put them in
> /home/martin/keys, nsupdate -d -k
> $HOME/keys/Kkeyname.+random.key, the error is always file not
> found or that the private key is invalid. It's just the files as
> produced by the dnssec-keygen program.
>
> The output of nsupdate is always:
>
> Creating key...
> could not read key from /home/martin/keys/Kkey_name.+157+18051.private:
> private key is invalid
You are using a dnssec-keygen with a old nsupdate. Add '-C' (compatability
mode) to generate keys with dnssec-keygen for use with the old nsupdate.
> I get the same results by using the .key file although they are
> specified clearly in the path.
>
> I've been doing dynamic dns for about 6 years and
> decided to change the key as the old one may have been
> compromised. It worked fine and this one works everywhere now
> except for nsupdate.
>
> I am at my wits' end. Thanks for the help. I do not understand
> why nsupdate is now broken.
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list