BIND 9.11.2, named-checkconf barfs on cookie-secret
Ingeborg Hellemo
ingeborg.hellemo at uit.no
Wed Jan 3 12:48:28 UTC 2018
I want to upgrade to BIND 9.11.2
I have an anycast cluster and want to pre-set the server cookie string with
option cookie-secret.
My problem is that named-checkconf complains over the length of the
cookie-secret regardless how I set cookie-secret and cookie-algorithm:
options {
...
cookie-secret "b603f51bdd19cd343da445d207b728e1";
};
~/#named-checkconf /etc/namedb/named.conf
/etc/namedb/named.conf:33: SHA1 cookie-secret must be on 160 bits
/etc/namedb/named.conf:33: SHA256 cookie-secret must be on 256 bits
If I change to
options {
...
cookie-algorithm sha256;
cookie-secret "f974e9f8435c7b3da20940e3b073b1800b8d3637425ac743f21a3b57
561c552a";
};
~/#named-checkconf /etc/namedb/named.conf
/etc/namedb/named.conf:34: AES cookie-secret must be on 128 bits
/etc/namedb/named.conf:34: SHA1 cookie-secret must be on 160 bits
~/#named-checkconf -v
9.11.2
What am I missing? Bug in named-checkconf?
--Ingeborg
--
Ingeborg Østrem Hellemo -- ingeborg.hellemo at uit.no
Dep. of Information Technology --- Univ. of Tromsø
More information about the bind-users
mailing list