DHCPD - BIND DDNS: dnssec-keygen hmac-md5 removed
Bob Harold
rharolde at umich.edu
Mon Apr 13 12:28:41 UTC 2020
I would suggest:
tsig-keygen your-key-name
It does not need any options, the defaults are fine.
--
Bob Harold
On Fri, Apr 10, 2020 at 7:52 PM moo can via bind-users <
bind-users at lists.isc.org> wrote:
> Hello,
>
> For educational purpose I need to setup an DDNS between DCHPD and BIND.
>
> Everywhere, debian, zytrax, freeipa, veritas ... use dnssec-keygen.
>
> Zytrax:
> dnssec-keygen -a HMAC-SHA512 -b 512 -n HOST keyname
>
> Veritas:
> dnssec-keygen -a HMAC-MD5 -b 128 -n HOST example.com.
>
> Debian:
> dnssec-keygen -a HMAC-MD5 -b 128 -r /dev/urandom -n USER DDNS_UPDATE
>
> HMAC-* support seems to have been removed from dnssec-keygen
> https://gitlab.isc.org/fanf/bind9/commit/80788e72d0698f93e92a0e8f1aa60ff982623997
>
> It seems we need to use tsig-keygen but it is not clear.
>
> I try to follow this guide from debian https://wiki.debian.org/DDNS#How_to_set_up_DDNS as example but there is no -n USER or -n HOST option with tsig-keygen.
>
> I do not find any clear example.
>
> Thanks you in advance for your help.
>
> Kind Regards
> Fabien
>
>
>
>
>
>
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20200413/525b43a9/attachment.htm>
More information about the bind-users
mailing list