dynamic updates & TSIG?
Mark.Andrews at nominum.com
Mark.Andrews at nominum.com
Wed Aug 30 13:14:27 UTC 2000
>
>
> Hi,
>
> I'm testing dynamic updates with TSIG authentication, and found
> out that I can still do updates without using the secret. nsupdate doesnt
> work if I use a bad secret, but updates are accepted if I dont specify a
> key file, and doing the updates via perl works too.
>
> The relevant part of the named.conf:
>
> key "ddns" {
> algorithm hmac-md5;
> secret "B0hE+oyhXgDd9UN2OjDzO7AFZ4LExInmykSDKgYvl1Jni6yQAxEBmq23c43ziem
> hq0ZV/9LVPccEOT+xCVz4Lw==";
> };
>
> server 10.31.8.130 {
> keys { "ddns"; };
> };
>
> zone "test" {
> type master;
> file "test";
> allow-update { 10.31.8.130; };
> };
>
> Any ideas? Thanks in advance.
If you only want signed updates to work then specify that in
the allow-update acl.
>
> Jesus Couto F.
>
>
>
--
Mark Andrews, Nominum Inc.
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at nominum.com
More information about the bind-users
mailing list