On 2/4/16 5:25 PM, Randy McEoin wrote: > > I've run into an annoyance using Kea and PowerDNS. When Kea is > configured to perform DDNS to a PowerDNS Authoritative server, it > believes it fails the updates. In the kea-ddns.log is the following: > > > DHCP_DDNS_INVALID_RESPONSE received response to DNS Update message is > malformed: TSIG verification failed: BADSIG > > > In PowerDNS's logs are a happy successful update. But despite the > successful update from PDNS's perspective, Kea will retry two more > times, which results in a total of 3 updates for the same set of > records. Technically it all works, but Kea thinks it did not and > there are the wasted 2 additional updates. > > > Doing an update with nsupdate -D to PowerDNS shows that the TSIG is valid. > > > I compiled the Kea source from github and tinkered enough with > tsig.cc's TSIGContext::verify enough to confirm that it's the final > return statement that does the return of TSIGError::BAD_SIG(). I > can't tell why any earlier check doesn't return TSIGError::NOERROR(). > > > I've tested out Kea with a BIND server and it works okay, no > TSIG errors. Also tried the original ISC DHCP with PowerDNS and can > see it works just fine with no griping from it. > > > I've done packet captures using Kea, nsupdate, and ISC DHCP as the > requester DDNS, as well as trying out BIND or PowerDNS as the > destination. So far the only thing I've noticed is that Kea sets the > Original ID in the requesting packet to 0. Both nsupdate and ISC DHCP > set the Original ID equal to the Transaction ID. > > > At this point I can't really tell if it's an issue with how Kea > handles the TSIG or PowerDNS. Anyone have some thoughts? > > > Thanks, > > Randy > > > > _______________________________________________ > Kea-users mailing list > [email protected] > https://lists.isc.org/mailman/listinfo/kea-users Hello Randy:
Thanks for reporting this and for providing the packet captures. We'll look into it. Thomas Markwalder ISC Software Engineering
_______________________________________________ Kea-users mailing list [email protected] https://lists.isc.org/mailman/listinfo/kea-users
