I run a SOHO network composed mostly of Debian Linux boxen plus a few
others. I have been running ISC dhcpd and bind9. I have some experience
with bind, but am a complete kea newbie.
As Debian is about to release a new version, code-named trixie, I
thought this would be a good time to move to kea. So I set up a two
computer test network and installed kea 2.6.3 on both of them. I have
HA working between them.
I am now trying to get DDNS working. The bind9 server (9.20.11) is
running. I think I have DDNS working correctly, but the zone files are
never updated. I get three of the following message in named's log each
time there is a DHCP event:
client @0x7fcb3983fc00 192.168.10.1#59736: request has invalid signature: TSIG
rndc-key: tsig verify failure (BADKEY)
(These log extracts are pasted in unwrapped, so they should be readable
in a large enough window.)
The systemd journal shows, e.g.:
Aug 08 13:40:28 tiassa kea-dhcp-ddns[103650]: ERROR
DHCP_DDNS_FORWARD_ADD_RESP_CORRUPT DHCP_DDNS Request ID
00020193B49AA98512E0BB5B282FB1FCE7720E91177993E9EA8AE11F536574A8C9B5EB:
received a corrupt response from the DNS server, 192.168.10.1 port:53, while
adding forward address mapping for FQDN, jhegaalaw.example.
Aug 08 13:40:28 tiassa kea-dhcp-ddns[103650]: ERROR
DHCP_DDNS_FORWARD_ADD_RESP_CORRUPT DHCP_DDNS Request ID
00020193B49AA98512E0BB5B282FB1FCE7720E91177993E9EA8AE11F536574A8C9B5EB:
received a corrupt response from the DNS server, 192.168.10.1 port:53, while
adding forward address mapping for FQDN, jhegaalaw.example.
Aug 08 13:40:28 tiassa kea-dhcp-ddns[103650]: ERROR
DHCP_DDNS_FORWARD_ADD_RESP_CORRUPT DHCP_DDNS Request ID
00020193B49AA98512E0BB5B282FB1FCE7720E91177993E9EA8AE11F536574A8C9B5EB:
received a corrupt response from the DNS server, 192.168.10.1 port:53, while
adding forward address mapping for FQDN, jhegaalaw.example.
Aug 08 13:40:28 tiassa kea-dhcp-ddns[103650]: ERROR DHCP_DDNS_ADD_FAILED
DHCP_DDNS Request ID
00020193B49AA98512E0BB5B282FB1FCE7720E91177993E9EA8AE11F536574A8C9B5EB:
Transaction outcome Status: Failed, Event: NO_MORE_SERVERS_EVT, Forward
change: failed, Reverse change: failed, request: Type: 0 (CHG_ADD)
Aug 08 13:40:28 tiassa kea-dhcp-ddns[103650]: Forward Change: yes
Aug 08 13:40:28 tiassa kea-dhcp-ddns[103650]: Reverse Change: yes
Aug 08 13:40:28 tiassa kea-dhcp-ddns[103650]: FQDN: [jhegaalaw.example.]
Aug 08 13:40:28 tiassa kea-dhcp-ddns[103650]: IP Address: [192.168.10.15]
Aug 08 13:40:28 tiassa kea-dhcp-ddns[103650]: DHCID:
[00020193B49AA98512E0BB5B282FB1FCE7720E91177993E9EA8AE11F536574A8C9B5EB]
Aug 08 13:40:28 tiassa kea-dhcp-ddns[103650]: Lease Expires On: 20250808200028
Aug 08 13:40:28 tiassa kea-dhcp-ddns[103650]: Lease Length: 1200
Aug 08 13:40:28 tiassa kea-dhcp-ddns[103650]: Conflict Resolution Mode:
check-with-dhcid
Bind9 has the following in rndc-key:
key "rndc-key" {
algorithm hmac-sha256;
secret "647CTfwwE280ZZNAVJtQrLqt8VfGJkX61J/Ws/TNUc4=";
};
kea-dhcp-ddns.conf includes the following:
"tsig-keys": [
{
"name": "example",
"algorithm": "hmac-sha256",
"secret": "647CTfwwE280ZZNAVJtQrLqt8VfGJkX61J/Ws/TNUc4="
}
],
I tried naming the key "rndc-key" but that also failed.
--
Does anybody read signatures any more?
https://charlescurley.com
https://charlescurley.com/blog/
--
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
Kea-users mailing list
Kea-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/kea-users
