Hi Charles,
On 9 Aug 2025, at 0:22, Charles Curley wrote:
> Bind9 has the following in rndc-key:
>
> key "rndc-key" {
> algorithm hmac-sha256;
> secret "647CTfwwE280ZZNAVJtQrLqt8VfGJkX61J/Ws/TNUc4=";
> };
>
>
> kea-dhcp-ddns.conf includes the following:
>
> "tsig-keys": [
> {
> "name": "example",
> "algorithm": "hmac-sha256",
> "secret": "647CTfwwE280ZZNAVJtQrLqt8VfGJkX61J/Ws/TNUc4="
> }
> ],
>
> I tried naming the key "rndc-key" but that also failed.
the TSIG-Keys need to have the same name on both sides (same name, same
algorithm, same key-data ("secret"), same clock-time on the machines).
I recommend to create a dedicated TSIG key with the "tsig-keygen" command, and
having the DDNS TSIG-key separate from the "rndc" TSIG key.
If you post the full "kea-dhcp-ddns.conf" (and BIND 9 "named.conf") content,
people here on the list might be able to spot the issue.
Greetings
Carsten
--
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
Kea-users mailing list
Kea-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/kea-users
