On Sun, Mar 10, 2013 at 02:36:49AM +0000, James Harper wrote:
>
> dyndns isn't reliable anymore without spending money
>
> James
I just got mine going again, so it can be done.
1. run dnssec-keygen to create a key:
> dnssec-keygen -a HMAC-MD5 -b 128 -n user demo
You have to give the key a name, in this case "demo". This produces 2 files:
> 18:29:20$ cat Kdemo.+157+19918.key
> demo. IN KEY 0 3 157 V0CPzW/olG4V1uWFH2REDA==
> 18:29:22$ cat Kdemo.+157+19918.private
> Private-key-format: v1.3
> Algorithm: 157 (HMAC_MD5)
> Key: V0CPzW/olG4V1uWFH2REDA==
> Bits: AAA=
> Created: 20130310071613
> Publish: 20130310071613
> Activate: 20130310071613
2. configure this key in /etc/named.conf:
> key demo {
> algorithm HMAC-MD5;
> secret V0CPzW/olG4V1uWFH2REDA==;
> };
3. Insert or modify "allow-update" lines in each applicable zone to read:
> allow-update { key demo; };
4. Configure the key and the zones in which it is to be used in /etc/dhcpd.conf.
> key demo {
> algorithm HMAC-MD5;
> secret V0CPzW/olG4V1uWFH2REDA==;
> };
>
> zone mshome.net. {
> primary 127.0.0.1;
> key demo;
> }
>
> zone 0.168.192.in-addr.arpa. {
> primary 127.0.0.1;
> key demo;
> }
For an explanation, see
man 5 dhcpd.conf
man dnssec-keygen
file:///usr/doc/bind-9.9.1-P3/arm/Bv9ARM.html [YMMV]
These suggest the name "DHCP_UPDATER" in place of "demo".
Cheers ... Duncan.
--
Please avoid sending me Word or PowerPoint attachments.
See http://www.gnu.org/philosophy/no-word-attachments.html
_______________________________________________
luv-main mailing list
[email protected]
http://lists.luv.asn.au/listinfo/luv-main
