(domain names and keys changed in production from these values)

I'm running the following:

root@ns1:~# pdns_server --version
Jan 28 09:54:21 PowerDNS Authoritative Server
4.8.0-alpha0.1002.master.g13427ee56 (C) 2001-2022 PowerDNS.COM BV
Jan 28 09:54:21 Using 64-bits mode. Built using gcc 9.4.0 on Jan 18 2023
12:08:28 by root@4f762a9684f6.

I was able (until yesterday) to update DNS entries using RFC2136, but am
now receiving the following error:

Packet for 'mydomain.com' denied: Signature with TSIG key 'dhcpupdate' does
not match the expected algorithm (hmac-sha256 / hmac-md5.sig-alg.reg.int)

My TSIG key is set as follows:

root@ns1:~# pdnsutil generate-tsig-key dhcpupdate hmac-sha256Create new
TSIG key dhcpupdate hmac-sha256

and the configuration in my RFC2136 client (opnsense) is:

[image: 2023-01-28_09-57.png]

Advice is very welcome on how to diagnose. I've recreated the keys multiple
times to no avail.

Thank you.

*Larry G. Wapnitsky*

*E: la...@wapnitsky.com*
*Web: Larry.Wapnitsky.com <http://larry.wapnitsky.com/>*
Pdns-users mailing list

Reply via email to