On Sat, Jan 28, 2023 at 09:58:22AM -0500, Larry Wapnitsky via Pdns-users wrote:
> (domain names and keys changed in production from these values) > > I'm running the following: > > root@ns1:~# pdns_server --version > Jan 28 09:54:21 PowerDNS Authoritative Server > 4.8.0-alpha0.1002.master.g13427ee56 (C) 2001-2022 PowerDNS.COM BV > Jan 28 09:54:21 Using 64-bits mode. Built using gcc 9.4.0 on Jan 18 2023 > 12:08:28 by root@4f762a9684f6. > > I was able (until yesterday) to update DNS entries using RFC2136, but am > now receiving the following error: > > Packet for 'mydomain.com' denied: Signature with TSIG key 'dhcpupdate' does > not match the expected algorithm (hmac-sha256 / hmac-md5.sig-alg.reg.int) > > My TSIG key is set as follows: > > root@ns1:~# pdnsutil generate-tsig-key dhcpupdate hmac-sha256Create new > TSIG key dhcpupdate hmac-sha256 > W/ThmvveOYiOKDiMA/tphcm0bu+XsdHxmIPa5anY+U8NO94n8j5I7L7rTfrlTE7NRhTrbeRJ2f7s0oTiwWc9BA== > > and the configuration in my RFC2136 client (opnsense) is: > > [image: 2023-01-28_09-57.png] > > Advice is very welcome on how to diagnose. I've recreated the keys multiple > times to no avail. > > Thank you. > > *Larry G. Wapnitsky* > > > *E: la...@wapnitsky.com* > *Web: Larry.Wapnitsky.com <http://larry.wapnitsky.com/>* If it worked before yesterday, it would be very good to know what changed: - the auth server software version? What version were your running before? - the RFC2136 client? Same question. -Otto _______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
