Dear Greg,
Dear Mark,
Once more thank you for your replies. Please see highlighted words below.
I confirm that 172.16.0.254 is the dns authoritative server.
'pc1' means 'a generic computer on a local area network'. It could be a web
server, a file server, a mail server. For a small
Michel Diemer via bind-users wrote:
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
This response message has the QR flag, the AA flag and the RD flag
turned on. The message contains 1 copy of the query, 0 answers to the
query, 1 reference to an authoritative nameserver
I'm running v9.16.42.
I have defined a key in named.conf:
|key "acme-dns01" { algorithm hmac-sha256; secret
"+m8fujTWD3qb0LkJFP7HPCZAbLlWBMtwtbNPEkvAt7E="; };|
This has worked:
|$ rndc tsig-list view "Default"; type "static"; key "acme-dns01"; view
"Default"; type "static"; key
Hi again.
Please start a packet capture on the auth server. This should do it:
sudo tcpdump -nvi any -c 1 -w mydns.pcap port 53
Then from pc1, please do these and copy/paste text output, not screenshots:
dig @172.16.0.254 pc1.reseau1.lan NS +norecurse
dig @172.16.0.254 pc1.reseau1.lan SOA
Thanks a lot! I spent almost a day on testing different configurations
and key names (examples often use fqdns for the key names and I thought
this might be the cause of the problem).
I suppose I would eventually have found out about this if the response
had been BADSIG (as decribed here
On 17/01/2024 18:18, Michael Lipp wrote:
Hi Michael,
I have defined a key in named.conf:
|key "acme-dns01" { algorithm hmac-sha256; secret
"+m8fujTWD3qb0LkJFP7HPCZAbLlWBMtwtbNPEkvAt7E="; };|
Your key algorithm is hmac-sha256, but see below...
[snip]
I'm using the key in a |grant| (but
Dear Greg,
Björn Persson gave a reply with seems satisfying.
With dig +norecurse I always get "AUTHORITY: 1".
For the sake of comprehensiveness, please find attached the files you asked for.
De : "Greg Choules"
A : pub.dieme...@laposte.net,ma...@isc.org,bind-users@lists.isc.org
7 matches
Mail list logo
