Hi Francis,
Thanks so much. The hint to check on the wire was helpful. As a network
engineer I could have figured this out myself… sometimes it needs an extra
pointer... :)
Anyway, turns out Kea is picking the key correctly, but Bind was not finding
the key and thus was unable to verify.
BADKEY in general is related to a configuration error. I recommend to
look at messages on the wire to understand if the error is on the
bind/server side or Kea side.
In the case the error is on the Kea side the BADKEY error when verifying
a signed response is a key name mismatch i.e. the
Hi all,
I am using Kea as DHCP server and Bind as DNS server. The DDNS setup itself
works great, but as soon as I add a TSIG key it doesn’t work anymore. Bind
complains about wrong signature, Kea logs don’t show anything about TSIG.
Config is as follows:
--- Kea ---
{
"DhcpDdns": {