Re: [Pdns-users] DDNS with TSIG not working, need assistance
On Mon, Nov 14, 2016 at 05:19:20AM -0800, MRob wrote: > On 2016-11-13 21:21, Aki Tuomi wrote: > >On Sun, Nov 13, 2016 at 05:56:50PM -0800, mro...@insiberia.net wrote: > >>I'm having a hard time knowing how to debug this message: > >> > >>Packet for domain 'local.' denied: can't find TSIG key with name > >>'tsig.key.local.' and algorithm 'hmac-sha512.' > >> > >>Is that a small bug that is reporting the algorithm with a dot at > >>the end? Or is it my problem? I double-checked that the algorithm is > >>not being specified with a dot on either side, so if that's the > >>problem, I don't know how to fix it. > >> > >>I have a single TSIG entry: > >>id | name| algorithm | secret > >>1 | tsig.key.local. | hmac-sha512 | x > >> > > > >Silly thing but the algorithm is actually a DNSName too, so it needs to > >be hmac-sha512. with a dot. > > I see. That's a bit confusing and it is probably important to make > clear that this does not mean one's configuration should be set to > "hmac-sha512." - only that this is how it gets used internally and > presented in the logs. > > > My problem turned out to be there also should not have been a > trailing dot in the name field. > Yes. I forgot gSQL handles dots like that. > > Though now I am experiencing > > Failed PreRequisites check, returning 6 > Your DNS update package contains requirement that the value does not exist. > Can anyone point me in the right direction? > > After the update processing is authenticated, only one query happens: > > SELECT content,ttl,prio,type,domain_id,disabled,name,auth FROM > records WHERE disabled=0 and name=? > > The server seems to be handling an add request - does it expect to > find no rows returned from that query? If so, is there any > configuration that ensures existing records are purged before adding > the new one? > > Thank you for the response ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] DDNS with TSIG not working, need assistance
On 2016-11-13 21:21, Aki Tuomi wrote: On Sun, Nov 13, 2016 at 05:56:50PM -0800, mro...@insiberia.net wrote: I'm having a hard time knowing how to debug this message: Packet for domain 'local.' denied: can't find TSIG key with name 'tsig.key.local.' and algorithm 'hmac-sha512.' Is that a small bug that is reporting the algorithm with a dot at the end? Or is it my problem? I double-checked that the algorithm is not being specified with a dot on either side, so if that's the problem, I don't know how to fix it. I have a single TSIG entry: id | name| algorithm | secret 1 | tsig.key.local. | hmac-sha512 | x Silly thing but the algorithm is actually a DNSName too, so it needs to be hmac-sha512. with a dot. I see. That's a bit confusing and it is probably important to make clear that this does not mean one's configuration should be set to "hmac-sha512." - only that this is how it gets used internally and presented in the logs. My problem turned out to be there also should not have been a trailing dot in the name field. Though now I am experiencing Failed PreRequisites check, returning 6 Can anyone point me in the right direction? After the update processing is authenticated, only one query happens: SELECT content,ttl,prio,type,domain_id,disabled,name,auth FROM records WHERE disabled=0 and name=? The server seems to be handling an add request - does it expect to find no rows returned from that query? If so, is there any configuration that ensures existing records are purged before adding the new one? Thank you for the response ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] DDNS with TSIG not working, need assistance
On Sun, Nov 13, 2016 at 05:56:50PM -0800, mro...@insiberia.net wrote: > I'm having a hard time knowing how to debug this message: > > Packet for domain 'local.' denied: can't find TSIG key with name > 'tsig.key.local.' and algorithm 'hmac-sha512.' > > Is that a small bug that is reporting the algorithm with a dot at > the end? Or is it my problem? I double-checked that the algorithm is > not being specified with a dot on either side, so if that's the > problem, I don't know how to fix it. > > I have a single TSIG entry: > id | name| algorithm | secret > 1 | tsig.key.local. | hmac-sha512 | x > Silly thing but the algorithm is actually a DNSName too, so it needs to be hmac-sha512. with a dot. Aki ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users