Re: [SLUG] DHCP -> DDNS not updating

Wed, 16 Feb 2011 21:38:04 -0800 

 John,
'domain1.com' is obfuscated from the real value. But rest assured I am being painstakingly anal in ensuring the values are the same including the 'key name' in named and dhcpd being exactly the same as used in the dnssec-keygen command. 


transcript of interaction.  Long story short, the error is 'NOTAUTH'. 
And the result is the same no matter whether I use the .private or .key 
files.


[root@server3 etc]# rndc status
number of zones: 8
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/1000
tcp clients: 0/100
server is up and running
[root@server3 etc]# rndc reload
server reload successful
[root@server3 etc]# nsupdate -d -k Kdomain1.com.+157+63230.private
Creating key...
> server 127.0.0.1
> zone domain1.com
> update add client1.domain1.com 86400 A 192.168.1.100
> send
Sending update to 127.0.0.1#53
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:   2442
;; flags: ; ZONE: 1, PREREQ: 0, UPDATE: 1, ADDITIONAL: 1
;; ZONE SECTION:
;domain1.com.            IN    SOA

;; UPDATE SECTION:
client1.domain1.com.    86400    IN    A    192.168.1.100

;; TSIG PSEUDOSECTION:

domain1.com.        0    ANY    TSIG    hmac-md5.sig-alg.reg.int. 
1297920682 300 16 <someSecretHere> 2442 NOERROR 0



Reply from update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOTAUTH, id:   2442
;; flags: qr ra ; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 1
;; TSIG PSEUDOSECTION:

domain1.com.        0    ANY    TSIG    hmac-md5.sig-alg.reg.int. 
1297920682 300 16 <anotherSecretHere> 2442 NOERROR 0



> quit



------------------------------------------------------------------------
Kind Regards

Kyle


On 17/02/11 3:42 PM, John Clarke wrote:

On Thu, Feb 17, 2011 at 02:48:45PM +1100, Kyle wrote:

What name did you give the key when you created it with dnssec-keygen?
Was it "domain1.com"?  Is that what name you passed to nsupdate (in the
argument to -y)?

Do you still have the keyfiles generated by dnssec-keygen?  Does
nsupdate work if you use -k instead of -y to pass the key?

Does "rndc status" work?  "rndc reload"?


--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html


























					Reply via email to