Hello there,
I've recently updated my PDNS Authoritative from 4.6.4 to 4.7.3 and I've
noticed my dynamic DNS updates has broken.
Just to make an example:
1. create a new zone (aka: 123.com)
2. set meta-data for that zone allowing update for specific IP, key
name, alghorithm
3. send an nsupdate command
(you can follow offical documentation to do that:
https://doc.powerdns.com/authoritative/dnsupdate.html#per-zone-settings)
when I try to update that zone through nsupdate from an allowed IP,
using correct tsig-key name + password it throws an error:
META values for 123.com
root@ns1:~# pdnsutil get-meta 123.com
Dec 15 10:31:36 [bindbackend] Parsing 0 domain(s), will report when done
Dec 15 10:31:36 [bindbackend] Done parsing domains, 0 rejected, 0 new,
0 removed
Metadata for '123.com'
ALLOW-DNSUPDATE-FROM = X.X.X.X/32 *<-- My allowed IP to set dyndns
update through RFC2136*
SOA-EDIT-API = DEFAULT
TSIG-ALLOW-DNSUPDATE = 123-test *<-- KEY NAME*
root@ns1:~# pdnsutil list-tsig-keys
Dec 15 10:31:50 [bindbackend] Parsing 0 domain(s), will report when done
Dec 15 10:31:50 [bindbackend] Done parsing domains, 0 rejected, 0 new,
0 removed
123-test. hmac-md5. '*1Q7VGkGcK6p46S0OVG2K5cm2DWUFQXEqP12pDjuLbJk=*'
<-- *KEY PASSWORD*
command sent:
nsupdate <<!
server */<MY DNS REMOTE SERVER>/* 53
zone 123.com
update add test1.123.com 3600 TXT "this is a test"
key hmac-md5:123-test 1Q7VGkGcK6p46S0OVG2K5cm2DWUFQXEqP12pDjuLbJk=
send
!
Result:
Dec 15 10:23:26 ns1 pdns_server[3782843]: Packet for '123.com' denied:
Signature with TSIG key '123-test' failed to validate
Dec 15 10:24:05 ns1 pdns_server[3782843]: Packet for '123.com' denied:
Signature with TSIG key '123-test' failed to validate
Is this a bug? Have I to write down a ticket on github about this?
Kind regards,
Andrea
_______________________________________________
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users
