On Sat, Jan 28, 2023 at 09:58:22AM -0500, Larry Wapnitsky via Pdns-users wrote:
> (domain names and keys changed in production from these values)
>
> I'm running the following:
>
> root@ns1:~# pdns_server --version
> Jan 28 09:54:21 PowerDNS Authoritative Server
> 4.8.0-alpha0.1002.master.g13427
Packet for 'mydomain.com' denied: Signature with TSIG key 'dhcpupdate' does
not match the expected algorithm (hmac-sha256 / hmac-md5.sig-alg.reg.int)
It appears from very light research (old-fashioned word for 'googling') that
opensense/pfsense used to support HMAC-MD5 only [1], and the above me
(domain names and keys changed in production from these values)
I'm running the following:
root@ns1:~# pdns_server --version
Jan 28 09:54:21 PowerDNS Authoritative Server
4.8.0-alpha0.1002.master.g13427ee56 (C) 2001-2022 PowerDNS.COM BV
Jan 28 09:54:21 Using 64-bits mode. Built using gcc 9.4.0 on