[yadifa-users] DDNS successful in spite of "TSIG error with server"

Jan-Piet Mens jpmens.dns at gmail.com
Tue Jul 10 09:24:15 CEST 2012


A dynamic update to Yadifa is successful, even though `nsupdate' replies
"; TSIG error with server: tsig verify failure"

        $ nsupdate -y 'hmac-md5:ytestkey:OKSjaL1x5sE=' <<EOF
        server 127.0.0.1 5353
        zone example.net.
        update add foo.example.net. 60 TXT "Hi Yadifa"
        send
        EOF
        ; TSIG error with server: tsig verify failure

        $ dig -p 5353 @127.0.0.1 foo.example.net any
        ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19170
        ;; flags: qr aa rd; QUERY: 1, ANSWER: 4, AUTHORITY: 1, ADDITIONAL: 1
        ;; WARNING: recursion requested but not available

        ;; OPT PSEUDOSECTION:
        ; EDNS: version: 0, flags:; udp: 4096
        ;; QUESTION SECTION:
        ;foo.example.net.               IN      ANY

        ;; ANSWER SECTION:
        foo.example.net.        60      IN      TXT     "Hi Yadifa"
        foo.example.net.        60      IN      A       1.1.1.1
        foo.example.net.        60      IN      A       1.1.1.2
        foo.example.net.        60      IN      A       1.1.1.4

        ;; AUTHORITY SECTION:
        example.net.            60      IN      NS      localhost.

Server config:

        <main>
                server-port 5353
                listen	192.168.1.10, 127.0.0.1 port 5353
                uid 501
                daemonize false
                allow-query any
        </main>

        # 	dnssec-keygen -a HMAC-MD5 -b 64 -n HOST ytestkey
        <key>
                name ytestkey
                algorithm hmac-md5
                secret OKSjaL1x5sE=
        </key>

        <acl>
                updaters	key ytestkey
                myhosts		192.168.1.0/24;127.0.0.1/32;::1
        </acl>

        <zone>
                domain example.net
                file masters/example.net
                type master
                allow-transfer	myhosts
                allow-update	updaters
        </zone>

Regards,

        -JP



More information about the yadifa-users mailing list