From owner-freebsd-questions@FreeBSD.ORG Sat Jun 12 22:30:33 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F05CF16A523 for ; Sat, 12 Jun 2004 22:30:32 +0000 (GMT) Received: from typhoon.enabled.com (typhoon.enabled.com [216.218.220.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id AA13243D55 for ; Sat, 12 Jun 2004 22:30:27 +0000 (GMT) (envelope-from admin2@enabled.com) Received: from enabled.com (localhost.enabled.com [127.0.0.1]) by typhoon.enabled.com (8.12.11/8.12.11) with ESMTP id i5CMU1ur032162 for ; Sat, 12 Jun 2004 15:30:01 -0700 (PDT) (envelope-from admin2@enabled.com) From: "Noah" To: freebsd-questions@freebsd.org Date: Sat, 12 Jun 2004 14:30:01 -0800 Message-Id: <20040612221029.M93390@enabled.com> X-Mailer: Open WebMail 2.32 20040525 X-OriginatingIP: 64.121.33.4 (admin2) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Subject: dynamic DNS issues - invalid TSIG key X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 12 Jun 2004 22:30:33 -0000 FreeBSD-4.9-STABLE bind-9.2.3 okay I am trying to set up dynamic DNS to bind on a FreeBSD box. I have admin on both client and server side. the client is a redhat-8.0 machine with ISC DHCP installed. right now the client side is complaining of an invalid TSIG key. The keys are cut and Pasted and fomatted properly in each configuration file. so I am at a loss as to what to check next. I have attached the error message. I changed the hostnames and IP addresses to protect the inocent - <> are added to clarify what I did. --- snip --- Jun 12 14:45:44 dhclient: if IN A . rrset doesn't exist add 3600 IN A . <10.2.1.1> add 3600 IN TXT . "": invalid TSIG key. --- snip --- I am following the forwarding tutorial at: http://ops.ietf.org/dns/dynupd/secure-ddns-howto.html#forward so the configuration on the client side looks like this - --- /etc/dhclient-eth0.conf ---- send fqdn.fqdn "."; send fqdn.encoded on; send fqdn.server-update off; key . { algorithm HMAC-MD5; secret ""; } zone { key "."; } interface "eth0" { send host-name ""; send dhcp-client-identifier ; send dhcp-lease-time 3600; prepend domain-name-servers 127.0.0.1; request subnet-mask, broadcast-address, time-offset, routers, domain-name, domain-name-servers, host-name; require subnet-mask, domain-name-servers; script "/sbin/dhclient-script"; } --- /etc/dhclient-eth0.conf ---- and here are the modfifications on the server side. just the snippets that are relevant to this configuration. the file is fairly large. --- /etc/namedb/named.conf ---- key . { algorithm HMAC-MD5; secret ""; }; ... zone "" in { type master; file "zones/"; allow-transfer { 64.121.33.4; 216.218.220.21; }; allow-query { any; }; allow-update { none; }; notify yes; update-policy { grant . name . A TXT; grant . name . A TXT; grant * self * A TXT; }; }; --- /etc/namedb/named.conf --- clues please? cheers, Noah