tl;dr: I've searched the Internets a lot these past days, but weren't
able to find a way to make kdig and knsupdate work with keys. How is
this handled?
Hello knot people,
I've got a problem with kdig and knsupdate, specifically using the -k
parameter.
I'm using:
- Debian 8.5
- dnssec-tools 2.2-2 (out of stretch)
- knot-dnsutils 2.2.0-2~bpo80+1 (out of j-bp)
- dnsutils 1:9.9.5.dfsg-9+deb8u6 (out of jessie)
I'm creating the key with:
# dnssec-keygen -a HMAC-MD5 -b 256 -n HOST -C host.example.com
which gives:
# cat Khost.example.com.+157+11483.*
host.example.com. IN KEY 512 3 157
42eRdcSUtT2opnOPVaGY9nEPsryde7snDaKLOPSjI9I=
Private-key-format: v1.2
Algorithm: 157 (HMAC_MD5)
Key: 42eRdcSUtT2opnOPVaGY9nEPsryde7snDaKLOPSjI9I=
Bits: AAA=
Doing then:
# knsupdate -d -k Khost.example.com.+157+11483.
which gives:
;; ERROR: failed to parse keyfile 'Khost.example.com.+157+11483.'
;; DEBUG: srv_info_free: null parameter
I've found [1], and indeed, I'm running into the mentioned error if
using knot-dnsutils 1.6.0-1 out of jessie. Besides this, I wasn't able
to find anything useful.
But, doing this:
# knsupdate -y hmac-md5:host.example.com:42eRdcSUtT2opnOPVaGY9nEPsryde7snDaKLOPSjI9I=
works, the same as nsupdate does:
# nsupdate -k Khost.example.com.+157+11483.
Could someone shed some light on what I'm doing wrong?
Any help appreciated...
Thanks in advance and for your work on knot!
All the best,
Georg
[1] https://lists.nic.cz/pipermail/knot-dns-users/2015-February/000579.html
_______________________________________________
knot-dns-users mailing list
knot-dns-users@lists.nic.cz
https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-dns-users