[knot-dns-users] DDNS with python

Ulrich Wisser ulrich at wisser.se
Mon Oct 5 23:18:52 CEST 2015

Updating through knsupdate is no problem at all. With knsupdate I can
actually update bind9 and knot. The problem is with the script somehow
working for bind and not working for knot.

knsupdate -y hmac-sha256:example.com.:SECRET

server bad::dad

zone example.com

del ddns.example.com. 300 IN A


server dead::beef

zone example.com

del ddns.example.com. 300 IN A


Does update bind9 and knot. My knot version is 2.1.0-dev

My knot.conf


    # Log info and more serious events to syslog.

  - target: syslog

    any: debug


  - id: example.com.

    algorithm: hmac-sha256

    secret: SECRET


  - id: nsupdate_acl

    key: example.com.

    action: update


  - id: default

    storage: /var/lib/knot

    semantic-checks: on

    dnssec-signing: on

    kasp-db: /var/lib/knot/kasp


  - domain: example.com

    file: "example.com.zone"

    acl: [nsupdate_acl]

Andrew Stevenson <andrew at ugh.net.au> schrieb am Mo., 5. Okt. 2015 um
22:09 Uhr:

> On 05 Oct 2015, at 21:29, Ulrich Wisser <ulrich at wisser.se> wrote:
> The attached script does update my bind9 instance but reports SERVFAIL for
> Knot.
> That would point towards your knot config. Perhaps if you share it (sans
> keys of course) someone might spot something.
> I have DDNS working with knot v1 so I can compare configs if you happen to
> still be on v1. I also posted something a few months back about the
> problems I was having and what I did to get it going which may help. I
> don’t know how much this applies to v2 as I haven’t got there yet.
> I am sending updates by calling knsupdate from a shell script.
> Andrew
Ulrich Wisser
ulrich at wisser.se
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nic.cz/pipermail/knot-dns-users/attachments/20151005/cba2817e/attachment.html>

More information about the knot-dns-users mailing list