I changed our tsig key and broke the world. Actually, the DNS's
are happy. DHCP appears to be happy, but I am generating bad
keys.
I wrote a script as follows:
#! /bin/sh
/usr/local/sbin/dnssec-keygen -a hmac-md5 -b 512 -n HOST keyname
It produced a beautiful-looking key that bind was happy with in
named.conf. Rndc worked after changing it there so I installed
it in our production DNS's.
Then the fun started. I put it in dhcpd and it broke
because there was at least one blank in the string.
After googling a bit, I used all after the blank. This
made bind happy, still and dhcp worked but the original key no
longer works so we can't do any manual dynamic updates until I
install a key that actually works.
Everything I read says to generate the key in pretty
much this manner so how can I get one that works everywhere
without white spaces that will blow up dhcpd?
I guess I was lucky before that there wre no spaces in the
previous key.
Thanks for any help.
Martin McCormick WB5AGZ Stillwater, OK
Systems Engineer
OSU Information Technology Department Telecommunications Services Group
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
