On 04/27/11 07:52, Martin McCormick wrote: > I changed our tsig key and broke the world. Actually, the DNS's > are happy. DHCP appears to be happy, but I am generating bad > keys. > > I wrote a script as follows: > > #! /bin/sh > /usr/local/sbin/dnssec-keygen -a hmac-md5 -b 512 -n HOST keyname > > It produced a beautiful-looking key that bind was happy with in > named.conf. Rndc worked after changing it there so I installed > it in our production DNS's. > > Then the fun started. I put it in dhcpd and it broke > because there was at least one blank in the string. > > After googling a bit, I used all after the blank. This > made bind happy, still and dhcp worked but the original key no > longer works so we can't do any manual dynamic updates until I > install a key that actually works. > > Everything I read says to generate the key in pretty > much this manner so how can I get one that works everywhere > without white spaces that will blow up dhcpd? > > I guess I was lucky before that there wre no spaces in the > previous key.
Try deleting the space. Just this. dnssec-keygen inserts space for readability purposes only. If you still have original *.key and *.private files, you can check it yourself, that the Key field in *private contains exactly the same as *.key, minus the space. Torinthiel
signature.asc
Description: OpenPGP digital signature
_______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
