BIND 9.11.2, named-checkconf barfs on cookie-secret

Ingeborg Hellemo Wed, 03 Jan 2018 04:49:31 -0800

I want to upgrade to BIND 9.11.2

I have an anycast cluster and want to pre-set the server cookie string with 
option cookie-secret.


My problem is that named-checkconf complains over the length of the 
cookie-secret regardless how I set  cookie-secret and cookie-algorithm:

options {
...
        cookie-secret "b603f51bdd19cd343da445d207b728e1";
};

~/#named-checkconf /etc/namedb/named.conf
/etc/namedb/named.conf:33: SHA1 cookie-secret must be on 160 bits
/etc/namedb/named.conf:33: SHA256 cookie-secret must be on 256 bits

If I change to

options {
...
        cookie-algorithm sha256;
        cookie-secret "f974e9f8435c7b3da20940e3b073b1800b8d3637425ac743f21a3b57
561c552a";
};

~/#named-checkconf /etc/namedb/named.conf
/etc/namedb/named.conf:34: AES cookie-secret must be on 128 bits
/etc/namedb/named.conf:34: SHA1 cookie-secret must be on 160 bits


~/#named-checkconf -v
9.11.2



What am I missing?  Bug in named-checkconf?



--Ingeborg

-- 
Ingeborg Østrem Hellemo  --  ingeborg.hell...@uit.no
Dep. of Information Technology  ---  Univ. of Tromsø


_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

BIND 9.11.2, named-checkconf barfs on cookie-secret

Reply via email to