Hi Mark, > Jun 1 20:19:34 rpz0 named[30999]: client 127.0.0.1#64585/key > dns-update: signer "dns-update" denied > Jun 1 20:19:34 rpz0 named[30999]: client 127.0.0.1#64585/key > dns-update: update 'test.rpz/IN' denied > > What am I missing here?
Interesting, you do not seem to be missing anything: this works as expected for me (i.e. the update is allowed) on a fresh Debian 9 VM. AFAICT without looking at your entire configuration, in order for both of the log messages you quoted to be generated, named would need to recognize the key used for signing the request (otherwise you would get a BADKEY response), but not allow it to update the relevant zone. Perhaps a long shot, but is there any chance there are non-ASCII characters in your configuration file, like some Unicode variant of the hyphen character (‐, ‑, ‒, etc.)? If not, could you please bump the debug level to at least 3, retry, and paste the log messages generated? Please also feel free to open an issue at https://gitlab.isc.org. -- Best regards, Michał Kępień _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
