Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

RFC2136 NSUPDATE support algo:name secret instead of algo: secret #464

Open
vg opened this issue Jun 7, 2020 · 2 comments
Open

RFC2136 NSUPDATE support algo:name secret instead of algo: secret #464

vg opened this issue Jun 7, 2020 · 2 comments

Comments

@vg
Copy link

vg commented Jun 7, 2020

Example

nsupdate <<EOF
  server ns1.dynv6.com
  zone yourhost.dynv6.com
  update delete yourhost.dynv6.com A
  update add yourhost.dynv6.com 60 A 127.0.0.1
  update delete yourhost.dynv6.com AAAA
  update add yourhost.dynv6.com 60 AAAA ::1
  key hmac-sha256:_123._tsig.dynv6.com YourSHAREDsecret==
  send
EOF

instead of

key hmac-sha256: YourSHAREDsecret==
@ThomasWaldmann
Copy link
Member

This issue tracker is about https://nsupdate.info/ software, not about the nsupdate commandline tool.

@vg
Copy link
Author

vg commented Jun 7, 2020

@ThomasWaldmann My request was for https://nsupdate.info/ not nsupdate command.
Apart from the Nameserver update algorithm and Nameserver update secret, need an option to provide something like _123._tsig.dynv6.com to an external auth dns server.

Nameserver update algorithm
HMAC_SHA512 is fine for bind9 (you can change this later, if needed)

Nameserver update secret
Shared secret that allows updating this zone (base64 encoded)

@ThomasWaldmann ThomasWaldmann reopened this Jun 7, 2020
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@vg @ThomasWaldmann