Actions
Correction #10593
closed
Feedback on Third Party Software and pfSense — Configure BIND as an RFC 2136 Dynamic DNS Server
Start date:
05/25/2020
Due date:
% Done:
0%
Estimated time:
Description
Page: https://docs.netgate.com/pfsense/en/latest/book/thirdparty/configure-bind-for-rfc2136.html
Feedback:
using of dnssec-keygen to generate HMAC keys is not possible in the current pfSense bind version:
dnssec-keygen -K /etc/namedb/keys -a HMAC-MD5 -b 128 -n HOST myhost.dyn.example.com. dnssec-keygen: fatal: unknown algorithm HMAC-MD5
correct command:
tsig-keygen -a hmac-sha512 myhost.dyn.example.com
see https://gitlab.isc.org/isc-projects/bind9/commit/21761bfe799c8f298e3ce26285426b9a30473e6d?view=parallel:
The use of dnssec-keygen to generate HMAC keys is
deprecated in favor of tsig-keygen. dnssec-keygen
will print a warning when used for this purpose.
All HMAC algorithms will be removed from
dnssec-keygen in a future release. [RT #42272]
Updated by Viktor Gurov almost 4 years ago
https://ftp.isc.org/isc/bind9/cur/9.16/CHANGES:
4868. [func] dnssec-keygen can no longer generate HMAC keys.
Use tsig-keygen instead. [RT #46404]
https://gitlab.netgate.com/docs/pfSense-book/-/merge_requests/4
Updated by Jared Dillard almost 4 years ago
- Status changed from New to Closed
Thanks! This has been merged.
Actions