[Pdns-users] DDNS with TSIG not working, need assistance

mrobti at insiberia.net mrobti at insiberia.net
Mon Nov 14 01:56:50 UTC 2016


I'm having a hard time knowing how to debug this message:

Packet for domain 'local.' denied: can't find TSIG key with name 
'tsig.key.local.' and algorithm 'hmac-sha512.'

Is that a small bug that is reporting the algorithm with a dot at the 
end? Or is it my problem? I double-checked that the algorithm is not 
being specified with a dot on either side, so if that's the problem, I 
don't know how to fix it.

I have a single TSIG entry:
id | name            | algorithm   | secret
1  | tsig.key.local. | hmac-sha512 | xxxxxxxxx....

And one domain meta-data entry:
id | domain_id | kind                 | content
1  | 1         | TSIG-ALLOW-DNSUPDATE | tsig.key.local.

(and only one domain being served DNS)

With debugging I only get a little more:

pdns[1982]: Remote 192.168.1.1 wants 'local.|SOA', do = 0, bufsize = 
512: packetcache MISS

pdns[1982]: Query: select algorithm, secret from tsigkeys where name=?

pdns[1982]: Packet for domain 'local.' denied: can't find TSIG key with 
name 'tsig.key.local.' and algorithm 'hmac-sha512.'

pdns[1982]: Received a TSIG signed message with a non-validating key

I can't seem to get MySQL logging to show the variable substitutions for 
prepared queries, so I don't know if the query arguments are incorrect 
or if the data being returned is not what PDNS is expecting?

How can I proceed?




More information about the Pdns-users mailing list